VYPR

Jupyterlab Git

by Jupyter

Source repositories

CVEs (3)

  • CVE-2025-30370HigApr 3, 2025
    risk 0.41cvss 7.4epss 0.01

    jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $(). These directory names are allowed in macOS and a…

  • CVE-2026-54528higJun 19, 2026
    risk 0.38cvss epss 0.00

    ## Summary `jupyterlab-git` 0.53.0 (latest, 2026-04-30) uses `fnmatch.fnmatchcase()` in `GitHandler.prepare()` (`jupyterlab_git/handlers.py:91`) to enforce the admin-configured `excluded_paths` security control. Because `fnmatchcase` is unconditionally case-sensitive, an…

  • CVE-2026-54527higJun 19, 2026
    risk 0.38cvss epss 0.00

    Overview Amazon Web Services (AWS) Security has identified a stored cross-site scripting (XSS) issue in the jupyterlab-git JupyterLab extension that can lead to remote code execution (RCE). The issue exists in the PlainTextDiff.ts component, where the createHeader() method…