utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:node-opencv_project:node-opencv:*:*:*:*:*:node.js:*:*"
],
"extracted_events": [
{
"fixed": "6.1.0"
}
],
"source": "CPE_RANGE",
"vendor_product": "node-opencv_project:node-opencv"
}
]
}"2026-07-08T15:54:08Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10061.json"
[
{
"signature_type": "Line",
"target": {
"file": "src/FaceRecognizer.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"112452988723884673506501273598000269917",
"188992419719563020502915929919504129267",
"273346043374247195419051745256349540325",
"187460271573234866350606439562746424139"
],
"threshold": 0.9
},
"id": "CVE-2019-10061-4c5c5caa",
"source": "https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563",
"signature_version": "v1"
}
]