CVE-2026-26318 systeminformation has Command Injection via Unsanitized `locate` Output in `versions()`

systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output in versions. Version 5.31.0 fixes the issue...

@agentuity/evals (>=0.0.104 <=2.0.17), @agentuity/hono (>=3.0.0-alpha.0 <=3.0.0-beta.3) +345 more potentially affected by CVE-2026-26318 via systeminformation (>=5.0.6 <=5.30.8)

systeminformation NPM version =5.0.6, =0.0.104, =3.0.0-alpha.0, =0.0.6, =0.0.63, =0.0.2, =3.0.0-alpha.0, =0.1.1, =0.1.1, =4.1.0, =4.0.0-devnet.2-patch.0, =0.0.1-2.1-beta-provision, =0.0.0-test.0, =0.0.0-test.0, =0.0.0-test.0, =5.0.0-private.20260319 and more Source cves: CVE-2026-26318 Source...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses systeminformation-5.25.11.tgz which are vulnerable to CVE-2025-68154.

Summary IBM Maximo Application Suite - Monitor Component uses systeminformation-5.25.11.tgz which are vulnerable to CVE-2025-68154. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-68154 DESCRIPTION: systeminformation is a System...

EUVD-2022-0919

Malicious code in bioql PyPI...

CVE-2024-56334

A flaw was found in the systeminformation library for Node.js. In Windows systems, the SSID parameter of the getWindowsIEEE8021x function is not sanitized before it is passed to cmd.exe. This may allow a remote attacker to execute arbitrary commands on the target system. Mitigation Mitigation for...

PT-2023-28597 · Npm · Systeminformation

Name of the Vulnerable Software and Affected Versions: systeminformation versions 5.0.0 through 5.21.6 Description: The systeminformation library for Node.JS has a SSID Command Injection Vulnerability. This issue affects versions 5.0.0 through 5.21.6. The problem was fixed with a parameter check ...

4runr-os (>=1.0.48 <=2.10.39), 7key-gen (>=1.0.12 <=1.1.0) +2816 more potentially affected by CVE-2021-21388 via systeminformation (>=3.30.6 <=5.6.3)

systeminformation NPM version =3.30.6, =1.0.48, =1.0.12, =1.1.9, =1.7.0-beta.7, =3.11.1, =1.0.0, =1.16.13, =1.3.16, =1.1.12, =1.6.23, =1.6.7, =1.0.0, =1.16.33, =1.17.12-beta-20260422-093007-b389a838 and more Source cves: CVE-2021-21388 Source advisory: OSV:GHSA-JFF2-QJW8-5476...

@azteam/monitor (>=1.0.1 <=1.0.9), @bb-cli/e2e-bb-test (>=2.8.3-5 <=2.8.4) +218 more potentially affected by CVE-2020-26274 via systeminformation (>=3.30.6 <=4.31.0)

systeminformation NPM version =3.30.6, =1.0.1, =2.8.3-5, =1.0.7, =1.0.0, =1.0.148 and more Source cves: CVE-2020-26274 Source advisory: OSV:GHSA-M57P-P67H-MQ74...

@azteam/monitor (>=1.0.1 <=1.0.9), @bb-cli/e2e-bb-test (>=2.8.3-5 <=2.8.4) +206 more potentially affected by CVE-2020-7752 via systeminformation (>=3.30.6 <=4.26.9)

systeminformation NPM version =3.30.6, =1.0.1, =2.8.3-5, =1.0.7, =1.0.0, =0.0.3, =1.0.0, =1.1.0, =5.0.0, =1.0.0, =1.0.0-beta.7, =0.1.0, =0.4.0-unstable-20200922091941 and more Source cves: CVE-2020-7752 Source advisory: OSV:GHSA-94XH-2FMC-XF5J...

@azteam/monitor (>=1.0.1 <=1.0.9), @blitzbank/dashboard (>=0.0.3 <=0.1.2) +13 more potentially affected by CVE-2020-7752 via systeminformation (>=4.0.10 <=4.26.9)

systeminformation NPM version =4.0.10, =1.0.1, =0.0.3, =1.1.0, =1.0.0-beta.7, =0.43.2, =1.10.0, =9.7.2, =0.1.9, =1.0.3, =1.0.0, =9.7.2, =0.0.1, =1.0.1 Source cves: CVE-2020-7752 Source advisory: SNYK:JS-SYSTEMINFORMATION-1021909...