CVE-2021-23414
This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.
Date published : 2021-07-28
https://github.com/videojs/video.js/commit/b3acf663641fca0f7a966525a72845af7ec5fab2