vulcanjs/vulcan < 0.14.3 - Exposure of Sensitive Information via WebSocket Messages
TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack.