apk package
chainguard/jupyter-base-notebook-oci-entrypoint
pkg:apk/chainguard/jupyter-base-notebook-oci-entrypoint
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-53000 | — | < 0.0.0_git20251220-r0 | 0.0.0_git20251220-r0 | Dec 17, 2025 | The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized c | ||
| CVE-2025-59842 | — | < 0.0.0_git20251013-r0 | 0.0.0_git20251013-r0 | Sep 26, 2025 | jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to version 4.4.8, links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include t | ||
| CVE-2025-50182 | — | < 0.0.0_git20251013-r0 | 0.0.0_git20251013-r0 | Jun 19, 2025 | urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpReque | ||
| CVE-2025-30167 | — | < 0.0.0_git20251013-r0 | 0.0.0_git20251013-r0 | Jun 3, 2025 | Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow u | ||
| CVE-2025-47287 | — | < 0.0.0_git20251013-r0 | 0.0.0_git20251013-r0 | May 15, 2025 | Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high vo | ||
| CVE-2025-27516 | — | < 0.0.0_git20251013-r0 | 0.0.0_git20251013-r0 | Mar 5, 2025 | Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker nee |
- CVE-2025-53000Dec 17, 2025affected < 0.0.0_git20251220-r0fixed 0.0.0_git20251220-r0
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized c
- CVE-2025-59842Sep 26, 2025affected < 0.0.0_git20251013-r0fixed 0.0.0_git20251013-r0
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to version 4.4.8, links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include t
- CVE-2025-50182Jun 19, 2025affected < 0.0.0_git20251013-r0fixed 0.0.0_git20251013-r0
urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpReque
- CVE-2025-30167Jun 3, 2025affected < 0.0.0_git20251013-r0fixed 0.0.0_git20251013-r0
Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow u
- CVE-2025-47287May 15, 2025affected < 0.0.0_git20251013-r0fixed 0.0.0_git20251013-r0
Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high vo
- CVE-2025-27516Mar 5, 2025affected < 0.0.0_git20251013-r0fixed 0.0.0_git20251013-r0
Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker nee