Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/systeminformation@4.19.4

Type npm

Namespace

Name systeminformation

Version 4.19.4

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.27.14

Latest_non_vulnerable_version 5.31.6

Affected_by_vulnerabilities

url VCID-297u-ugtg-bkdd

vulnerability_id VCID-297u-ugtg-bkdd

summary

OS Command Injection
systeminformation suffers from a command injection vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-26274

reference_id

reference_type

scores

value	0.01389
scoring_system	epss
scoring_elements	0.80708
published_at	2026-06-05T12:55:00Z

value	0.01389
scoring_system	epss
scoring_elements	0.80682
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-26274

reference_url

https://github.com/sebhildebrandt/systeminformation/commit/1faadcbf68f1b1fdd5eb2054f68fc932be32ac99

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sebhildebrandt/systeminformation/commit/1faadcbf68f1b1fdd5eb2054f68fc932be32ac99

reference_url

https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-m57p-p67h-mq74

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-m57p-p67h-mq74

reference_url

https://www.npmjs.com/advisories/1590

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/advisories/1590

reference_url

https://www.npmjs.com/package/systeminformation

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/package/systeminformation

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-26274

reference_id

CVE-2020-26274

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-26274

fixed_packages

url pkg:npm/systeminformation@4.31.1

purl pkg:npm/systeminformation@4.31.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-99un-1enx-5uhv

vulnerability	VCID-fen5-17u8-efbs

vulnerability	VCID-us5p-3w2r-13e6

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/systeminformation@4.31.1

aliases CVE-2020-26274, GHSA-m57p-p67h-mq74

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-297u-ugtg-bkdd

url VCID-6t9m-cpgx-z3hb

vulnerability_id VCID-6t9m-cpgx-z3hb

summary

OS Command Injection
npm package systeminformation is vulnerable to Prototype Pollution leading to Command Injection.If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to `si.inetChecksite().`

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-26245

reference_id

reference_type

scores

value	0.0113
scoring_system	epss
scoring_elements	0.78661
published_at	2026-06-04T12:55:00Z

value	0.0113
scoring_system	epss
scoring_elements	0.78688
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-26245

reference_url

https://github.com/sebhildebrandt/systeminformation/commit/8113ff0e87b2f422a5756c48f1057575e73af016

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sebhildebrandt/systeminformation/commit/8113ff0e87b2f422a5756c48f1057575e73af016

reference_url

https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-4v2w-h9jm-mqjg

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-4v2w-h9jm-mqjg

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-26245

reference_id

CVE-2020-26245

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-26245

fixed_packages

url pkg:npm/systeminformation@4.30.5

purl pkg:npm/systeminformation@4.30.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-297u-ugtg-bkdd

vulnerability	VCID-99un-1enx-5uhv

vulnerability	VCID-fen5-17u8-efbs

vulnerability	VCID-us5p-3w2r-13e6

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/systeminformation@4.30.5

aliases CVE-2020-26245, GHSA-4v2w-h9jm-mqjg

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6t9m-cpgx-z3hb

url VCID-99un-1enx-5uhv

vulnerability_id VCID-99un-1enx-5uhv

summary

Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID)
The SSID is not sanitized when before it is passed as a parameter to cmd.exe in the `getWindowsIEEE8021x` function. This means that malicious content in the SSID can be executed as OS commands.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56334.json

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56334.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-56334

reference_id

reference_type

scores

value	0.04955
scoring_system	epss
scoring_elements	0.8985
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-56334

reference_url

https://github.com/sebhildebrandt/systeminformation

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sebhildebrandt/systeminformation

reference_url

https://github.com/sebhildebrandt/systeminformation/commit/f7af0a67b78e7894335a6cad510566a25e06ae41

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-12-24T16:32:16Z/

url

https://github.com/sebhildebrandt/systeminformation/commit/f7af0a67b78e7894335a6cad510566a25e06ae41

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2333587
reference_id	2333587
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2333587

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-56334

reference_id

CVE-2024-56334

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-56334

reference_url	https://github.com/advisories/GHSA-cvv5-9h9w-qp2m
reference_id	GHSA-cvv5-9h9w-qp2m
reference_type
scores
url	https://github.com/advisories/GHSA-cvv5-9h9w-qp2m

reference_url

https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-cvv5-9h9w-qp2m

reference_id

GHSA-cvv5-9h9w-qp2m

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-12-24T16:32:16Z/

url

https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-cvv5-9h9w-qp2m

reference_url	https://access.redhat.com/errata/RHSA-2025:3374
reference_id	RHSA-2025:3374
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3374

fixed_packages

url	pkg:npm/systeminformation@5.23.8
purl	pkg:npm/systeminformation@5.23.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/systeminformation@5.23.8

url	pkg:npm/systeminformation@5.23.7
purl	pkg:npm/systeminformation@5.23.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/systeminformation@5.23.7

aliases CVE-2024-56334, GHSA-cvv5-9h9w-qp2m

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-99un-1enx-5uhv

url VCID-axru-z7ku-nyh8

vulnerability_id VCID-axru-z7ku-nyh8

summary

OS Command Injection
This affects the package systeminformation The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7778

reference_id

reference_type

scores

value	0.01103
scoring_system	epss
scoring_elements	0.78413
published_at	2026-06-04T12:55:00Z

value	0.01103
scoring_system	epss
scoring_elements	0.78441
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7778

reference_url

https://gist.github.com/EffectRenan/b434438938eed0b21b376cedf5c81e80

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://gist.github.com/EffectRenan/b434438938eed0b21b376cedf5c81e80

reference_url

https://github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.js

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.js

reference_url

https://github.com/sebhildebrandt/systeminformation/commit/11103a447ab9550c25f1fbec7e6d903720b3fea8%23diff-970ae648187190f86bafc8f193b7538200eba164fad0674428b6487582c089cc

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sebhildebrandt/systeminformation/commit/11103a447ab9550c25f1fbec7e6d903720b3fea8%23diff-970ae648187190f86bafc8f193b7538200eba164fad0674428b6487582c089cc

reference_url

https://github.com/sebhildebrandt/systeminformation/commit/73dce8d717ca9c3b7b0d0688254b8213b957f0fa%23diff-970ae648187190f86bafc8f193b7538200eba164fad0674428b6487582c089cc

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sebhildebrandt/systeminformation/commit/73dce8d717ca9c3b7b0d0688254b8213b957f0fa%23diff-970ae648187190f86bafc8f193b7538200eba164fad0674428b6487582c089cc

reference_url

https://snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1043753

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1043753

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-7778

reference_id

CVE-2020-7778

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-7778

reference_url

https://github.com/advisories/GHSA-8j36-q8x7-pm6q

reference_id

GHSA-8j36-q8x7-pm6q

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8j36-q8x7-pm6q

fixed_packages

url pkg:npm/systeminformation@4.30.2

purl pkg:npm/systeminformation@4.30.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-297u-ugtg-bkdd

vulnerability	VCID-6t9m-cpgx-z3hb

vulnerability	VCID-99un-1enx-5uhv

vulnerability	VCID-fen5-17u8-efbs

vulnerability	VCID-us5p-3w2r-13e6

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/systeminformation@4.30.2

aliases CVE-2020-7778, GHSA-8j36-q8x7-pm6q

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-axru-z7ku-nyh8

url VCID-c47r-q1dv-8qg7

vulnerability_id VCID-c47r-q1dv-8qg7

summary The systeminformation package is vulnerable to Command Injection. An attacker can concatenate the curl command's parameters to overwrite Javascript files and then execute any OS commands.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7752

reference_id

reference_type

scores

value	0.03143
scoring_system	epss
scoring_elements	0.87149
published_at	2026-06-05T12:55:00Z

value	0.03143
scoring_system	epss
scoring_elements	0.87127
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7752

reference_url

https://github.com/sebhildebrandt/systeminformation

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sebhildebrandt/systeminformation

reference_url

https://github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.js

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.js

reference_url

https://github.com/sebhildebrandt/systeminformation/commit/931fecaec2c1a7dcc10457bb8cd552d08089da61

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sebhildebrandt/systeminformation/commit/931fecaec2c1a7dcc10457bb8cd552d08089da61

reference_url

https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-94xh-2fmc-xf5j

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-94xh-2fmc-xf5j

reference_url

https://snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1021909

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1021909

reference_url

https://www.npmjs.com/package/systeminformation

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/package/systeminformation

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-7752

reference_id

CVE-2020-7752

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-7752

reference_url

https://github.com/advisories/GHSA-94xh-2fmc-xf5j

reference_id

GHSA-94xh-2fmc-xf5j

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-94xh-2fmc-xf5j

fixed_packages

url pkg:npm/systeminformation@4.27.11

purl pkg:npm/systeminformation@4.27.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-297u-ugtg-bkdd

vulnerability	VCID-6t9m-cpgx-z3hb

vulnerability	VCID-99un-1enx-5uhv

vulnerability	VCID-axru-z7ku-nyh8

vulnerability	VCID-fen5-17u8-efbs

vulnerability	VCID-us5p-3w2r-13e6

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/systeminformation@4.27.11

aliases CVE-2020-7752, GHSA-94xh-2fmc-xf5j

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c47r-q1dv-8qg7

url VCID-f4e3-n5n3-fbah

vulnerability_id VCID-f4e3-n5n3-fbah

summary

Command Injection
systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation there is a command injection vulnerability. Problem was fixed with a shell string sanitation fix.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-26300

reference_id

reference_type

scores

value	0.01516
scoring_system	epss
scoring_elements	0.81583
published_at	2026-06-05T12:55:00Z

value	0.01516
scoring_system	epss
scoring_elements	0.81554
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-26300

reference_url

https://github.com/advisories/GHSA-fj59-f6c3-3vw4

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-fj59-f6c3-3vw4

reference_url

https://github.com/sebhildebrandt/systeminformation

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sebhildebrandt/systeminformation

reference_url

https://github.com/sebhildebrandt/systeminformation/commit/bad372e654cdd549e7d786acbba0035ded54c607

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sebhildebrandt/systeminformation/commit/bad372e654cdd549e7d786acbba0035ded54c607

reference_url

https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-fj59-f6c3-3vw4

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-fj59-f6c3-3vw4

reference_url

https://www.npmjs.com/package/systeminformation

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/package/systeminformation

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-26300

reference_id

CVE-2020-26300

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-26300

fixed_packages

url pkg:npm/systeminformation@4.26.2

purl pkg:npm/systeminformation@4.26.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-297u-ugtg-bkdd

vulnerability	VCID-6t9m-cpgx-z3hb

vulnerability	VCID-99un-1enx-5uhv

vulnerability	VCID-axru-z7ku-nyh8

vulnerability	VCID-c47r-q1dv-8qg7

vulnerability	VCID-fen5-17u8-efbs

vulnerability	VCID-us5p-3w2r-13e6

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/systeminformation@4.26.2

aliases CVE-2020-26300, GHSA-fj59-f6c3-3vw4

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f4e3-n5n3-fbah

url VCID-fen5-17u8-efbs

vulnerability_id VCID-fen5-17u8-efbs

summary

OS Command Injection
systeminformation is an open source system and OS information library for node.Please upgrade to If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() and other commands. Only allow strings, reject any arrays. String sanitation works as expected.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21388

reference_id

reference_type

scores

value	0.00617
scoring_system	epss
scoring_elements	0.70362
published_at	2026-06-05T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.7032
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21388

reference_url

https://github.com/sebhildebrandt/systeminformation/commit/01ef56cd5824ed6da1c11b37013a027fdef67524

reference_id

reference_type

scores

value	8.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sebhildebrandt/systeminformation/commit/01ef56cd5824ed6da1c11b37013a027fdef67524

reference_url

https://github.com/sebhildebrandt/systeminformation/commit/0be6fcd575c05687d1076d5cd6d75af2ebae5a46

reference_id

reference_type

scores

value	8.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sebhildebrandt/systeminformation/commit/0be6fcd575c05687d1076d5cd6d75af2ebae5a46

reference_url

https://github.com/sebhildebrandt/systeminformation/commit/7922366d707de7f20995fc8e30ac3153636bf35f

reference_id

reference_type

scores

value	8.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sebhildebrandt/systeminformation/commit/7922366d707de7f20995fc8e30ac3153636bf35f

reference_url

https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-jff2-qjw8-5476

reference_id

reference_type

scores

value	8.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-jff2-qjw8-5476

reference_url

https://www.npmjs.com/package/systeminformation

reference_id

reference_type

scores

value	8.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/package/systeminformation

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21388

reference_id

CVE-2021-21388

reference_type

scores

value	8.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21388

fixed_packages

url pkg:npm/systeminformation@5.6.4

purl pkg:npm/systeminformation@5.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vuy-w9kw-7fdy

vulnerability	VCID-99un-1enx-5uhv

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/systeminformation@5.6.4

aliases CVE-2021-21388, GHSA-jff2-qjw8-5476

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fen5-17u8-efbs

url VCID-us5p-3w2r-13e6

vulnerability_id VCID-us5p-3w2r-13e6

summary

Command Injection Vulnerability
command injection vulnerability

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21315

reference_id

reference_type

scores

value	0.9396
scoring_system	epss
scoring_elements	0.99892
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21315

reference_url

https://github.com/sebhildebrandt/systeminformation

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sebhildebrandt/systeminformation

reference_url

https://github.com/sebhildebrandt/systeminformation/commit/07daa05fb06f24f96297abaa30c2ace8bfd8b525

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:38:40Z/

url

https://github.com/sebhildebrandt/systeminformation/commit/07daa05fb06f24f96297abaa30c2ace8bfd8b525

reference_url

https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05@%3Cissues.cordova.apache.org%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05@%3Cissues.cordova.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05%40%3Cissues.cordova.apache.org%3E

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:38:40Z/

url

https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05%40%3Cissues.cordova.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20210312-0007

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210312-0007

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21315

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21315

reference_url

https://www.npmjs.com/package/systeminformation

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:38:40Z/

url

https://www.npmjs.com/package/systeminformation

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21315

reference_id

CVE-2021-21315

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21315

reference_url	https://github.com/advisories/GHSA-2m8v-572m-ff2v
reference_id	GHSA-2m8v-572m-ff2v
reference_type
scores
url	https://github.com/advisories/GHSA-2m8v-572m-ff2v

reference_url

https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v

reference_id

GHSA-2m8v-572m-ff2v

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:38:40Z/

url

https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v

reference_url

https://security.netapp.com/advisory/ntap-20210312-0007/

reference_id

ntap-20210312-0007

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:38:40Z/

url

https://security.netapp.com/advisory/ntap-20210312-0007/

fixed_packages

url pkg:npm/systeminformation@5.3.1

purl pkg:npm/systeminformation@5.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vuy-w9kw-7fdy

vulnerability	VCID-99un-1enx-5uhv

vulnerability	VCID-fen5-17u8-efbs

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/systeminformation@5.3.1

aliases CVE-2021-21315, GHSA-2m8v-572m-ff2v

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-us5p-3w2r-13e6

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/systeminformation@4.19.4

Package Instance