Lucene search
K

369 matches found

Veracode
Veracode
added yesterday4 views

Arbitrary Command Execution

GitHub CLI is vulnerable to Arbitrary Command Execution. The vulnerability is due to insufficient validation of JupyterLab URLs returned by a Codespace, where attacker-controlled non-loopback URLs such as vscode:// are passed to VS Code, allowing malicious Codespaces to execute arbitrary commands...

4.4CVSS6.3AI score0.00198EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 4 days ago6 views

CVE-2026-54528

A flaw was found in JupyterLab Git, a Git extension for JupyterLab. This vulnerability allows an authenticated user on a case-insensitive filesystem to bypass administrator-configured excluded paths by varying the case of the URL path segment. This bypass enables the user to read file content, vi...

7.1CVSS6AI score0.00285EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-59831

GitHub CLI gh is GitHub’s official command line tool. From 2.10.0 through 2.95.0, connecting to a malicious Codespace with gh codespace jupyter can allow command execution because the command opens a JupyterLab URL supplied by a process inside the Codespace without validating that it is a loopbac...

4.4CVSS6.1AI score0.00198EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-59831 GitHub CLI `gh codespace jupyter` could allow remote code execution when connecting to a malicious Codespace

GitHub CLI gh is GitHub’s official command line tool. From 2.10.0 through 2.95.0, connecting to a malicious Codespace with gh codespace jupyter can allow command execution because the command opens a JupyterLab URL supplied by a process inside the Codespace without validating that it is a loopbac...

4.4CVSS0.00198EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago11 views

PT-2026-57006

Name of the Vulnerable Software and Affected Versions GitHub CLI gh versions 2.10.0 through 2.95.0 Description Connecting to a malicious Codespace using the gh codespace jupyter command can lead to command execution. This occurs because the tool opens a JupyterLab URL provided by a process within...

4.4CVSS6.1AI score0.00198EPSS
Exploits0References6
NVD
NVD
added 6 days ago7 views

CVE-2026-54527

JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff.ts createHeader method passes Git filenames directly to innerHTML when rendering renamed files in commit history, allowing a crafted filename to execute JavaScript when a victim views the rename diff ...

9.3CVSS0.00284EPSS
Exploits1References3
NVD
NVD
added 6 days ago8 views

CVE-2026-54528

JupyterLab Git is a Git extension for JupyterLab. Prior to 0.54.0, jupyterlab-git uses fnmatch.fnmatchcase in GitHandler.prepare in jupyterlabgit/handlers.py to enforce excludedpaths, allowing an authenticated user on a case-insensitive filesystem to vary URL path casing and read excluded...

7.1CVSS0.00285EPSS
Exploits0References3
CVE
CVE
added 6 days ago26 views

CVE-2026-54528

Summary of vulnerability (CVE-2026-54528): The jupyterlab-git extension for JupyterLab is affected prior to version 0.54.0. On case-insensitive filesystems (e.g., macOS APFS, Windows NTFS), the code path that enforces excluded_paths uses fnmatch.fnmatchcase(), which is case-sensitive and can be b...

7.1CVSS6AI score0.00285EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-54528 jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories

JupyterLab Git is a Git extension for JupyterLab. Prior to 0.54.0, jupyterlab-git uses fnmatch.fnmatchcase in GitHandler.prepare in jupyterlabgit/handlers.py to enforce excludedpaths, allowing an authenticated user on a case-insensitive filesystem to vary URL path casing and read excluded...

7.1CVSS0.00285EPSS
Exploits0References3
CVE
CVE
added 6 days ago50 views

CVE-2026-54527

CVE-2026-54527 affects the jupyterlab-git extension. The PlainTextDiff.ts createHeader() renders renamed-file headers by directly inserting Git filenames into innerHTML, enabling stored XSS that can lead to remote code execution. Affected range is before 0.54.0, with fix released in 0.54.0. Explo...

9.3CVSS6AI score0.00284EPSS
Exploits1References3
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-54527 JupyterLab Git: Stored XSS leading to RCE

JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff.ts createHeader method passes Git filenames directly to innerHTML when rendering renamed files in commit history, allowing a crafted filename to execute JavaScript when a victim views the rename diff ...

9.3CVSS0.00284EPSS
Exploits1References3
OSV
OSV
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-1707 JupyterLab vulnerable to SXSS in Markdown Preview

Impact The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user...

6.5CVSS6.8AI score0.00568EPSS
Exploits0References8
Chainguard
Chainguard
added 2026/07/02 8:22 p.m.13 views

GHSA-RM97-X556-Q36H vulnerabilities

Vulnerabilities for packages: py3-jupyterlab...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/07/02 8:22 p.m.11 views

GHSA-M9RG-MR6G-75GM vulnerabilities

Vulnerabilities for packages: py3-jupyterlab...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/07/02 8:22 p.m.13 views

CVE-2025-66648 vulnerabilities

Vulnerabilities for packages: py3-jupyterlab...

7.2CVSS5.8AI score0.00184EPSS
Exploits1
Chainguard
Chainguard
added 2026/07/02 8:22 p.m.20 views

CVE-2024-21501 vulnerabilities

Vulnerabilities for packages: py3-jupyterlab...

5.3CVSS6.6AI score0.01018EPSS
Exploits1
Chainguard
Chainguard
added 2026/07/02 8:22 p.m.13 views

CVE-2025-59840 vulnerabilities

Vulnerabilities for packages: py3-jupyterlab...

8.1CVSS6.6AI score0.00383EPSS
Exploits0
Chainguard
Chainguard
added 2026/07/02 8:22 p.m.14 views

GHSA-7F2V-3QQ3-VVJF vulnerabilities

Vulnerabilities for packages: py3-jupyterlab...

5.8AI score
Exploits0
Wolfi
Wolfi
added 2026/07/02 8:21 p.m.15 views

GHSA-RM97-X556-Q36H vulnerabilities

Vulnerabilities for packages: py3-jupyterlab...

5.8AI score
Exploits0
Wolfi
Wolfi
added 2026/07/02 8:21 p.m.15 views

GHSA-7F2V-3QQ3-VVJF vulnerabilities

Vulnerabilities for packages: py3-jupyterlab...

5.8AI score
Exploits0
Rows per page
Query Builder