Every CVE whose affected-product data names Glance Project Glance, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2022-31546 — CVSS 9.3 (critical): The nlpweb/glance repository through 2014-06-27 on GitHub allows absolute path traversal because the Flask send_file function is used…
CVE-2018-3715 — CVSS 6.5 (medium): glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a…
CVE-2022-25937 — CVSS 6.5 (medium): Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root…
CVE-2018-3748 — CVSS 6.1 (medium): There is a Stored XSS vulnerability in the glance node module versions <= 3.0.5. File name, which contains malicious HTML (eg. embedded…