glances
PyPI13 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting glancespage 1 of 1
- CVE-2021-23418MEDIUMCVSS 6.3EG 6.3✓ Fixed in 3.2.12021-07-29
vulnerable: 1.3.1 ... 3.2.0 (72 versions)
The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.
- CVE-2026-30930CRITICALCVSS 9.8EG 9.8✓ Fixed in 4.5.12026-03-10
vulnerable: 1.3.1 ... 4.5.0.5 (130 versions)
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize() method wraps string v…
- CVE-2026-32596HIGHCVSS 0.0EG 0.0✓ Fixed in 4.5.22026-03-16
vulnerable: 1.3.1 ... 4.5.1 (131 versions)
Glances exposes the REST API without authentication ### Summary Glances web server runs without authentication by default when started with `glances -w`, exposing REST API with sensitive system information including process command-lines …
- CVE-2026-33533MEDIUMCVSS 6.5EG 6.5✓ Fixed in 4.5.32026-04-02
vulnerable: 1.3.1 ... 4.5.2 (132 versions)
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server (activated with glances -s or glances --server) sends Access-Control-Allow-Origin: * on every HTTP response. Because the XM…
- CVE-2026-33641HIGHCVSS 7.8EG 7.8✓ Fixed in 4.5.32026-04-02
vulnerable: 1.3.1 ... 4.5.2 (132 versions)
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. …
- CVE-2026-34839MEDIUMCVSS 6.5EG 6.5✓ Fixed in 4.5.42026-04-21
vulnerable: 1.3.1 ... 4.5.3 (133 versions)
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Glances web server exposes a REST API (`/api/4/*`) that is accessible without authentication and allows cross-origin requests from any origin due …
- CVE-2026-35587HIGHCVSS 8.8EG 8.8✓ Fixed in 4.5.42026-04-21
vulnerable: 1.3.1 ... 4.5.3 (133 versions)
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery (SSRF) vulnerability exists in the Glances IP plugin due to improper validation of the public_api configuration paramete…
- CVE-2026-35588MEDIUMCVSS 6.3EG 6.3✓ Fixed in 4.5.42026-04-21
vulnerable: 1.3.1 ... 4.5.3 (133 versions)
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module (`glances/exports/glances_cassandra/__init__.py`) interpolates `keyspace`, `table`, and `replication_factor` configuration…
- CVE-2026-46606HIGHCVSS 7.8EG 7.8✓ Fixed in 4.5.52026-06-22
vulnerable: 1.3.1 ... 4.5.4 (134 versions)
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine (glances/plugins/vms/engines/virsh.py) passes VM domain names, read directly from virsh list --all output, into f-strin…
- CVE-2026-46607HIGHCVSS 7.8EG 7.8✓ Fixed in 4.5.52026-06-22
vulnerable: 1.3.1 ... 4.5.4 (134 versions)
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load() to read a version-check cache file stored at a predictable, world-accessible path (~/.cache/glances/glances-version.db …
- CVE-2026-46608HIGHCVSS 7.4EG 7.4✓ Fixed in 4.5.52026-06-22
vulnerable: 1.3.1 ... 4.5.4 (134 versions)
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s) introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE-2026-33533. However, the implement…
- CVE-2026-46611MEDIUMCVSS 5.3EG 5.3✓ Fixed in 4.5.52026-06-22
vulnerable: 1.3.1 ... 4.5.4 (134 versions)
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s, implemented in glances/server.py) does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attac…
- CVE-2026-53925HIGHCVSS 7.8EG 7.8✓ Fixed in 4.5.52026-06-23
vulnerable: 4.0.8 ... 4.5.4 (29 versions)
Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the secure_popen() function in glances/secure.py interprets > (file redirection), | (pipe), and && (command chaining) operators in command strings. Th…
Check whether glances is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for glances CVEs against the assets you own.
Start Free Scan →