CVE-2019-5416

A path traversal vulnerability in localhost-now npm package version 1.0.2 allows the attackers to read content of arbitrary files on the remote server.
Source: NIST