VYPR

Notebook

by Jupyter

pypi: notebook

Source repositories

CVEs (17)

  • CVE-2026-42557CriMay 13, 2026
    risk 0.55cvss 9.6epss 0.00

    jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker…

  • CVE-2026-40171HigMay 6, 2026
    risk 0.48cvss epss 0.00

    In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be…

  • CVE-2023-5912MedApr 5, 2024
    risk 0.44cvss 6.7epss 0.00

    A potential memory leakage vulnerability was reported in some Lenovo Notebook products that may allow a local attacker with elevated privileges to write to NVRAM variables.

  • CVE-2022-3431Oct 9, 2023
    risk 0.00cvss epss 0.00

    A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

  • CVE-2023-34419Aug 17, 2023
    risk 0.00cvss epss 0.00

    A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

  • CVE-2023-4028Aug 17, 2023
    risk 0.00cvss epss 0.00

    A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

  • CVE-2022-1890Jan 23, 2023
    risk 0.00cvss epss 0.00

    A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

  • CVE-2022-4020Nov 28, 2022
    risk 0.00cvss epss 0.00

    Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.

  • CVE-2022-29238Jun 14, 2022
    risk 0.00cvss epss 0.01

    Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, not accessing individual…

  • CVE-2022-24758Mar 31, 2022
    risk 0.00cvss epss 0.01

    The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter…

  • CVE-2021-32798Aug 9, 2021
    risk 0.00cvss epss 0.02

    The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an…

  • CVE-2020-26215Nov 18, 2020
    risk 0.00cvss epss 0.01

    Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be…

  • CVE-2019-10856Apr 4, 2019
    risk 0.00cvss epss 0.01

    In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255.

  • CVE-2019-10255Mar 28, 2019
    risk 0.00cvss epss 0.02

    An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url…

  • CVE-2019-9644Mar 12, 2019
    risk 0.00cvss epss 0.02

    An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer…

  • CVE-2015-7337Sep 29, 2015
    risk 0.00cvss epss 0.02

    The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.

  • CVE-2015-6938Sep 21, 2015
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported…