VYPR

Nbconvert

by Jupyter

pypi: nbconvert

Source repositories

CVEs (5)

  • CVE-2026-39378MedApr 21, 2026
    risk 0.35cvss 6.5epss 0.00

    The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when `HTMLExporter.embed_images=True`, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references.…

  • CVE-2026-39377MedApr 21, 2026
    risk 0.35cvss 6.5epss 0.00

    The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment…

  • CVE-2026-6658Jun 27, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in jupyter/nbconvert versions <= 7.17.0 allows for Cross-site Scripting (XSS) via unsanitized `text/vnd.mermaid` output in HTML exports. The `data_mermaid` block in `share/templates/lab/base.html.j2` renders `text/vnd.mermaid` cell output directly into HTML…

  • CVE-2025-53000Dec 17, 2025
    risk 0.00cvss epss 0.00

    The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized…

  • CVE-2021-32862Aug 18, 2022
    risk 0.00cvss epss 0.01

    The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting (XSS)…