systeminformation (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package systeminformation, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (13)
CVE-2023-42810 — CVSS 9.8 (critical): systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability…
CVE-2021-21388 — CVSS 8.9 (high): systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in…
CVE-2026-26318 — CVSS 8.8 (high): systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via…
CVE-2020-7752 — CVSS 8.8 (high): This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate…
CVE-2026-26280 — CVSS 8.4 (high): systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the…
CVE-2020-26245 — CVSS 8.1 (high): npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed…
CVE-2025-68154 — CVSS 8.1 (high): systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSize()` function in…
CVE-2024-56334 — CVSS 7.8 (high): systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are…
CVE-2026-44724 — CVSS 7.8 (high): systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to…
CVE-2020-7778 — CVSS 7.3 (high): This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can…
CVE-2020-26274 — CVSS 6.4 (medium): In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version…
CVE-2020-26300 — CVSS 5.9 (medium): systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2…