Package impact
PyPI / glances
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-30930 | critical | 9.8 | 9.8 | 3mo ago | Glances has SQL Injection via Process Names in TimescaleDB Export | |||
| CVE-2026-34839 | high | — | 8.0 | 1mo ago | Glances: Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS | |||
| CVE-2021-23418 | medium | — | 5.5 | 5y ago | The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks. |