CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

UbuntuCve•added 2026/05/13 4:16 p.m.•4 views

CVE-2026-42266

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab. The Py...

8.8CVSS5.8AI score0.00029EPSS

Vulnrichment•added 2026/05/13 3:8 p.m.•3 views

CVE-2026-42266 JupyterLab has an Extension Manager API/GUI Policy Discrepancy allowing 3rd party (malicious) extensions install via POST request.

8.8CVSS5.8AI score0.00029EPSS

Exploits0References4

OPENSUSE Linux•added 2026/05/13 12:0 a.m.•6 views

jupyter-jupyterlab-4.5.7-1.1 on GA media (moderate)

jupyter-jupyterlab-4.5.7-1.1 on GA media Announcement ID: openSUSE-SU-2026:10748-1 Rating: moderate Cross-References: CVE-2026-40171 CVE-2026-42266 CVE-2026-42557 Affected Products: openSUSE Tumbleweed An update that solves 3 vulnerabilities can now be installed. Description: These are all securi...

9.6CVSS5.8AI score0.00079EPSS

Exploits0

OSV•added 2026/05/11 5:42 a.m.•2 views

BIT-JUPYTERLAB-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker

OSV•added 2026/05/11 5:41 a.m.•2 views

BIT-JUPYTER-BASE-NOTEBOOK-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker

OSV•added 2026/05/11 12:0 a.m.•3 views

OPENSUSE-SU-2026:10748-1 jupyter-jupyterlab-4.5.7-1.1 on GA media

These are all security issues fixed in the jupyter-jupyterlab-4.5.7-1.1 package on the GA media of openSUSE Tumbleweed...

9.6CVSS5.8AI score0.00079EPSS

Exploits0References3

Tenable Nessus•added 2026/05/08 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-40171

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and...

8.4CVSS6.1AI score0.00059EPSS

Exploits0References3

OSV•added 2026/05/06 8:16 p.m.•2 views

DEBIAN-CVE-2026-40171

NVD•added 2026/05/06 8:16 p.m.•1 views

CVE-2026-40171

8.4CVSS0.00059EPSS

CVE•added 2026/05/06 7:36 p.m.•8 views

CVE-2026-40171

CVE-2026-40171 affects Jupyter components prior to fixes: Notebook 7.0.0–7.5.5, JupyterLab up to 4.5.6, and related help extensions (@jupyter-notebook/help-extension, @jupyterlab/help-extension). The root cause is a stored XSS in the CommandLinker used by the Help Extension, which can be chained ...

Cvelist•added 2026/05/06 7:36 p.m.•26 views

CVE-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker

8.4CVSS0.00059EPSS

ATTACKERKB•added 2026/05/06 7:36 p.m.•3 views

CVE-2026-40171

Exploits0References2Affected Software3

vulnersOsv•added 2026/04/30 5:25 p.m.•6 views

@fails-components/jupyter-applet-view (>=0.0.1-alpha.3 <=0.0.1-alpha.18), @fails-components/jupyter-filesystem-extension (>=0.0.1-alpha.3 <=0.0.1-alpha.18) +3 more potentially affected by CVE-2026-40171 via @jupyterlab/help-extension (>=4.0.13 <=4.4.10)

@jupyterlab/help-extension NPM version =4.0.13, =0.0.1-alpha.3, =0.0.1-alpha.3, =0.0.1-alpha.3, =0.0.1-alpha.3, =0.2.0, =0.6.0-alpha.9 Source cves: CVE-2026-40171 Source advisory: SNYK:JS-JUPYTERLABHELPEXTENSION-16347193...

8.4CVSS5.8AI score0.00059EPSS

Exploits0

Positive Technologies•added 2026/04/30 12:0 a.m.•6 views

PT-2026-36305

Name of the Vulnerable Software and Affected Versions Jupyter Notebook versions prior to 7.5.6 JupyterLab versions prior to 4.5.7 Description A stored Cross-Site Scripting XSS issue allows attackers to steal authentication tokens from users who open malicious notebook files and interact with...

8.4CVSS6.1AI score0.00059EPSS

Exploits0References12

Veracode•added 2026/02/21 5:6 a.m.•3 views

Cross Site Scripting

distributed is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user-controlled input in the Dask dashboard when accessed via Jupyter Lab and jupyter-server-proxy, allowing attackers to craft a malicious URL that triggers script execution and results in...

6.1CVSS6.1AI score0.00016EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/01/17 5:19 p.m.•4 views

CVE-2026-23528

Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting XSS bug in the Dask...

6.1CVSS6.7AI score0.00016EPSS

Tenable Nessus•added 2026/01/17 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-23528

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter- server-proxy, and Dask distributed are all run together...

6.1CVSS5.8AI score0.00016EPSS

Exploits0References3

Snyk•added 2026/01/16 5:51 p.m.•2 views

Cross-site Scripting (XSS)

Overview distributed is a Distributed scheduler for Dask Affected versions of this package are vulnerable to Cross-site Scripting XSS via the interaction between Jupyter Lab, jupyter-server-proxy, and the Dask dashboard. An attacker can execute arbitrary code by enticing a user to click a phishin...

7.1CVSS6.4AI score0.00016EPSS

OSV•added 2026/01/16 5:15 p.m.•3 views

PYSEC-2026-169

6.1CVSS5.8AI score0.00016EPSS