Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how jupyter compares to other vendors in security performance

View Risk Score →

pip/jupyter-serverjupyter-server authentication cookies remain valid after password reset due to static cookie secret

Risk 56
Severity
7.6
First published (updated )
CVE-2026-40934

pip/jupyter-serverjupyter-server CORS origin validation bypass via unanchored regex in allow_origin_pat

Risk 63
Severity
7.6
First published (updated )
CVE-2026-40110

pip/jupyter-serverjupyter-server path traversal allows access to sibling directories sharing root_dir name prefix

Risk 79
Severity
7.6
First published (updated )
CVE-2026-35397

pypi/jupyter_serverjupyter_server next parameter open redirect can redirect users to external domains

Risk 39
Severity
6.3
First published (updated )
CVE-2025-61669

pypi/nbconvertnbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding

Risk 37
Severity
6.5
First published (updated )
CVE-2026-39378
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

pypi/nbconvertnbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames

Risk 37
Severity
6.5
First published (updated )
CVE-2026-39377

pip/jupyterhub-ltiauthenticatorLTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)

Risk 35
Severity
5.9
First published (updated )
CVE-2026-34052

pip/jupyterhubJupyterHub has an Open Redirect Vulnerability

Risk 38
Severity
5.1
First published (updated )
CVE-2026-33709

pip/oauthenticatorOAuthenticator: Authentication Bypass in Auth0OAuthenticator via Unverified Email Claims

Risk 79
Severity
8.8
First published (updated )
CVE-2026-33175

pypi/nbconvertnbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows

Risk 72
Severity
8.5
First published (updated )
CVE-2025-53000
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

pip/jupyterlabJupyterLab LaTeX typesetter links did not enforce `noopener` attribute

Risk 22
Severity
4.3
First published (updated )
CVE-2025-59842

jupyter JupyterLabJupyterLab Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Risk 38
First published (updated )
Advisory
ZDI-25-339

Project Jupyter Jupyter CoreJupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Risk 64
Severity
7.3
First published (updated )
CVE-2025-30167

pip/jupyterhub-ltiauthenticatorJupyterHub's LTI13Authenticator: JWT signature not validated

Risk 87
Severity
10
First published (updated )
CVE-2023-25574

pip/jupyterlabHTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering

Risk 60
Severity
7.6
First published (updated )
CVE-2024-43805
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

jupyter JupyterHubJupyterHub has a privilege escalation vulnerability with the `admin:users` scope

Risk 69
Severity
7.2
First published (updated )
CVE-2024-41942

Project Jupyter JupyterLab extension templateRemote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action

Risk 83
Severity
10
First published (updated )
CVE-2024-39700

pip/jupyter-server-proxyJupyter Server Proxy has a reflected XSS issue in host parameter

Risk 84
Severity
9.7
First published (updated )
CVE-2024-35225

pip/jupyter_serverJupyter server on Windows discloses Windows user password hash

Risk 45
Severity
7.5
First published (updated )
CVE-2024-35178

pip/jupyterhubXSS in JupyterHub via Self-XSS leveraged by Cookie Tossing

Risk 43
Severity
8.1
EPSS
0.04%
First published (updated )
CVE-2024-28233
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

pip/oauthenticatorGoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace

Risk 48
Severity
9.1
EPSS
0.04%
First published (updated )
CVE-2024-29033

pip/jupyter-server-proxyJupyter Server Proxy's Websocket Proxying does not require authentication

Risk 62
Severity
9.8
EPSS
0.04%
First published (updated )
CVE-2024-28179

pip/jupyterlabPotential authentication and CSRF tokens leak in JupyterLab

Risk 42
Severity
7.6
EPSS
0.06%
First published (updated )
CVE-2024-22421

pip/notebookStored cross site scripting in Markdown Preview in JupyterLab

Risk 28
Severity
6.5
EPSS
0.05%
First published (updated )
CVE-2024-22420

jupyter Language Server Protocol Integration JupyterUnsecured endpoints in the jupyter-lsp server extension

Risk 62
Severity
9.8
EPSS
0.09%
First published (updated )
CVE-2024-22415
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

jupyter dockerspawnerAny image allowed by default

Risk 73
Severity
8
First published (updated )
CVE-2023-48311

IBM Watson Studio on Cloud Pak for DataJupyter Server errors include tracebacks with path information

Risk 23
Severity
4.3
First published (updated )
CVE-2023-49080

pip/jupyter-serverOpen Redirect Vulnerability in jupyter-server

Risk 39
Severity
6.1
First published (updated )
CVE-2023-39968

pip/jupyter-servercross-site inclusion (XSSI) of files in jupyter-server

Risk 38
Severity
6.1
First published (updated )
CVE-2023-40170

debian/jupyter-coreExecution with Unnecessary Privileges in JupyterApp

Risk 82
Severity
8.8
First published (updated )
CVE-2022-39286
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203