{"url":"http://public2.vulnerablecode.io/api/packages/43348?format=json","purl":"pkg:deb/debian/glances@0?distro=trixie","type":"deb","namespace":"debian","name":"glances","version":"0","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"3.2.3.1+dfsg-1","latest_non_vulnerable_version":"4.5.5+dfsg-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66487?format=json","vulnerability_id":"VCID-8x7t-qctq-ufgp","summary":"Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances configuration file (glances.conf) via self.config.as_dict() with no filtering of sensitive values. The configuration file contains credentials for all configured backend services including database passwords, API tokens, JWT signing keys, and SSL key passwords. This vulnerability is fixed in 4.5.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30928","reference_id":"","reference_type":"","scores":[{"value":"0.0667","scoring_system":"epss","scoring_elements":"0.91468","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0667","scoring_system":"epss","scoring_elements":"0.91471","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0667","scoring_system":"epss","scoring_elements":"0.91463","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0667","scoring_system":"epss","scoring_elements":"0.91432","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30928"},{"reference_url":"https://github.com/nicolargo/glances","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nicolargo/glances"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130503","reference_id":"1130503","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130503"},{"reference_url":"https://github.com/nicolargo/glances/commit/306a7136154ba5c1531489c99f8306d84eae37da","reference_id":"306a7136154ba5c1531489c99f8306d84eae37da","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T16:39:47Z/"}],"url":"https://github.com/nicolargo/glances/commit/306a7136154ba5c1531489c99f8306d84eae37da"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30928","reference_id":"CVE-2026-30928","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30928"},{"reference_url":"https://github.com/advisories/GHSA-gh4x-f7cq-wwx6","reference_id":"GHSA-gh4x-f7cq-wwx6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gh4x-f7cq-wwx6"},{"reference_url":"https://github.com/nicolargo/glances/security/advisories/GHSA-gh4x-f7cq-wwx6","reference_id":"GHSA-gh4x-f7cq-wwx6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T16:39:47Z/"}],"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-gh4x-f7cq-wwx6"},{"reference_url":"https://github.com/nicolargo/glances/releases/tag/v4.5.1","reference_id":"v4.5.1","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T16:39:47Z/"}],"url":"https://github.com/nicolargo/glances/releases/tag/v4.5.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43348?format=json","purl":"pkg:deb/debian/glances@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glances@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/43344?format=json","purl":"pkg:deb/debian/glances@3.3.1.1%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zjq-8g1r-rkbb"},{"vulnerability":"VCID-35gx-y6hg-qfe7"},{"vulnerability":"VCID-6bdp-jdhy-xygt"},{"vulnerability":"VCID-7quj-ty9f-b3d9"},{"vulnerability":"VCID-drjj-2c7n-huhs"},{"vulnerability":"VCID-e92n-p49s-dyez"},{"vulnerability":"VCID-f64n-cvxz-x7du"},{"vulnerability":"VCID-fs9k-827n-rbc3"},{"vulnerability":"VCID-ghkc-afh4-jkgr"},{"vulnerability":"VCID-q9ky-1rvd-cygm"},{"vulnerability":"VCID-s51f-vm48-a3gd"},{"vulnerability":"VCID-svpw-cbx8-aqe9"},{"vulnerability":"VCID-vym9-cue3-3qc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glances@3.3.1.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/43349?format=json","purl":"pkg:deb/debian/glances@4.5.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glances@4.5.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/43346?format=json","purl":"pkg:deb/debian/glances@4.5.4%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glances@4.5.4%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1206453?format=json","purl":"pkg:deb/debian/glances@4.5.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glances@4.5.5%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-30928","GHSA-gh4x-f7cq-wwx6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8x7t-qctq-ufgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66498?format=json","vulnerability_id":"VCID-h1um-9b55-4qht","summary":"Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize() method wraps string values in single quotes but does not escape embedded single quotes, making SQL injection trivial via attacker-controlled data such as process names, filesystem mount points, network interface names, or container names. This vulnerability is fixed in 4.5.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30930","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10508","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10533","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10532","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10478","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30930"},{"reference_url":"https://github.com/nicolargo/glances","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nicolargo/glances"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130504","reference_id":"1130504","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130504"},{"reference_url":"https://github.com/nicolargo/glances/commit/39161f0d6fd723d83f534b48f24cdca722573336","reference_id":"39161f0d6fd723d83f534b48f24cdca722573336","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-10T16:40:20Z/"}],"url":"https://github.com/nicolargo/glances/commit/39161f0d6fd723d83f534b48f24cdca722573336"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30930","reference_id":"CVE-2026-30930","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30930"},{"reference_url":"https://github.com/advisories/GHSA-x46r-mf5g-xpr6","reference_id":"GHSA-x46r-mf5g-xpr6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x46r-mf5g-xpr6"},{"reference_url":"https://github.com/nicolargo/glances/security/advisories/GHSA-x46r-mf5g-xpr6","reference_id":"GHSA-x46r-mf5g-xpr6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-10T16:40:20Z/"}],"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-x46r-mf5g-xpr6"},{"reference_url":"https://github.com/nicolargo/glances/releases/tag/v4.5.1","reference_id":"v4.5.1","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-10T16:40:20Z/"}],"url":"https://github.com/nicolargo/glances/releases/tag/v4.5.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43348?format=json","purl":"pkg:deb/debian/glances@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glances@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/43344?format=json","purl":"pkg:deb/debian/glances@3.3.1.1%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zjq-8g1r-rkbb"},{"vulnerability":"VCID-35gx-y6hg-qfe7"},{"vulnerability":"VCID-6bdp-jdhy-xygt"},{"vulnerability":"VCID-7quj-ty9f-b3d9"},{"vulnerability":"VCID-drjj-2c7n-huhs"},{"vulnerability":"VCID-e92n-p49s-dyez"},{"vulnerability":"VCID-f64n-cvxz-x7du"},{"vulnerability":"VCID-fs9k-827n-rbc3"},{"vulnerability":"VCID-ghkc-afh4-jkgr"},{"vulnerability":"VCID-q9ky-1rvd-cygm"},{"vulnerability":"VCID-s51f-vm48-a3gd"},{"vulnerability":"VCID-svpw-cbx8-aqe9"},{"vulnerability":"VCID-vym9-cue3-3qc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glances@3.3.1.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/43347?format=json","purl":"pkg:deb/debian/glances@4.3.1%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zjq-8g1r-rkbb"},{"vulnerability":"VCID-35gx-y6hg-qfe7"},{"vulnerability":"VCID-6bdp-jdhy-xygt"},{"vulnerability":"VCID-7quj-ty9f-b3d9"},{"vulnerability":"VCID-8x7t-qctq-ufgp"},{"vulnerability":"VCID-drjj-2c7n-huhs"},{"vulnerability":"VCID-e92n-p49s-dyez"},{"vulnerability":"VCID-f64n-cvxz-x7du"},{"vulnerability":"VCID-fs9k-827n-rbc3"},{"vulnerability":"VCID-ghkc-afh4-jkgr"},{"vulnerability":"VCID-q9ky-1rvd-cygm"},{"vulnerability":"VCID-s51f-vm48-a3gd"},{"vulnerability":"VCID-svpw-cbx8-aqe9"},{"vulnerability":"VCID-vym9-cue3-3qc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glances@4.3.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/43349?format=json","purl":"pkg:deb/debian/glances@4.5.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glances@4.5.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/43346?format=json","purl":"pkg:deb/debian/glances@4.5.4%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glances@4.5.4%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1206453?format=json","purl":"pkg:deb/debian/glances@4.5.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glances@4.5.5%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-30930","GHSA-x46r-mf5g-xpr6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h1um-9b55-4qht"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/glances@0%3Fdistro=trixie"}