VYPR

Vendor CVEs

Jupyter

All CVEs

62 total · sorted by risk
  • CVE-2026-42557CriMay 13, 2026
    risk 0.55cvss 9.6epss 0.00

    jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker…

  • CVE-2026-5422HigJun 2, 2026
    risk 0.53cvss 8.1epss 0.00

    A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.py. The check uses startswith(root) without appending a trailing path separator,…

  • CVE-2025-32428CriApr 15, 2025
    risk 0.52cvss epss 0.01

    Jupyter Remote Desktop Proxy allows you to run a Linux Desktop on a JupyterHub. jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by…

  • CVE-2026-42266HigMay 13, 2026
    risk 0.50cvss 8.8epss 0.01

    JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions_uris) is not correctly enforced…

  • CVE-2026-35397HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.01

    Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_dir and access sibling directories whose names begin with the same prefix as the…

  • CVE-2026-33175HigApr 3, 2026
    risk 0.50cvss 8.8epss 0.00

    OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. Prior to version 17.4.0, an authentication bypass vulnerability in oauthenticator allows an attacker with an unverified email address on an Auth0 tenant to login to…

  • CVE-2026-40171HigMay 6, 2026
    risk 0.48cvss epss 0.00

    In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be…

  • CVE-2024-37300HigJun 12, 2024
    risk 0.46cvss 8.1epss 0.00

    OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. JupyterHub < 5.0, when used with `GlobusOAuthenticator`, could be configured to allow all users from a particular institution only. This worked fine prior to JupyterHub…

  • CVE-2023-5912MedApr 5, 2024
    risk 0.44cvss 6.7epss 0.00

    A potential memory leakage vulnerability was reported in some Lenovo Notebook products that may allow a local attacker with elevated privileges to write to NVRAM variables.

  • CVE-2025-30370HigApr 3, 2025
    risk 0.41cvss 7.4epss 0.01

    jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $(). These directory names are allowed in macOS and a…

  • CVE-2026-6657MedJun 3, 2026
    risk 0.40cvss 6.1epss 0.00

    A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the `allow_origin_pat` configuration is used. The issue arises from the use of `re.match()` for validating the `Origin` header, which only anchors at the…

  • CVE-2026-40110HigMay 5, 2026
    risk 0.40cvss 7.3epss 0.00

    Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pat configuration value. Because re.match() only anchors at the start of the…

  • CVE-2026-54528higJun 19, 2026
    risk 0.38cvss epss

    ## Summary `jupyterlab-git` 0.53.0 (latest, 2026-04-30) uses `fnmatch.fnmatchcase()` in `GitHandler.prepare()` (`jupyterlab_git/handlers.py:91`) to enforce the admin-configured `excluded_paths` security control. Because `fnmatchcase` is unconditionally case-sensitive, an…

  • CVE-2026-54527higJun 19, 2026
    risk 0.38cvss epss

    Overview Amazon Web Services (AWS) Security has identified a stored cross-site scripting (XSS) issue in the jupyterlab-git JupyterLab extension that can lead to remote code execution (RCE). The issue exists in the PlainTextDiff.ts component, where the createHeader() method…

  • CVE-2025-23205MedJan 17, 2025
    risk 0.38cvss epss 0.00

    nbgrader is a system for assigning and grading notebooks. Enabling frame-ancestors: 'self' grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default JupyterHub configuration…

  • CVE-2026-40934MedMay 5, 2026
    risk 0.37cvss 6.8epss 0.00

    Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runtime/jupyter_cookie_secret and is never rotated when a user changes their…

  • CVE-2026-39378MedApr 21, 2026
    risk 0.35cvss 6.5epss 0.00

    The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when `HTMLExporter.embed_images=True`, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references.…

  • CVE-2026-39377MedApr 21, 2026
    risk 0.35cvss 6.5epss 0.00

    The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment…

  • CVE-2026-33709MedApr 3, 2026
    risk 0.33cvss 6.1epss 0.00

    JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to version 5.4.4, an open redirect vulnerability in JupyterHub allows attackers to construct links which, when clicked, take users to the JupyterHub login page, after which they are…

  • CVE-2026-34052MedApr 3, 2026
    risk 0.31cvss 5.9epss 0.00

    LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid…

  • CVE-2026-40864MedMay 22, 2026
    risk 0.28cvss 5.4epss 0.00

    JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection (updated in 4.1.0) inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The…

  • CVE-2026-6658Jun 27, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in jupyter/nbconvert versions <= 7.17.0 allows for Cross-site Scripting (XSS) via unsanitized `text/vnd.mermaid` output in HTML exports. The `data_mermaid` block in `share/templates/lab/base.html.j2` renders `text/vnd.mermaid` cell output directly into HTML…

  • CVE-2025-53000Dec 17, 2025
    risk 0.00cvss epss 0.00

    The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized…

  • CVE-2025-59842Sep 26, 2025
    risk 0.00cvss epss 0.00

    jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to version 4.4.8, links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include…

  • CVE-2025-30167Jun 3, 2025
    risk 0.00cvss epss 0.00

    Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow…

  • CVE-2023-25574Feb 25, 2025
    risk 0.00cvss epss 0.00

    `jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was introduced in `jupyterhub-ltiauthenticator` 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a…

  • CVE-2024-43805Aug 28, 2024
    risk 0.00cvss epss 0.00

    jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature.…

  • CVE-2024-41942Aug 8, 2024
    risk 0.00cvss epss 0.01

    JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the `admin:users` scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively…

  • CVE-2024-39700Jul 16, 2024
    risk 0.00cvss epss 0.01

    JupyterLab extension template is a `copier` template for JupyterLab extensions. Repositories created using this template with `test` option include `update-integration-tests.yml` workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged…

  • CVE-2024-35225Jun 11, 2024
    risk 0.00cvss epss 0.00

    Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The `/proxy` endpoint…

  • CVE-2024-28233Mar 27, 2024
    risk 0.00cvss epss 0.00

    JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former's session. More precisely, in the context of JupyterHub, this XSS could achieve full access…

  • CVE-2024-29033Mar 20, 2024
    risk 0.00cvss epss 0.01

    OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. `GoogleOAuthenticator.hosted_domain` is used to restrict what Google accounts can be authorized access to a…

  • CVE-2024-28179Mar 20, 2024
    risk 0.00cvss epss 0.01

    Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. Prior to versions 3.2.3 and 4.1.1, Jupyter Server Proxy did not check user authentication appropriately when proxying websockets,…

  • CVE-2024-22420Jan 19, 2024
    risk 0.00cvss epss 0.01

    JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access…

  • CVE-2024-22421Jan 19, 2024
    risk 0.00cvss epss 0.01

    JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken` tokens exposed to a third party when running an…

  • CVE-2022-3431Oct 9, 2023
    risk 0.00cvss epss 0.00

    A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

  • CVE-2023-34419Aug 17, 2023
    risk 0.00cvss epss 0.00

    A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

  • CVE-2023-4028Aug 17, 2023
    risk 0.00cvss epss 0.00

    A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

  • CVE-2022-1890Jan 23, 2023
    risk 0.00cvss epss 0.00

    A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

  • CVE-2022-4020Nov 28, 2022
    risk 0.00cvss epss 0.00

    Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.

  • CVE-2022-39286Oct 26, 2022
    risk 0.00cvss epss 0.01

    Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows…

  • CVE-2021-32862Aug 18, 2022
    risk 0.00cvss epss 0.01

    The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting (XSS)…

  • CVE-2022-29238Jun 14, 2022
    risk 0.00cvss epss 0.01

    Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, not accessing individual…

  • CVE-2022-31027Jun 6, 2022
    risk 0.00cvss epss 0.00

    OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The…

  • CVE-2022-24758Mar 31, 2022
    risk 0.00cvss epss 0.01

    The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter…

  • CVE-2022-21697Jan 25, 2022
    risk 0.00cvss epss 0.01

    Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery (SSRF). Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is…

  • CVE-2021-41247Nov 4, 2021
    risk 0.00cvss epss 0.01

    JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials (for the single-user server only, not…

  • CVE-2021-41134Nov 3, 2021
    risk 0.00cvss epss 0.01

    nbdime provides tools for diffing and merging of Jupyter Notebooks. In affected versions a stored cross-site scripting (XSS) issue exists within the Jupyter-owned nbdime project. It appears that when reading the file name and path from disk, the extension does not sanitize the…

  • CVE-2021-39159Aug 25, 2021
    risk 0.00cvss epss 0.02

    BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with…

  • CVE-2021-32798Aug 9, 2021
    risk 0.00cvss epss 0.02

    The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an…

Page 1 of 2