Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting jupyter.
- CVE-2026-6657CORS Origin Validation Bypass in jupyter-server6.1
- CVE-2026-5422Path Traversal in jupyter/jupyter8.1
- CVE-2026-40864JupyterHub: Cross-origin form POSTs bypass XSRF5.4
- CVE-2026-42266JupyterLab has an Extension Manager API/GUI Policy Discrepancy allowing 3rd party (malicious) extensions install via POST request.8.8
- CVE-2026-42557jupyterlab: Command linker attributes in HTML enable one-click command execution from untrusted content9.6
- CVE-2026-40934jupyter-server authentication cookies remain valid after password reset due to static cookie secret6.8
- CVE-2026-40110jupyter-server CORS origin validation bypass via unanchored regex in allow_origin_pat7.3
- CVE-2026-35397jupyter-server path traversal allows access to sibling directories sharing root_dir name prefix8.8
- CVE-2025-61669jupyter_server next parameter open redirect can redirect users to external domains6.1
- CVE-2026-39378nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding6.5
- CVE-2026-39377nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames6.5
- CVE-2026-34052LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)5.9
- CVE-2026-33175OAuthenticator: Authentication Bypass in Auth0OAuthenticator via Unverified Email Claims8.8
- CVE-2025-53000nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows7.8
- CVE-2025-59842JupyterLab LaTeX typesetter links did not enforce `noopener` attribute4.3