VYPR

Bitnami package

jupyter-notebook

pkg:bitnami/jupyter-notebook

Vulnerabilities (9)

  • CVE-2026-42557CriMay 13, 2026
    affected >= 7.0.0, < 7.5.6fixed 7.5.6

    jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker li

  • CVE-2026-40171HigMay 6, 2026
    affected >= 7.0.0, < 7.5.6fixed 7.5.6

    In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be ch

  • CVE-2024-43805Aug 28, 2024
    affected >= 7.0.0, < 7.2.2fixed 7.2.2

    jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A

  • CVE-2024-22420Jan 19, 2024
    affected >= 7.0.0, < 7.0.7fixed 7.0.7

    JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access an

  • CVE-2024-22421Jan 19, 2024
    affected >= 7.0.0, < 7.0.7fixed 7.0.7

    JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken` tokens exposed to a third party when running an olde

  • CVE-2022-29238Jun 14, 2022
    affected < 6.4.12fixed 6.4.12

    Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, not accessing individual h

  • CVE-2022-24758Mar 31, 2022
    affected < 6.4.10fixed 6.4.10

    The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter ser

  • CVE-2021-32798Aug 9, 2021
    affected >= 5.7.0, < 5.7.11fixed 5.7.11

    The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an

  • CVE-2020-26215Nov 18, 2020
    affected < 6.1.5fixed 6.1.5

    Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasona