jupyterhub

Top products

The 15 most recently published vulnerabilities affecting jupyterhub.

• CVE-2026-40864JupyterHub: Cross-origin form POSTs bypass XSRF5.4May 22, 2026
• CVE-2026-34052LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)5.9Apr 3, 2026
• CVE-2026-33175OAuthenticator: Authentication Bypass in Auth0OAuthenticator via Unverified Email Claims8.8Apr 3, 2026
• CVE-2025-32428Jupyter Remote Desktop Proxy makes TigerVNC accessible via the network and not just via a UNIX socket as intended9.6Apr 14, 2025
• CVE-2023-25574JupyterHub's LTI13Authenticator: JWT signature not validated10.0Feb 25, 2025
• CVE-2024-41942JupyterHub has a privilege escalation vulnerability with the `admin:users` scope7.2Aug 8, 2024
• CVE-2024-37300Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.08.1Jun 12, 2024
• CVE-2024-35225Jupyter Server Proxy has a reflected XSS issue in host parameter9.6Jun 11, 2024
• CVE-2024-28233XSS in JupyterHub via Self-XSS leveraged by Cookie Tossing8.1Mar 27, 2024
• CVE-2024-29033GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace7.5Mar 20, 2024
• CVE-2024-28179Jupyter Server Proxy's Websocket Proxying does not require authentication9.0Mar 20, 2024
• CVE-2023-48311Any image allowed by default8.0Dec 8, 2023
• CVE-2022-31027Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator in oauthenticator4.2Jun 6, 2022
• CVE-2022-21697SSRF vulnerability (requires authentication)6.3Jan 25, 2022
• CVE-2021-41247incomplete logout in JupyterHub3.5Nov 4, 2021