Bitnami package
jupyter-notebook
pkg:bitnami/jupyter-notebook
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-42557 | Cri | 9.6 | >= 7.0.0, < 7.5.6 | 7.5.6 | May 13, 2026 | jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker li | |
| CVE-2026-40171 | Hig | — | >= 7.0.0, < 7.5.6 | 7.5.6 | May 6, 2026 | In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be ch | |
| CVE-2024-43805 | — | >= 7.0.0, < 7.2.2 | 7.2.2 | Aug 28, 2024 | jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A | ||
| CVE-2024-22420 | — | >= 7.0.0, < 7.0.7 | 7.0.7 | Jan 19, 2024 | JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access an | ||
| CVE-2024-22421 | — | >= 7.0.0, < 7.0.7 | 7.0.7 | Jan 19, 2024 | JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken` tokens exposed to a third party when running an olde | ||
| CVE-2022-29238 | — | < 6.4.12 | 6.4.12 | Jun 14, 2022 | Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, not accessing individual h | ||
| CVE-2022-24758 | — | < 6.4.10 | 6.4.10 | Mar 31, 2022 | The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter ser | ||
| CVE-2021-32798 | — | >= 5.7.0, < 5.7.11 | 5.7.11 | Aug 9, 2021 | The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an | ||
| CVE-2020-26215 | — | < 6.1.5 | 6.1.5 | Nov 18, 2020 | Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasona |
- affected >= 7.0.0, < 7.5.6fixed 7.5.6
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker li
- affected >= 7.0.0, < 7.5.6fixed 7.5.6
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be ch
- CVE-2024-43805Aug 28, 2024affected >= 7.0.0, < 7.2.2fixed 7.2.2
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A
- CVE-2024-22420Jan 19, 2024affected >= 7.0.0, < 7.0.7fixed 7.0.7
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access an
- CVE-2024-22421Jan 19, 2024affected >= 7.0.0, < 7.0.7fixed 7.0.7
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken` tokens exposed to a third party when running an olde
- CVE-2022-29238Jun 14, 2022affected < 6.4.12fixed 6.4.12
Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, not accessing individual h
- CVE-2022-24758Mar 31, 2022affected < 6.4.10fixed 6.4.10
The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter ser
- CVE-2021-32798Aug 9, 2021affected >= 5.7.0, < 5.7.11fixed 5.7.11
The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an
- CVE-2020-26215Nov 18, 2020affected < 6.1.5fixed 6.1.5
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasona