HIGH 7.0 PyPI
GHSA-49g7-2ww7-3vf5 · CVE-2026-32611 Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements
Modified: 3/18/2026
package
PyPI / glances
pkg:pypi/glances
HIGH PyPI
GHSA-7p93-6934-f4q7 · CVE-2026-33533 Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard
Modified: 5/5/2026
HIGH 7.4 PyPI
GHSA-87qc-fj39-wccr · CVE-2026-46608 Glances: XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard (Incomplete Fix for CVE-2026-33533)
Modified: 6/22/2026
HIGH 7.8 PyPI
GHSA-9837-48hr-q32j · CVE-2026-46607 Glances has Insecure Pickle Deserialization in its Version Cache that Leads to Arbitrary Code Execution
Modified: 6/22/2026
HIGH 8.1 PyPI
GHSA-9jfm-9rc6-2hfq · CVE-2026-32610 Glances's Default CORS Configuration Allows Cross-Origin Credential Theft
Modified: 3/18/2026
HIGH 7.5 PyPI
GHSA-cvwp-r2g2-j824 · CVE-2026-32609 Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials
Modified: 3/19/2026
HIGH 8.8 PyPI
GHSA-g5pq-48mj-jvw8 · CVE-2026-35587 Glances has SSRF in IP Plugin via public_api leading to credential leakage
Modified: 5/5/2026
MEDIUM 6.5 PyPI
GHSA-gfc2-9qmw-w7vh · CVE-2026-34839 Glances: Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS
Modified: 5/5/2026
HIGH PyPI
GHSA-gh4x-f7cq-wwx6 · CVE-2026-30928 Glances Exposes Unauthenticated Configuration Secrets
Modified: 3/10/2026
MEDIUM 6.3 PyPI
GHSA-grp3-h8m8-45p7 · CVE-2026-35588 Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values
Modified: 4/21/2026
MEDIUM 5.9 PyPI
GHSA-hhcg-r27j-fhv9 · CVE-2026-32632 Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding
Modified: 3/18/2026
HIGH 7.8 PyPI
GHSA-qhj7-v7h7-q4c7 · CVE-2026-33641 Glances Vulnerable to Command Injection via Dynamic Configuration Values
Modified: 5/5/2026
CRITICAL 9.1 PyPI
GHSA-r297-p3v4-wp8m · CVE-2026-32633 Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`
Modified: 3/18/2026
MEDIUM 6.3 PyPI
GHSA-r2mj-8wgq-73m6 · CVE-2021-23418, PYSEC-2021-115 XML External Entity Reference in Glances
Modified: 9/20/2024
HIGH 7.8 PyPI
GHSA-v5r2-qh84-fjx5 · CVE-2026-46606 Glances is Vulnerable to Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py
Modified: 6/22/2026
HIGH 7.0 PyPI
GHSA-vcv2-q258-wrg7 · CVE-2026-32608 Glances has a Command Injection via Process Names in Action Command Templates
Modified: 3/19/2026
HIGH 8.1 PyPI
GHSA-vx5f-957p-qpvm · CVE-2026-32634 Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers
Modified: 3/18/2026
MEDIUM 5.3 PyPI
GHSA-w856-8p3r-p338 · CVE-2026-46611 Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack
Modified: 6/22/2026
HIGH PyPI
GHSA-wvxv-4j8q-4wjq · CVE-2026-32596 Glances exposes the REST API without authentication
Modified: 3/19/2026
HIGH PyPI
GHSA-x46r-mf5g-xpr6 · CVE-2026-30930 Glances has SQL Injection via Process Names in TimescaleDB Export
Modified: 3/10/2026
— PyPI
PYSEC-2021-115 · CVE-2021-23418, GHSA-r2mj-8wgq-73m6 Modified: 11/8/2023