Open Notebook
Sign in to watchby Lfnovo
Source repositories
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-33587 | Cri | 0.65 | 10.0 | 0.00 | May 7, 2026 | Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations. | |
| CVE-2026-33588 | Hig | 0.53 | 8.1 | 0.00 | May 7, 2026 | Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal. | |
| CVE-2026-28201 | Hig | 0.51 | 7.8 | 0.00 | May 7, 2026 | An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration is also possible. | |
| CVE-2026-33589 | Med | 0.42 | 6.5 | 0.00 | May 7, 2026 | Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal. |