Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/systeminformation@4.12.0
purl pkg:npm/systeminformation@4.12.0
Next non-vulnerable version 5.27.14
Latest non-vulnerable version 5.31.6
Risk 10.0
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-297u-ugtg-bkdd
Aliases:
CVE-2020-26274
GHSA-m57p-p67h-mq74
OS Command Injection systeminformation suffers from a command injection vulnerability.
4.31.1
Affected by 3 other vulnerabilities.
VCID-6t9m-cpgx-z3hb
Aliases:
CVE-2020-26245
GHSA-4v2w-h9jm-mqjg
OS Command Injection npm package systeminformation is vulnerable to Prototype Pollution leading to Command Injection.If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to `si.inetChecksite().`
4.30.5
Affected by 4 other vulnerabilities.
VCID-99un-1enx-5uhv
Aliases:
CVE-2024-56334
GHSA-cvv5-9h9w-qp2m
Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID) The SSID is not sanitized when before it is passed as a parameter to cmd.exe in the `getWindowsIEEE8021x` function. This means that malicious content in the SSID can be executed as OS commands.
5.23.8
Affected by 0 other vulnerabilities.
5.23.7
Affected by 0 other vulnerabilities.
VCID-axru-z7ku-nyh8
Aliases:
CVE-2020-7778
GHSA-8j36-q8x7-pm6q
OS Command Injection This affects the package systeminformation The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.
4.30.2
Affected by 5 other vulnerabilities.
VCID-c47r-q1dv-8qg7
Aliases:
CVE-2020-7752
GHSA-94xh-2fmc-xf5j
The systeminformation package is vulnerable to Command Injection. An attacker can concatenate the curl command's parameters to overwrite Javascript files and then execute any OS commands.
4.27.11
Affected by 6 other vulnerabilities.
VCID-f4e3-n5n3-fbah
Aliases:
CVE-2020-26300
GHSA-fj59-f6c3-3vw4
Command Injection systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation there is a command injection vulnerability. Problem was fixed with a shell string sanitation fix.
4.26.2
Affected by 7 other vulnerabilities.
VCID-fen5-17u8-efbs
Aliases:
CVE-2021-21388
GHSA-jff2-qjw8-5476
OS Command Injection systeminformation is an open source system and OS information library for node.Please upgrade to If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() and other commands. Only allow strings, reject any arrays. String sanitation works as expected.
5.6.4
Affected by 2 other vulnerabilities.
VCID-us5p-3w2r-13e6
Aliases:
CVE-2021-21315
GHSA-2m8v-572m-ff2v
Command Injection Vulnerability command injection vulnerability
5.3.1
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T05:35:14.567284+00:00 GitLab Importer Affected by VCID-99un-1enx-5uhv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/systeminformation/CVE-2024-56334.yml 38.6.0
2026-06-06T00:59:07.327150+00:00 GitLab Importer Affected by VCID-f4e3-n5n3-fbah https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/systeminformation/CVE-2020-26300.yml 38.6.0
2026-06-04T20:50:19.688610+00:00 GitLab Importer Affected by VCID-fen5-17u8-efbs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/systeminformation/CVE-2021-21388.yml 38.6.0
2026-06-04T20:45:06.002674+00:00 GitLab Importer Affected by VCID-us5p-3w2r-13e6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/systeminformation/CVE-2021-21315.yml 38.6.0
2026-06-04T20:42:40.264674+00:00 GitLab Importer Affected by VCID-297u-ugtg-bkdd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/systeminformation/CVE-2020-26274.yml 38.6.0
2026-06-04T20:41:56.270590+00:00 GitLab Importer Affected by VCID-6t9m-cpgx-z3hb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/systeminformation/CVE-2020-26245.yml 38.6.0
2026-06-04T20:41:51.855411+00:00 GitLab Importer Affected by VCID-axru-z7ku-nyh8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/systeminformation/CVE-2020-7778.yml 38.6.0
2026-06-04T20:40:25.642284+00:00 GitLab Importer Affected by VCID-c47r-q1dv-8qg7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/systeminformation/CVE-2020-7752.yml 38.6.0