glances

PyPI7 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting glancespage 1 of 1

CVE-2021-23418MEDIUMCVSS 6.3EG 6.3✓ Fixed in 3.2.1
2021-07-29
vulnerable: 1.3.1 ... 3.2.0 (72 versions)
The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.
CVE-2026-30930CRITICALCVSS 9.8EG 9.8✓ Fixed in 4.5.1
2026-03-10
vulnerable: 1.3.1 ... 4.5.0.5 (130 versions)
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize() method wraps string v…
CVE-2026-33533MEDIUMCVSS 6.5EG 6.5✓ Fixed in 4.5.3
2026-04-02
vulnerable: 1.3.1 ... 4.5.2 (132 versions)
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server (activated with glances -s or glances --server) sends Access-Control-Allow-Origin: * on every HTTP response. Because the XM…
CVE-2026-33641HIGHCVSS 7.8EG 7.8✓ Fixed in 4.5.3
2026-04-02
vulnerable: 1.3.1 ... 4.5.2 (132 versions)
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. …
CVE-2026-34839MEDIUMCVSS 6.5EG 6.5✓ Fixed in 4.5.4
2026-04-21
vulnerable: 1.3.1 ... 4.5.3 (133 versions)
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Glances web server exposes a REST API (`/api/4/*`) that is accessible without authentication and allows cross-origin requests from any origin due …
CVE-2026-35587HIGHCVSS 8.8EG 8.8✓ Fixed in 4.5.4
2026-04-21
vulnerable: 1.3.1 ... 4.5.3 (133 versions)
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery (SSRF) vulnerability exists in the Glances IP plugin due to improper validation of the public_api configuration paramete…
CVE-2026-35588MEDIUMCVSS 6.3EG 6.3✓ Fixed in 4.5.4
2026-04-21
vulnerable: 1.3.1 ... 4.5.3 (133 versions)
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module (`glances/exports/glances_cassandra/__init__.py`) interpolates `keyspace`, `table`, and `replication_factor` configuration…

Check whether glances is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for glances CVEs against the assets you own.

Start Free Scan →