VYPR

apk package

chainguard/tensorflow-gpu-jupyter

pkg:apk/chainguard/tensorflow-gpu-jupyter

Vulnerabilities (38)

  • CVE-2026-44727criJun 18, 2026
    affected < 2.21.0-r6fixed 2.21.0-r6

    The nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their `Content-Security-Policy`. Combined with `nbconvert.HTMLExporter`'s default non-sanitizing behavior, a notebook carrying an HTML payloa

  • CVE-2026-49854lowJun 12, 2026
    affected < 2.21.0-r5fixed 2.21.0-r5

    ### Summary Tornado's optional native extension `tornado.speedups` implements `websocket_mask` without validating that the `mask` argument is exactly four bytes long. The C function reads four bytes from `mask` unconditionally, even when Python passes a shorter byte string. This

  • CVE-2026-45409MedJun 5, 2026
    affected < 2.21.0-r6fixed 2.21.0-r6

    Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as `"\u0660" * N` or `"\u30fb" * N + "\u6f22"` utilize t

  • CVE-2026-44432HigMay 13, 2026
    affected < 2.21.0-r6fixed 2.21.0-r6

    urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) w

  • CVE-2026-44431MedMay 13, 2026
    affected < 2.21.0-r6fixed 2.21.0-r6

    urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.

  • CVE-2026-40171HigMay 6, 2026
    affected < 2.21.0-r2fixed 2.21.0-r2

    In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be ch

  • CVE-2026-6357MedApr 27, 2026
    affected < 2.21.0-r4fixed 2.21.0-r4

    pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update funct

  • CVE-2026-39378MedApr 21, 2026
    affected < 2.21.0-r3fixed 2.21.0-r3

    The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when `HTMLExporter.embed_images=True`, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references.

  • CVE-2026-39377MedApr 21, 2026
    affected < 2.21.0-r3fixed 2.21.0-r3

    The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment

  • CVE-2026-3219MedApr 20, 2026
    affected < 2.21.0-r4fixed 2.21.0-r4

    pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior

  • CVE-2026-25645Mar 25, 2026
    affected < 2.21.0-r2fixed 2.21.0-r2

    Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without valid

  • CVE-2026-4539LowMar 22, 2026
    affected < 2.21.0-r2fixed 2.21.0-r2

    A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit

  • CVE-2026-31958HigMar 11, 2026
    affected < 2.21.0-r1fixed 2.21.0-r1

    Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the max_body_size setting (default 100MB). Since parsing occurs synchronously on the main thread, this cre

  • CVE-2026-27199Feb 21, 2026
    affected < 2.20.0-r11fixed 2.20.0-r11

    Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safe_join function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account f

  • CVE-2026-1669Feb 11, 2026
    affected < 2.20.0-r10fixed 2.20.0-r10

    Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras model file utilizing HDF5 external dataset

  • CVE-2026-25990HigFeb 11, 2026
    affected < 2.20.0-r10fixed 2.20.0-r10

    Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

  • CVE-2026-1703LowFeb 2, 2026
    affected < 2.20.0-r9fixed 2.20.0-r9

    When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situat

  • CVE-2026-0994HigJan 23, 2026
    affected < 2.20.0-r9fixed 2.20.0-r9

    A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling l

  • CVE-2026-24049Jan 22, 2026
    affected < 2.20.0-r8fixed 2.20.0-r8

    wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the fil

  • CVE-2026-23949Jan 20, 2026
    affected < 2.20.0-r8fixed 2.20.0-r8

    jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the `jaraco.context.tarball()` function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow atta

Page 1 of 2