Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/systeminformation@3.51.0
Typenpm
Namespace
Namesysteminformation
Version3.51.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.27.14
Latest_non_vulnerable_version5.31.6
Affected_by_vulnerabilities
0
url VCID-297u-ugtg-bkdd
vulnerability_id VCID-297u-ugtg-bkdd
summary 
OS Command Injection
systeminformation suffers from a command injection vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26274
reference_id
reference_type
scores
0
value 0.01389
scoring_system epss
scoring_elements 0.80708
published_at 2026-06-05T12:55:00Z
1
value 0.01389
scoring_system epss
scoring_elements 0.80682
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26274
1
reference_url https://github.com/sebhildebrandt/systeminformation/commit/1faadcbf68f1b1fdd5eb2054f68fc932be32ac99
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sebhildebrandt/systeminformation/commit/1faadcbf68f1b1fdd5eb2054f68fc932be32ac99
2
reference_url https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-m57p-p67h-mq74
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-m57p-p67h-mq74
3
reference_url https://www.npmjs.com/advisories/1590
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1590
4
reference_url https://www.npmjs.com/package/systeminformation
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/systeminformation
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26274
reference_id CVE-2020-26274
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26274
fixed_packages
0
url pkg:npm/systeminformation@4.31.1
purl pkg:npm/systeminformation@4.31.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-99un-1enx-5uhv
1
vulnerability VCID-fen5-17u8-efbs
2
vulnerability VCID-us5p-3w2r-13e6
3
vulnerability VCID-wd8e-yyex-vqff
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/systeminformation@4.31.1
aliases CVE-2020-26274, GHSA-m57p-p67h-mq74
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-297u-ugtg-bkdd
1
url VCID-6t9m-cpgx-z3hb
vulnerability_id VCID-6t9m-cpgx-z3hb
summary 
OS Command Injection
npm package systeminformation is vulnerable to Prototype Pollution leading to Command Injection.If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to `si.inetChecksite().`
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26245
reference_id
reference_type
scores
0
value 0.0113
scoring_system epss
scoring_elements 0.78661
published_at 2026-06-04T12:55:00Z
1
value 0.0113
scoring_system epss
scoring_elements 0.78688
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26245
1
reference_url https://github.com/sebhildebrandt/systeminformation/commit/8113ff0e87b2f422a5756c48f1057575e73af016
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sebhildebrandt/systeminformation/commit/8113ff0e87b2f422a5756c48f1057575e73af016
2
reference_url https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-4v2w-h9jm-mqjg
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-4v2w-h9jm-mqjg
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26245
reference_id CVE-2020-26245
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26245
fixed_packages
0
url pkg:npm/systeminformation@4.30.5
purl pkg:npm/systeminformation@4.30.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-297u-ugtg-bkdd
1
vulnerability VCID-99un-1enx-5uhv
2
vulnerability VCID-fen5-17u8-efbs
3
vulnerability VCID-us5p-3w2r-13e6
4
vulnerability VCID-wd8e-yyex-vqff
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/systeminformation@4.30.5
aliases CVE-2020-26245, GHSA-4v2w-h9jm-mqjg
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6t9m-cpgx-z3hb
2
url VCID-99un-1enx-5uhv
vulnerability_id VCID-99un-1enx-5uhv
summary 
Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID)
The SSID is not sanitized when before it is passed as a parameter to cmd.exe in the `getWindowsIEEE8021x` function. This means that malicious content in the SSID can be executed as OS commands.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56334.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56334.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-56334
reference_id
reference_type
scores
0
value 0.04955
scoring_system epss
scoring_elements 0.8985
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-56334
2
reference_url https://github.com/sebhildebrandt/systeminformation
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sebhildebrandt/systeminformation
3
reference_url https://github.com/sebhildebrandt/systeminformation/commit/f7af0a67b78e7894335a6cad510566a25e06ae41
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-12-24T16:32:16Z/
url https://github.com/sebhildebrandt/systeminformation/commit/f7af0a67b78e7894335a6cad510566a25e06ae41
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2333587
reference_id 2333587
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2333587
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-56334
reference_id CVE-2024-56334
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-56334
6
reference_url https://github.com/advisories/GHSA-cvv5-9h9w-qp2m
reference_id GHSA-cvv5-9h9w-qp2m
reference_type
scores
url https://github.com/advisories/GHSA-cvv5-9h9w-qp2m
7
reference_url https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-cvv5-9h9w-qp2m
reference_id GHSA-cvv5-9h9w-qp2m
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-12-24T16:32:16Z/
url https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-cvv5-9h9w-qp2m
8
reference_url https://access.redhat.com/errata/RHSA-2025:3374
reference_id RHSA-2025:3374
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3374
fixed_packages
0
url pkg:npm/systeminformation@5.23.8
purl pkg:npm/systeminformation@5.23.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wd8e-yyex-vqff
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/systeminformation@5.23.8
1
url pkg:npm/systeminformation@5.23.7
purl pkg:npm/systeminformation@5.23.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/systeminformation@5.23.7
aliases CVE-2024-56334, GHSA-cvv5-9h9w-qp2m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-99un-1enx-5uhv
3
url VCID-axru-z7ku-nyh8
vulnerability_id VCID-axru-z7ku-nyh8
summary 
OS Command Injection
This affects the package systeminformation The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7778
reference_id
reference_type
scores
0
value 0.01103
scoring_system epss
scoring_elements 0.78413
published_at 2026-06-04T12:55:00Z
1
value 0.01103
scoring_system epss
scoring_elements 0.78441
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7778
1
reference_url https://gist.github.com/EffectRenan/b434438938eed0b21b376cedf5c81e80
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://gist.github.com/EffectRenan/b434438938eed0b21b376cedf5c81e80
2
reference_url https://github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.js
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.js
3
reference_url https://github.com/sebhildebrandt/systeminformation/commit/11103a447ab9550c25f1fbec7e6d903720b3fea8%23diff-970ae648187190f86bafc8f193b7538200eba164fad0674428b6487582c089cc
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sebhildebrandt/systeminformation/commit/11103a447ab9550c25f1fbec7e6d903720b3fea8%23diff-970ae648187190f86bafc8f193b7538200eba164fad0674428b6487582c089cc
4
reference_url https://github.com/sebhildebrandt/systeminformation/commit/73dce8d717ca9c3b7b0d0688254b8213b957f0fa%23diff-970ae648187190f86bafc8f193b7538200eba164fad0674428b6487582c089cc
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sebhildebrandt/systeminformation/commit/73dce8d717ca9c3b7b0d0688254b8213b957f0fa%23diff-970ae648187190f86bafc8f193b7538200eba164fad0674428b6487582c089cc
5
reference_url https://snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1043753
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1043753
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7778
reference_id CVE-2020-7778
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7778
7
reference_url https://github.com/advisories/GHSA-8j36-q8x7-pm6q
reference_id GHSA-8j36-q8x7-pm6q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8j36-q8x7-pm6q
fixed_packages
0
url pkg:npm/systeminformation@4.30.2
purl pkg:npm/systeminformation@4.30.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-297u-ugtg-bkdd
1
vulnerability VCID-6t9m-cpgx-z3hb
2
vulnerability VCID-99un-1enx-5uhv
3
vulnerability VCID-fen5-17u8-efbs
4
vulnerability VCID-us5p-3w2r-13e6
5
vulnerability VCID-wd8e-yyex-vqff
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/systeminformation@4.30.2
aliases CVE-2020-7778, GHSA-8j36-q8x7-pm6q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-axru-z7ku-nyh8
4
url VCID-c47r-q1dv-8qg7
vulnerability_id VCID-c47r-q1dv-8qg7
summary The systeminformation package is vulnerable to Command Injection. An attacker can concatenate the curl command's parameters to overwrite Javascript files and then execute any OS commands.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7752
reference_id
reference_type
scores
0
value 0.03143
scoring_system epss
scoring_elements 0.87149
published_at 2026-06-05T12:55:00Z
1
value 0.03143
scoring_system epss
scoring_elements 0.87127
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7752
1
reference_url https://github.com/sebhildebrandt/systeminformation
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sebhildebrandt/systeminformation
2
reference_url https://github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.js
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.js
3
reference_url https://github.com/sebhildebrandt/systeminformation/commit/931fecaec2c1a7dcc10457bb8cd552d08089da61
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sebhildebrandt/systeminformation/commit/931fecaec2c1a7dcc10457bb8cd552d08089da61
4
reference_url https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-94xh-2fmc-xf5j
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-94xh-2fmc-xf5j
5
reference_url https://snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1021909
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1021909
6
reference_url https://www.npmjs.com/package/systeminformation
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/systeminformation
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7752
reference_id CVE-2020-7752
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7752
8
reference_url https://github.com/advisories/GHSA-94xh-2fmc-xf5j
reference_id GHSA-94xh-2fmc-xf5j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-94xh-2fmc-xf5j
fixed_packages
0
url pkg:npm/systeminformation@4.27.11
purl pkg:npm/systeminformation@4.27.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-297u-ugtg-bkdd
1
vulnerability VCID-6t9m-cpgx-z3hb
2
vulnerability VCID-99un-1enx-5uhv
3
vulnerability VCID-axru-z7ku-nyh8
4
vulnerability VCID-fen5-17u8-efbs
5
vulnerability VCID-us5p-3w2r-13e6
6
vulnerability VCID-wd8e-yyex-vqff
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/systeminformation@4.27.11
aliases CVE-2020-7752, GHSA-94xh-2fmc-xf5j
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c47r-q1dv-8qg7
5
url VCID-f4e3-n5n3-fbah
vulnerability_id VCID-f4e3-n5n3-fbah
summary 
Command Injection
systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation there is a command injection vulnerability. Problem was fixed with a shell string sanitation fix.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26300
reference_id
reference_type
scores
0
value 0.01516
scoring_system epss
scoring_elements 0.81583
published_at 2026-06-05T12:55:00Z
1
value 0.01516
scoring_system epss
scoring_elements 0.81554
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26300
1
reference_url https://github.com/advisories/GHSA-fj59-f6c3-3vw4
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-fj59-f6c3-3vw4
2
reference_url https://github.com/sebhildebrandt/systeminformation
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sebhildebrandt/systeminformation
3
reference_url https://github.com/sebhildebrandt/systeminformation/commit/bad372e654cdd549e7d786acbba0035ded54c607
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sebhildebrandt/systeminformation/commit/bad372e654cdd549e7d786acbba0035ded54c607
4
reference_url https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-fj59-f6c3-3vw4
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-fj59-f6c3-3vw4
5
reference_url https://www.npmjs.com/package/systeminformation
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/systeminformation
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26300
reference_id CVE-2020-26300
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26300
fixed_packages
0
url pkg:npm/systeminformation@4.26.2
purl pkg:npm/systeminformation@4.26.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-297u-ugtg-bkdd
1
vulnerability VCID-6t9m-cpgx-z3hb
2
vulnerability VCID-99un-1enx-5uhv
3
vulnerability VCID-axru-z7ku-nyh8
4
vulnerability VCID-c47r-q1dv-8qg7
5
vulnerability VCID-fen5-17u8-efbs
6
vulnerability VCID-us5p-3w2r-13e6
7
vulnerability VCID-wd8e-yyex-vqff
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/systeminformation@4.26.2
aliases CVE-2020-26300, GHSA-fj59-f6c3-3vw4
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f4e3-n5n3-fbah
6
url VCID-fen5-17u8-efbs
vulnerability_id VCID-fen5-17u8-efbs
summary 
OS Command Injection
systeminformation is an open source system and OS information library for node.Please upgrade to If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() and other commands. Only allow strings, reject any arrays. String sanitation works as expected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21388
reference_id
reference_type
scores
0
value 0.00617
scoring_system epss
scoring_elements 0.70362
published_at 2026-06-05T12:55:00Z
1
value 0.00617
scoring_system epss
scoring_elements 0.7032
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21388
1
reference_url https://github.com/sebhildebrandt/systeminformation/commit/01ef56cd5824ed6da1c11b37013a027fdef67524
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sebhildebrandt/systeminformation/commit/01ef56cd5824ed6da1c11b37013a027fdef67524
2
reference_url https://github.com/sebhildebrandt/systeminformation/commit/0be6fcd575c05687d1076d5cd6d75af2ebae5a46
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sebhildebrandt/systeminformation/commit/0be6fcd575c05687d1076d5cd6d75af2ebae5a46
3
reference_url https://github.com/sebhildebrandt/systeminformation/commit/7922366d707de7f20995fc8e30ac3153636bf35f
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sebhildebrandt/systeminformation/commit/7922366d707de7f20995fc8e30ac3153636bf35f
4
reference_url https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-jff2-qjw8-5476
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-jff2-qjw8-5476
5
reference_url https://www.npmjs.com/package/systeminformation
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/systeminformation
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21388
reference_id CVE-2021-21388
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21388
fixed_packages
0
url pkg:npm/systeminformation@5.6.4
purl pkg:npm/systeminformation@5.6.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vuy-w9kw-7fdy
1
vulnerability VCID-99un-1enx-5uhv
2
vulnerability VCID-wd8e-yyex-vqff
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/systeminformation@5.6.4
aliases CVE-2021-21388, GHSA-jff2-qjw8-5476
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fen5-17u8-efbs
7
url VCID-us5p-3w2r-13e6
vulnerability_id VCID-us5p-3w2r-13e6
summary 
Command Injection Vulnerability
command injection vulnerability
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21315
reference_id
reference_type
scores
0
value 0.9396
scoring_system epss
scoring_elements 0.99892
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21315
1
reference_url https://github.com/sebhildebrandt/systeminformation
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sebhildebrandt/systeminformation
2
reference_url https://github.com/sebhildebrandt/systeminformation/commit/07daa05fb06f24f96297abaa30c2ace8bfd8b525
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:38:40Z/
url https://github.com/sebhildebrandt/systeminformation/commit/07daa05fb06f24f96297abaa30c2ace8bfd8b525
3
reference_url https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05@%3Cissues.cordova.apache.org%3E
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05@%3Cissues.cordova.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05%40%3Cissues.cordova.apache.org%3E
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:38:40Z/
url https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05%40%3Cissues.cordova.apache.org%3E
5
reference_url https://security.netapp.com/advisory/ntap-20210312-0007
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210312-0007
6
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21315
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21315
7
reference_url https://www.npmjs.com/package/systeminformation
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:38:40Z/
url https://www.npmjs.com/package/systeminformation
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21315
reference_id CVE-2021-21315
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21315
9
reference_url https://github.com/advisories/GHSA-2m8v-572m-ff2v
reference_id GHSA-2m8v-572m-ff2v
reference_type
scores
url https://github.com/advisories/GHSA-2m8v-572m-ff2v
10
reference_url https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v
reference_id GHSA-2m8v-572m-ff2v
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:38:40Z/
url https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v
11
reference_url https://security.netapp.com/advisory/ntap-20210312-0007/
reference_id ntap-20210312-0007
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:38:40Z/
url https://security.netapp.com/advisory/ntap-20210312-0007/
fixed_packages
0
url pkg:npm/systeminformation@5.3.1
purl pkg:npm/systeminformation@5.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vuy-w9kw-7fdy
1
vulnerability VCID-99un-1enx-5uhv
2
vulnerability VCID-fen5-17u8-efbs
3
vulnerability VCID-wd8e-yyex-vqff
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/systeminformation@5.3.1
aliases CVE-2021-21315, GHSA-2m8v-572m-ff2v
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-us5p-3w2r-13e6
8
url VCID-wd8e-yyex-vqff
vulnerability_id VCID-wd8e-yyex-vqff
summary 
systeminformation has a Command Injection vulnerability in fsSize() function on Windows
The `fsSize()` function in `systeminformation` is vulnerable to **OS Command Injection (CWE-78)** on Windows systems. The optional `drive` parameter is directly concatenated into a PowerShell command without sanitization, allowing arbitrary command execution when user-controlled input reaches this function.

**Affected Platforms:** Windows only

**CVSS Breakdown:**
- **Attack Vector (AV:N):** Network - if used in a web application/API
- **Attack Complexity (AC:H):** High - requires application to pass user input to `fsSize()`
- **Privileges Required (PR:N):** None - no authentication required at library level
- **User Interaction (UI:N):** None
- **Scope (S:U):** Unchanged - executes within Node.js process context
- **Confidentiality/Integrity/Availability (C:H/I:H/A:H):** High impact if exploited

> **Note:** The actual exploitability depends on how applications use this function. If an application does not pass user-controlled input to `fsSize()`, it is not vulnerable.

---
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68154.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68154.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-68154
reference_id
reference_type
scores
0
value 0.00048
scoring_system epss
scoring_elements 0.15424
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-68154
2
reference_url https://github.com/sebhildebrandt/systeminformation
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sebhildebrandt/systeminformation
3
reference_url https://github.com/sebhildebrandt/systeminformation/commit/c52f9fd07fef42d2d8e8c66f75b42178da701c68
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-17T14:50:36Z/
url https://github.com/sebhildebrandt/systeminformation/commit/c52f9fd07fef42d2d8e8c66f75b42178da701c68
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2422883
reference_id 2422883
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2422883
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68154
reference_id CVE-2025-68154
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-68154
6
reference_url https://github.com/advisories/GHSA-wphj-fx3q-84ch
reference_id GHSA-wphj-fx3q-84ch
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wphj-fx3q-84ch
7
reference_url https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-wphj-fx3q-84ch
reference_id GHSA-wphj-fx3q-84ch
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-17T14:50:36Z/
url https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-wphj-fx3q-84ch
fixed_packages
0
url pkg:npm/systeminformation@5.27.14
purl pkg:npm/systeminformation@5.27.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/systeminformation@5.27.14
aliases CVE-2025-68154, GHSA-wphj-fx3q-84ch
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wd8e-yyex-vqff
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/systeminformation@3.51.0