[Git][security-tracker-team/security-tracker][master] Review first batch of CVES for node-systeminformation

Mon Jun 1 16:42:33 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
76a05579 by Salvatore Bonaccorso at 2026-06-01T17:42:07+02:00
Review first batch of CVES for node-systeminformation

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2733,7 +2733,7 @@ CVE-2026-44887 (Pi.Alert is a WIFI / LAN intruder detector with web service moni
 CVE-2026-44886 (Pi.Alert is a WIFI / LAN intruder detector with web service monitoring ...)
 	NOT-FOR-US: Pi.Alert
 CVE-2026-44724 (systeminformation is a System and OS information library for node.js.  ...)
-	- node-systeminformation <undetermined>
+	- node-systeminformation <not-affected> (Fixed before initial upload to Debian)
 CVE-2026-44720 (OpenLearnX is an open-source, decentralized learning and assessment pl ...)
 	NOT-FOR-US: OpenLearnX
 CVE-2026-44713 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
@@ -57697,9 +57697,9 @@ CVE-2026-26337 (Hyland Alfresco Transformation Service allows unauthenticated at
 CVE-2026-26336 (Hyland Alfresco allows unauthenticated attackers to read arbitrary fil ...)
 	NOT-FOR-US: Hyland
 CVE-2026-26318 (systeminformation is a System and OS information library for node.js.  ...)
-	- node-systeminformation <undetermined>
+	- node-systeminformation <not-affected> (Fixed before initial upload to Debian)
 CVE-2026-26280 (systeminformation is a System and OS information library for node.js.  ...)
-	- node-systeminformation <undetermined>
+	- node-systeminformation <not-affected> (Fixed before initial upload to Debian)
 CVE-2026-26278 (fast-xml-parser allows users to validate XML, parse XML to JS object,  ...)
 	- node-webfont <undetermined>
 	NOTE: https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jmr7-xgp7-cmfj
@@ -85687,7 +85687,7 @@ CVE-2025-68156 (Expr is an expression language and expression evaluation for Go.
 CVE-2025-68155 (@vitejs/plugin-rs provides React Server Components (RSC) support for V ...)
 	NOT-FOR-US: React Server Components (RSC) support plugin for Vite
 CVE-2025-68154 (systeminformation is a System and OS information library for node.js.  ...)
-	- node-systeminformation <undetermined>
+	- node-systeminformation <not-affected> (Fixed before initial upload to Debian)
 CVE-2025-68150 (Parse Server is an open source backend that can be deployed to any inf ...)
 	NOT-FOR-US: Parse Server
 CVE-2025-68146 (filelock is a platform-independent file lock for Python. In versions p ...)
@@ -205384,7 +205384,7 @@ CVE-2024-56357 (grist-core is a spreadsheet hosting server. A user visiting a ma
 CVE-2024-56335 (vaultwarden is an unofficial Bitwarden compatible server written in Ru ...)
 	- vaultwarden <itp> (bug #1067023)
 CVE-2024-56334 (systeminformation is a System and OS information library for node.js.  ...)
-	- node-systeminformation <undetermined>
+	- node-systeminformation <not-affected> (Fixed before initial upload to Debian)
 CVE-2024-55509 (SQL injection vulnerability in CodeAstro Complaint Management System v ...)
 	NOT-FOR-US: CodeAstro Complaint Management System
 CVE-2024-40875 (There is a cross-site scripting vulnerability in the management consol ...)
@@ -322333,7 +322333,7 @@ CVE-2023-43236 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack o
 CVE-2023-43235 (D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow v ...)
 	NOT-FOR-US: D-Link
 CVE-2023-42810 (systeminformation is a System Information Library for Node.JS. Version ...)
-	- node-systeminformation <undetermined>
+	- node-systeminformation <not-affected> (Fixed before initial upload to Debian)
 CVE-2023-42807 (Frappe LMS is an open source learning management system. In versions 1 ...)
 	NOT-FOR-US: Frappe Framework
 CVE-2023-42806 (Hydra is the layer-two scalability solution for Cardano. Prior to vers ...)
@@ -518809,7 +518809,7 @@ CVE-2021-21390 (MinIO is an open-source high performance object storage service
 CVE-2021-21389 (BuddyPress is an open source WordPress plugin to build a community sit ...)
 	NOT-FOR-US: BuddyPress WordPress plugin
 CVE-2021-21388 (systeminformation is an open source system and OS information library  ...)
-	- node-systeminformation <undetermined>
+	- node-systeminformation <not-affected> (Fixed before initial upload to Debian)
 CVE-2021-21387 (Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS an ...)
 	NOT-FOR-US: Wrongthink
 CVE-2021-21386 (APKLeaks is an open-source project for scanning APK file for URIs, end ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76a055798f2d1260af52ee8cd9855d313ed5d75d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76a055798f2d1260af52ee8cd9855d313ed5d75d
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260601/6aed54d1/attachment.htm>
