cbcvebase.

Sebhildebrandt Systeminformation vulnerabilities

11 known vulnerabilities affecting sebhildebrandt/systeminformation.

Total CVEs
11
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL4HIGH7

Vulnerabilities

Page 1 of 1
CVE-2021-21315P1HIGHCVSS 7.8KEVPoCfixed in 5.3.12021-02-16
CVE-2021-21315 [HIGH] CWE-78 CVE-2021-21315: The System Information Library for Node.JS (npm package "systeminformation") is an open source colle The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check
nvd
CVE-2025-68154P2HIGHCVSS 8.1fixed in 5.27.142025-12-16
CVE-2025-68154 [HIGH] CWE-78 CVE-2025-68154: systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSize()` function in systeminformation is vulnerable to OS command injection on Windows systems. The optional `drive` parameter is directly concatenated into a PowerShell command without sanitization, allowing arbitrary command execution when user-c
nvd
CVE-2023-42810P3CRITICALCVSS 9.8v>= 5.0.0, < 5.21.72023-09-21
CVE-2023-42810 [CRITICAL] CWE-77 CVE-2023-42810: systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to `wifiConnections()`, `wifiNetworks()` (string only).
nvd
CVE-2020-26274P3HIGHCVSS 8.8fixed in 4.31.12020-12-16
CVE-2020-26274 [HIGH] CWE-78 CVE-2020-26274: In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability. In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix.
nvd
CVE-2021-21388P3CRITICALCVSS 9.8fixed in 5.6.42021-04-29
CVE-2021-21388 [CRITICAL] CWE-20 CVE-2021-21388: systeminformation is an open source system and OS information library for node.js. A command injecti systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version >= 5.6.4. If you cannot upgrade, be sure to check or sanitize service param
nvd
CVE-2020-26245P3CRITICALCVSS 9.8fixed in 4.30.52020-11-27
CVE-2020-26245 [CRITICAL] CWE-78 CVE-2020-26245: npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to s
nvd
CVE-2020-26300P3CRITICALCVSS 9.8fixed in 4.26.22021-09-09
CVE-2020-26300 [CRITICAL] CWE-77 CVE-2020-26300: systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix.
nvd
CVE-2026-26318P3HIGHCVSS 8.8fixed in 5.31.02026-02-19
CVE-2026-26318 [HIGH] CWE-78 CVE-2026-26318: systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are v systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized `locate` output in `versions()`. Version 5.31.0 fixes the issue.
nvd
CVE-2026-26280P3HIGHCVSS 7.8fixed in 5.30.82026-02-19
CVE-2026-26280 [HIGH] CWE-78 CVE-2026-26280: systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the `wifiNetworks()` function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In `lib/wifi.js`, the `wifiNetworks()` function sanitizes the `if
nvd
CVE-2026-44724P3HIGHCVSS 7.8v>= 4.17.0, < 5.31.62026-05-27
CVE-2026-44724 [HIGH] CWE-78 CVE-2026-44724: systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linu systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces() when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained internally from real nmcli device status output. The libr
nvd
CVE-2024-56334P3HIGHCVSS 7.8fixed in 5.23.72024-12-20
CVE-2024-56334 [HIGH] CWE-94 CVE-2024-56334: systeminformation is a System and OS information library for node.js. In affected versions SSIDs are systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the `getWindowsIEEE8021x` function. This means that malicious content in the SSID can be executed as OS commands. This vulnerability may enable an attacker, depending on how the pack
nvd
Sebhildebrandt Systeminformation vulnerabilities | cvebase