Lucene search
K

9 matches found

NVD
NVD
added 2026/06/26 10:16 a.m.9 views

CVE-2026-6658

A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...

5.4CVSS0.00134EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 10:16 a.m.4 views

UBUNTU-CVE-2026-6658

A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...

5.4CVSS6AI score0.00134EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/26 9:40 a.m.8 views

EUVD-2026-39642

A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...

5.4CVSS6.3AI score0.00134EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 9:40 a.m.6 views

CVE-2026-6658

A vulnerability in jupyter/nbconvert versions = 7.17.0 allows for Cross-site Scripting XSS via unsanitized text/vnd.mermaid output in HTML exports. The datamermaid block in share/templates/lab/base.html.j2 renders text/vnd.mermaid cell output directly into HTML without escaping, enabling attacker...

5.4CVSS6.3AI score0.00134EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/26 9:40 a.m.7 views

CVE-2026-6658

A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...

5.4CVSS6.3AI score0.00134EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/22 1:37 a.m.8 views

SUSE CVE-2026-39377

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The...

6.5CVSS5.9AI score0.00266EPSS
Exploits0References3
OSV
OSV
added 2026/04/22 12:0 a.m.2 views

OPENSUSE-SU-2026:10603-1 jupyter-nbconvert-7.17.1-1.1 on GA media

These are all security issues fixed in the jupyter-nbconvert-7.17.1-1.1 package on the GA media of openSUSE Tumbleweed...

8.5CVSS5.8AI score0.00306EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/04/21 1:16 a.m.8 views

CVE-2026-39378

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when HTMLExporter.embedimages=True, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook...

6.5CVSS5.8AI score0.00306EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/21 12:14 a.m.31 views

CVE-2026-39377 nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The...

6.5CVSS0.00266EPSS
Exploits0References2
Rows per page
Query Builder