Jupyter Server
Products
3- 12 CVEs
- 3 CVEs
- 1 CVE
Recent CVEs
16| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44727 | cri | 0.52 | — | 0.00 | Jun 18, 2026 | The nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their `Content-Security-Policy`. Combined with `nbconvert.HTMLExporter`'s default non-sanitizing behavior, a notebook carrying an HTML… | ||
| CVE-2026-44182 | cri | 0.52 | — | 0.00 | Jun 3, 2026 | ### Summary The environment variables used during the rendering of the Kubernetes manifest allow YAML injection, enabling attackers to overwrite existing keys like `securityContext` and inject multi-document YAML to create additional unintended Kubernetes resources. ###… | ||
| CVE-2026-44181 | cri | 0.52 | — | 0.01 | Jun 3, 2026 | ### Summary The environment variables (`KERNEL_XXX`) used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection (SSTI). By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise… | ||
| CVE-2026-44180 | cri | 0.52 | — | 0.00 | Jun 3, 2026 | ### Summary Jupyter Enterprise Gateway has a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 (root). This can be bypassed. It is possible to launch kernels with a prohibited UID and/or GID by using a specially crafted `KERNEL_UID` or… | ||
| CVE-2026-35397 | Hig | 0.50 | 8.8 | 0.01 | May 5, 2026 | Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_dir and access sibling directories whose names begin with the same prefix as the… | ||
| CVE-2026-40110 | Hig | 0.40 | 7.3 | 0.00 | May 5, 2026 | Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pat configuration value. Because re.match() only anchors at the start of the… | ||
| CVE-2026-40934 | Med | 0.37 | 6.8 | 0.00 | May 5, 2026 | Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runtime/jupyter_cookie_secret and is never rotated when a user changes their… | ||
| CVE-2025-61669 | Med | 0.33 | 6.1 | 0.00 | May 5, 2026 | Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._redirect_safe()`, which allows redirects to arbitrary external domains via values… | ||
| CVE-2024-28188 | Med | 0.27 | 5.3 | 0.00 | May 23, 2024 | Jupyter Scheduler is collection of extensions for programming jobs to run now or run on a schedule. The list of conda environments of `jupyter-scheduler` users maybe be exposed, potentially revealing information about projects that a specific user may be working on. This… | ||
| CVE-2024-35178 | 0.00 | — | 0.01 | Jun 6, 2024 | The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain… | |||
| CVE-2023-49080 | 0.00 | — | 0.01 | Dec 4, 2023 | The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can… | |||
| CVE-2023-39968 | 0.00 | — | 0.01 | Aug 28, 2023 | jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter… | |||
| CVE-2023-40170 | 0.00 | — | 0.01 | Aug 28, 2023 | jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in… | |||
| CVE-2022-29241 | 0.00 | — | 0.01 | Jun 14, 2022 | Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of `root_dir` that contains the starting user's home directory, then the… | |||
| CVE-2022-24757 | 0.00 | — | 0.01 | Mar 23, 2022 | The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other… | |||
| CVE-2020-26275 | 0.00 | — | 0.01 | Dec 21, 2020 | The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version 1.1.1, an open redirect vulnerability could cause the jupyter server to redirect… |
- risk 0.52cvss —epss 0.00
The nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their `Content-Security-Policy`. Combined with `nbconvert.HTMLExporter`'s default non-sanitizing behavior, a notebook carrying an HTML…
- risk 0.52cvss —epss 0.00
### Summary The environment variables used during the rendering of the Kubernetes manifest allow YAML injection, enabling attackers to overwrite existing keys like `securityContext` and inject multi-document YAML to create additional unintended Kubernetes resources. ###…
- risk 0.52cvss —epss 0.01
### Summary The environment variables (`KERNEL_XXX`) used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection (SSTI). By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise…
- risk 0.52cvss —epss 0.00
### Summary Jupyter Enterprise Gateway has a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 (root). This can be bypassed. It is possible to launch kernels with a prohibited UID and/or GID by using a specially crafted `KERNEL_UID` or…
- risk 0.50cvss 8.8epss 0.01
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_dir and access sibling directories whose names begin with the same prefix as the…
- risk 0.40cvss 7.3epss 0.00
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pat configuration value. Because re.match() only anchors at the start of the…
- risk 0.37cvss 6.8epss 0.00
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runtime/jupyter_cookie_secret and is never rotated when a user changes their…
- risk 0.33cvss 6.1epss 0.00
Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._redirect_safe()`, which allows redirects to arbitrary external domains via values…
- risk 0.27cvss 5.3epss 0.00
Jupyter Scheduler is collection of extensions for programming jobs to run now or run on a schedule. The list of conda environments of `jupyter-scheduler` users maybe be exposed, potentially revealing information about projects that a specific user may be working on. This…
- CVE-2024-35178Jun 6, 2024risk 0.00cvss —epss 0.01
The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain…
- CVE-2023-49080Dec 4, 2023risk 0.00cvss —epss 0.01
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can…
- CVE-2023-39968Aug 28, 2023risk 0.00cvss —epss 0.01
jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter…
- CVE-2023-40170Aug 28, 2023risk 0.00cvss —epss 0.01
jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in…
- CVE-2022-29241Jun 14, 2022risk 0.00cvss —epss 0.01
Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of `root_dir` that contains the starting user's home directory, then the…
- CVE-2022-24757Mar 23, 2022risk 0.00cvss —epss 0.01
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other…
- CVE-2020-26275Dec 21, 2020risk 0.00cvss —epss 0.01
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version 1.1.1, an open redirect vulnerability could cause the jupyter server to redirect…