52 matches found
DEBIAN-CVE-2026-12243
NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...
JetBrains PyCharm 跨站脚本漏洞
JetBrains PyCharm is an integrated development environment IDE for Python language developed by the Czech company JetBrains. Versions of JetBrains PyCharm prior to 2025.3.4 contained a cross-site scripting vulnerability, which originated from Markdown cells in Jupyter notebooks, where a...
[SECURITY] Fedora 43 Update: python-jupytext-1.19.1-4.fc43
Have you always wished Jupyter notebooks were plain text documents? Wished you could edit them in your favorite IDE? And get clear and meaningful diffs when doing version control? Then... Jupytext may well be the tool you're looking for! Jupytext is a plugin for Jupyter that can save Jupyter...
CVE-2026-39377
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The...
UBUNTU-CVE-2026-39378
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when HTMLExporter.embedimages=True, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook...
[SECURITY] Fedora 43 Update: python-jupytext-1.19.1-1.fc43
Have you always wished Jupyter notebooks were plain text documents? Wished you could edit them in your favorite IDE? And get clear and meaningful diffs when doing version control? Then... Jupytext may well be the tool you're looking for! Jupytext is a plugin for Jupyter that can save Jupyter...
[SECURITY] Fedora 42 Update: python-jupytext-1.19.1-1.fc42
Have you always wished Jupyter notebooks were plain text documents? Wished you could edit them in your favorite IDE? And get clear and meaningful diffs when doing version control? Then... Jupytext may well be the tool you're looking for! Jupytext is a plugin for Jupyter that can save Jupyter...
CVE-2022-0427
Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover...
nbconvert 代码问题漏洞
nbconvert is a format conversion library organized by Jupyter. Converts Jupyter .ipynb notebook document files to another static format, including HTML, LaTeX, PDF, Markdown, and more. A code issue vulnerability exists in nbconvert 7.16.6 and earlier versions that stems from improper handling whe...
Code Execution in Jupyter Notebook Exports
After our research on Cursor , in the context of developer-ecosystem security, we turn our attention to the Jupyter ecosystem. We expose security risks we identified in the notebook’s export functionality, in the default Windows environment, to help organizations better protect their assets and...
EUVD-2021-13990
Malware in sbrugna...
EUVD-2022-15569
Malicious code in bioql PyPI...
CVE-2021-27225
In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users who have coding permissions to read and overwrite notebooks in projects that they are not authorized to access...
[SECURITY] Fedora 41 Update: python-nbdime-4.0.2-2.fc41
Nbdime provides tools for diffing and merging of Jupyter notebooks. - nbdiff: compare notebooks in a terminal-friendly way - nbmerge: three-way merge of notebooks with automatic conflict resolution - nbdiff-web: shows you a rich rendered diff of notebooks - nbmerge-web: gives you a web-based...
[SECURITY] Fedora 40 Update: python-nbdime-4.0.2-2.fc40
Nbdime provides tools for diffing and merging of Jupyter notebooks. - nbdiff: compare notebooks in a terminal-friendly way - nbmerge: three-way merge of notebooks with automatic conflict resolution - nbdiff-web: shows you a rich rendered diff of notebooks - nbmerge-web: gives you a web-based...
Hackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports Broadcasts
Malicious actors are exploiting misconfigured JupyterLab and Jupyter Notebooks to conduct stream ripping and enable sports piracy using live streaming capture tools. The attacks involve the hijack of unauthenticated Jupyter Notebooks to establish initial access, and perform a series of actions...
Security Bulletin: Cross Site Scripting Vulnerability Affects IBM Watson Studio Local
Summary Cross Site Scripting Vulnerability Affects IBM Watson Studio Local Jupyter notebooks. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2024-49340 DESCRIPTION: IBM Watson Studio Local is vulnerable to cross-site request forgery which could allow an attacker to execut...
CVE-2024-41942 JupyterHub has a privilege escalation vulnerability with the `admin:users` scope
JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the admin:users scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that...
BIT-GITLAB-2022-0427
Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover...
BIT-JUPYTERHUB-2021-41247 incomplete logout in JupyterHub
JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials for the single-user server only, not the Hub reinstated...