Sebhildebrandt Systeminformation vulnerabilities
10 known vulnerabilities affecting sebhildebrandt/systeminformation.
Total CVEs
10
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL4HIGH6
Vulnerabilities
Page 1 of 1
CVE-2026-26318HIGHCVSS 8.8fixed in 5.31.02026-02-19
CVE-2026-26318 [HIGH] CWE-78 CVE-2026-26318: systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are v
systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized `locate` output in `versions()`. Version 5.31.0 fixes the issue.
cvelistv5nvd
CVE-2026-26280HIGHCVSS 7.8fixed in 5.30.82026-02-19
CVE-2026-26280 [HIGH] CWE-78 CVE-2026-26280: systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a
systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the `wifiNetworks()` function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In `lib/wifi.js`, the `wifiNetworks()` function sanitizes the `if
cvelistv5nvd
CVE-2025-68154HIGHCVSS 8.1fixed in 5.27.142025-12-16
CVE-2025-68154 [HIGH] CWE-78 CVE-2025-68154: systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14,
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSize()` function in systeminformation is vulnerable to OS command injection on Windows systems. The optional `drive` parameter is directly concatenated into a PowerShell command without sanitization, allowing arbitrary command execution when user-c
cvelistv5nvd
CVE-2024-56334HIGHCVSS 7.8fixed in 5.23.72024-12-20
CVE-2024-56334 [HIGH] CWE-94 CVE-2024-56334: systeminformation is a System and OS information library for node.js. In affected versions SSIDs are
systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the `getWindowsIEEE8021x` function. This means that malicious content in the SSID can be executed as OS commands. This vulnerability may enable an attacker, depending on how the pack
cvelistv5nvd
CVE-2023-42810CRITICALCVSS 9.8v>= 5.0.0, < 5.21.72023-09-21
CVE-2023-42810 [CRITICAL] CWE-77 CVE-2023-42810: systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a
systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to `wifiConnections()`, `wifiNetworks()` (string only).
cvelistv5nvd
CVE-2020-26300CRITICALCVSS 9.8fixed in 4.26.22021-09-09
CVE-2020-26300 [MEDIUM] CWE-77 CVE-2020-26300: systeminformation is an npm package that provides system and OS information library for node.js. In
systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix.
cvelistv5nvd
CVE-2021-21388CRITICALCVSS 9.8fixed in 5.6.42021-04-29
CVE-2021-21388 [HIGH] CWE-20 CVE-2021-21388: systeminformation is an open source system and OS information library for node.js. A command injecti
systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version >= 5.6.4. If you cannot upgrade, be sure to check or sanitize service parameter
cvelistv5nvd
CVE-2021-21315HIGHCVSS 7.8KEVPoCfixed in 5.3.12021-02-16
CVE-2021-21315 [HIGH] CWE-78 CVE-2021-21315: The System Information Library for Node.JS (npm package "systeminformation") is an open source colle
The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check
cvelistv5nvd
CVE-2020-26274HIGHCVSS 8.8fixed in 4.31.12020-12-16
CVE-2020-26274 [MEDIUM] CWE-78 CVE-2020-26274: In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability.
In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix.
cvelistv5nvd
CVE-2020-26245CRITICALCVSS 9.8fixed in 4.30.52020-11-27
CVE-2020-26245 [HIGH] CWE-78 CVE-2020-26245: npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.in
cvelistv5nvd