Linux Distros Unpatched Vulnerability : CVE-2026-40864

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0...

CVE-2026-40864 JupyterHub: Cross-origin form POSTs bypass XSRF

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

Cross-site Request Forgery (CSRF)

Overview jupyterhub is a JupyterHub: A multi-user server for Jupyter notebooks Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the handling of HTTP form endpoints when requests with the Sec-Fetch-Mode: no-cors header are incorrectly treated as same-origin,...

BIT-JUPYTERHUB-2026-33709 JupyterHub has an Open Redirect Vulnerability

JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to version 5.4.4, an open redirect vulnerability in JupyterHub allows attackers to construct links which, when clicked, take users to the JupyterHub login page, after which they are sent to an...

EUVD-2021-0104

Malware in sbrugna...

Improper JWT Signature Validation

jupyterhub-ltiauthenticator is vulnerable to improper JWT signature validation. The vulnerability is due to missing JWT signature validation in LTI13Authenticator, allowing forged authentication requests to be accepted...

conda-store (>=2024.6.1 <=2024.11.2), cylc-uiserver (>=0.1.0 <=0.3.0) +13 more potentially affected by CVE-2024-41942 via jupyterhub (>=0.8.1 <=4.0.2)

jupyterhub PYPI version =0.8.1, =2024.6.1, =0.1.0, =0.0.4, =1.3.7, =1.0.0, =0.2.0, =0.1.0, =0.0.0, =0.1.0, =0.10.0, =0.2.25, =0.0.1, =0.1.0, =0.0.2, =0.0.9 Source cves: CVE-2024-41942 Source advisory: OSV:PYSEC-2024-200...

pythoncharmers-meta (>=0.1.0 <=0.2.1) potentially affected by CVE-2024-41942 via jupyterhub (=5.0.0b2)

jupyterhub PYPI version =5.0.0b2 is affected by a known vulnerability. The following packages have a transitive dependency on jupyterhub and may be impacted: - pythoncharmers-meta =0.1.0, =0.2.1 Source cves: CVE-2024-41942 Source advisory: OSV:GHSA-9X4Q-3GXW-849F...

conda-store (>=2024.6.1 <=2024.11.2), cylc-uiserver (>=0.1.0 <=0.3.0) +13 more potentially affected by CVE-2024-28233 via jupyterhub (>=0.8.1 <=4.0.2)

jupyterhub PYPI version =0.8.1, =2024.6.1, =0.1.0, =0.0.4, =1.3.7, =1.0.0, =0.2.0, =0.1.0, =0.0.0, =0.1.0, =0.10.0, =0.2.25, =0.0.1, =0.1.0, =0.0.2, =0.0.9 Source cves: CVE-2024-28233 Source advisory: OSV:GHSA-7R3H-4PH8-W38G...

PT-2024-22348

Name of the Vulnerable Software and Affected Versions: JupyterHub versions prior to 4.1.0 Description: The issue allows an attacker to achieve an XSS directly affecting a user's session by tricking them into visiting a malicious subdomain. This could lead to full access to the JupyterHub API and...

JupyterHub 代码问题漏洞

JupyterHub is a multi-user server for Jupyter. A security vulnerability exists in JupyterHub that stems from the fact that in affected versions, users with multiple JupyterLab tabs open in the same browser session may see an incomplete logout from a single-user server because the new credentials...

jhub-shibboleth-auth (>=1.0.0 <=1.4.0) potentially affected by CVE-2019-10255 via jupyterhub (>=0.8.1 <=0.9.4)

jupyterhub PYPI version =0.8.1, =1.0.0, =1.4.0 Source cves: CVE-2019-10255 Source advisory: OSV:GHSA-RV62-4PMJ-XW6H...