There is a stored Cross-Site Scripting vulnerability in Open Graph meta properties read by the metascrape npm module <= 3.9.2.
metascrape