Suggestions search

All statuses

Filter by:

With package: glances

Found 2 matching suggestions

Published

Permalink CVE-2026-30930

updated 4 days, 15 hours ago by @mweinelt Activity log

Created automatic suggestion 4 days, 23 hours ago
@mweinelt removed
5 packages
- python312Packages.glances-api
- python313Packages.glances-api
- python314Packages.glances-api
- home-assistant-component-tests.glances
- tests.home-assistant-component-tests.glances
4 days, 15 hours ago
@mweinelt accepted 4 days, 15 hours ago
@mweinelt published on GitHub 4 days, 15 hours ago

Glances has SQL Injection via Process Names in TimescaleDB Export

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize() method wraps string values in single quotes but does not escape embedded single quotes, making SQL injection trivial via attacker-controlled data such as process names, filesystem mount points, network interface names, or container names. This vulnerability is fixed in 4.5.1.

References

https://github.com/nicolargo/glances/releases/tag/v4.5.1 x_refsource_MISC
https://github.com/nicolargo/glances/security/advisories/GHSA-x46r-mf5g-xpr6 x_refsource_CONFIRM
https://github.com/nicolargo/glances/commit/39161f0d6fd723d83f534b48f24cdca722573336 x_refsource_MISC

Affected products

glances

==< 4.5.1

Matching in nixpkgs

pkgs.glances

Cross-platform curses-based monitoring tool

nixos-unstable 4.5.0.5
- nixpkgs-unstable 4.5.0.5
- nixos-unstable-small 4.5.0.5
nixos-25.11 4.3.3
- nixos-25.11-small 4.3.3
- nixpkgs-25.11-darwin 4.3.3

Ignored packages (5)

pkgs.python312Packages.glances-api

Python API for interacting with Glances

nixos-25.11 0.9.0
- nixos-25.11-small 0.9.0
- nixpkgs-25.11-darwin 0.9.0

pkgs.python313Packages.glances-api

Python API for interacting with Glances

nixos-unstable 0.9.0
- nixpkgs-unstable 0.9.0
- nixos-unstable-small 0.9.0
nixos-25.11 0.9.0
- nixos-25.11-small 0.9.0
- nixpkgs-25.11-darwin 0.9.0

pkgs.python314Packages.glances-api

Python API for interacting with Glances

nixos-unstable 0.9.0
- nixpkgs-unstable 0.9.0
- nixos-unstable-small 0.9.0

pkgs.home-assistant-component-tests.glances

Open source home automation that puts local control and privacy first

nixos-25.11 2025.11.3
- nixos-25.11-small 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

pkgs.tests.home-assistant-component-tests.glances

Open source home automation that puts local control and privacy first

nixos-unstable 2026.2.3
- nixpkgs-unstable 2026.2.3
- nixos-unstable-small 2026.2.3

Package maintainers

@primeos Michael Weiss <dev.primeos@gmail.com>
@k0ral Koral <koral@mailoo.org>

https://github.com/nicolargo/glances/security/advisories/GHSA-x46r-mf5g-xpr6
https://github.com/nicolargo/glances/commit/39161f0d6fd723d83f534b48f24cdca722573336

Published

Permalink CVE-2026-30928

updated 4 days, 15 hours ago by @mweinelt Activity log

Created automatic suggestion 4 days, 23 hours ago
@mweinelt removed
5 packages
- python312Packages.glances-api
- python313Packages.glances-api
- python314Packages.glances-api
- home-assistant-component-tests.glances
- tests.home-assistant-component-tests.glances
4 days, 15 hours ago
@mweinelt accepted 4 days, 15 hours ago
@mweinelt published on GitHub 4 days, 15 hours ago

Glances Exposes Unauthenticated Configuration Secrets

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances configuration file (glances.conf) via self.config.as_dict() with no filtering of sensitive values. The configuration file contains credentials for all configured backend services including database passwords, API tokens, JWT signing keys, and SSL key passwords. This vulnerability is fixed in 4.5.1.

References

https://github.com/nicolargo/glances/security/advisories/GHSA-gh4x-f7cq-wwx6 x_refsource_CONFIRM
https://github.com/nicolargo/glances/commit/306a7136154ba5c1531489c99f8306d84eae37da x_refsource_MISC
https://github.com/nicolargo/glances/releases/tag/v4.5.1 x_refsource_MISC

Affected products

glances

==< 4.5.1

Matching in nixpkgs

pkgs.glances

Cross-platform curses-based monitoring tool

nixos-unstable 4.5.0.5
- nixpkgs-unstable 4.5.0.5
- nixos-unstable-small 4.5.0.5
nixos-25.11 4.3.3
- nixos-25.11-small 4.3.3
- nixpkgs-25.11-darwin 4.3.3

Ignored packages (5)

pkgs.python312Packages.glances-api

Python API for interacting with Glances

nixos-25.11 0.9.0
- nixos-25.11-small 0.9.0
- nixpkgs-25.11-darwin 0.9.0

pkgs.python313Packages.glances-api

Python API for interacting with Glances

nixos-unstable 0.9.0
- nixpkgs-unstable 0.9.0
- nixos-unstable-small 0.9.0
nixos-25.11 0.9.0
- nixos-25.11-small 0.9.0
- nixpkgs-25.11-darwin 0.9.0

pkgs.python314Packages.glances-api

Python API for interacting with Glances

nixos-unstable 0.9.0
- nixpkgs-unstable 0.9.0
- nixos-unstable-small 0.9.0

pkgs.home-assistant-component-tests.glances

Open source home automation that puts local control and privacy first

nixos-25.11 2025.11.3
- nixos-25.11-small 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

pkgs.tests.home-assistant-component-tests.glances

Open source home automation that puts local control and privacy first

nixos-unstable 2026.2.3
- nixpkgs-unstable 2026.2.3
- nixos-unstable-small 2026.2.3

Package maintainers

@primeos Michael Weiss <dev.primeos@gmail.com>
@k0ral Koral <koral@mailoo.org>

https://github.com/nicolargo/glances/security/advisories/GHSA-gh4x-f7cq-wwx6
https://github.com/nicolargo/glances/commit/306a7136154ba5c1531489c99f8306d84eae37da