NIXPKGS-2026-0588

GitHub issue published on 11 Mar 2026

Permalink CVE-2026-30930

updated 4 days, 3 hours ago by @mweinelt Activity log

Created automatic suggestion 4 days, 12 hours ago
@mweinelt removed
5 packages
- python312Packages.glances-api
- python313Packages.glances-api
- python314Packages.glances-api
- home-assistant-component-tests.glances
- tests.home-assistant-component-tests.glances
4 days, 3 hours ago
@mweinelt accepted 4 days, 3 hours ago
@mweinelt published on GitHub 4 days, 3 hours ago

Glances has SQL Injection via Process Names in TimescaleDB Export

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize() method wraps string values in single quotes but does not escape embedded single quotes, making SQL injection trivial via attacker-controlled data such as process names, filesystem mount points, network interface names, or container names. This vulnerability is fixed in 4.5.1.

References

https://github.com/nicolargo/glances/releases/tag/v4.5.1 x_refsource_MISC
https://github.com/nicolargo/glances/security/advisories/GHSA-x46r-mf5g-xpr6 x_refsource_CONFIRM
https://github.com/nicolargo/glances/commit/39161f0d6fd723d83f534b48f24cdca722573336 x_refsource_MISC

Affected products

glances

==< 4.5.1

Matching in nixpkgs

pkgs.glances

Cross-platform curses-based monitoring tool

nixos-unstable 4.5.0.5
- nixpkgs-unstable 4.5.0.5
- nixos-unstable-small 4.5.0.5
nixos-25.11 4.3.3
- nixos-25.11-small 4.3.3
- nixpkgs-25.11-darwin 4.3.3

Ignored packages (5)

pkgs.python312Packages.glances-api

Python API for interacting with Glances

nixos-25.11 0.9.0
- nixos-25.11-small 0.9.0
- nixpkgs-25.11-darwin 0.9.0

pkgs.python313Packages.glances-api

Python API for interacting with Glances

nixos-unstable 0.9.0
- nixpkgs-unstable 0.9.0
- nixos-unstable-small 0.9.0
nixos-25.11 0.9.0
- nixos-25.11-small 0.9.0
- nixpkgs-25.11-darwin 0.9.0

pkgs.python314Packages.glances-api

Python API for interacting with Glances

nixos-unstable 0.9.0
- nixpkgs-unstable 0.9.0
- nixos-unstable-small 0.9.0

pkgs.home-assistant-component-tests.glances

Open source home automation that puts local control and privacy first

nixos-25.11 2025.11.3
- nixos-25.11-small 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

pkgs.tests.home-assistant-component-tests.glances

Open source home automation that puts local control and privacy first

nixos-unstable 2026.2.3
- nixpkgs-unstable 2026.2.3
- nixos-unstable-small 2026.2.3

Package maintainers

@primeos Michael Weiss <dev.primeos@gmail.com>
@k0ral Koral <koral@mailoo.org>

https://github.com/nicolargo/glances/security/advisories/GHSA-x46r-mf5g-xpr6
https://github.com/nicolargo/glances/commit/39161f0d6fd723d83f534b48f24cdca722573336

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0588

References

Affected products

Matching in nixpkgs

pkgs.glances

pkgs.python312Packages.glances-api

pkgs.python313Packages.glances-api

pkgs.python314Packages.glances-api

pkgs.home-assistant-component-tests.glances

pkgs.tests.home-assistant-component-tests.glances

Package maintainers