348 matches found
GHSA-RM97-X556-Q36H vulnerabilities
Vulnerabilities for packages: py3-jupyterlab...
GHSA-M9RG-MR6G-75GM vulnerabilities
Vulnerabilities for packages: py3-jupyterlab...
CVE-2025-66648 vulnerabilities
Vulnerabilities for packages: py3-jupyterlab...
CVE-2025-59840 vulnerabilities
Vulnerabilities for packages: py3-jupyterlab...
GHSA-7F2V-3QQ3-VVJF vulnerabilities
Vulnerabilities for packages: py3-jupyterlab...
CVE-2024-21501 vulnerabilities
Vulnerabilities for packages: py3-jupyterlab...
CVE-2025-59840 vulnerabilities
Vulnerabilities for packages: py3-jupyterlab...
CVE-2024-21501 vulnerabilities
Vulnerabilities for packages: py3-jupyterlab...
GHSA-M9RG-MR6G-75GM vulnerabilities
Vulnerabilities for packages: py3-jupyterlab...
GHSA-RM97-X556-Q36H vulnerabilities
Vulnerabilities for packages: py3-jupyterlab...
CVE-2025-66648 vulnerabilities
Vulnerabilities for packages: py3-jupyterlab...
GHSA-7F2V-3QQ3-VVJF vulnerabilities
Vulnerabilities for packages: py3-jupyterlab...
OPENSUSE-SU-2026:11138-1 jupyter-jupyterlab-templates-0.5.3-2.1 on GA media
These are all security issues fixed in the jupyter-jupyterlab-templates-0.5.3-2.1 package on the GA media of openSUSE Tumbleweed...
Improper Handling of Case Sensitivity
Overview jupyterlab-git is an A JupyterLab extension for version control using git Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the prepare function due to improper enforcement of excluded directory paths on case-insensitive filesystems. An attacker...
Cross-site Scripting (XSS)
Overview @jupyterlab/git is an A JupyterLab extension for version control using git Affected versions of this package are vulnerable to Cross-site Scripting XSS in the createHeader method. An attacker can execute arbitrary JavaScript in another user's browser session by crafting a malicious...
GHSA-VMHF-C436-HXJ4 JupyterLab: Stored XSS in extension manager through package metadata unsanitized URI protocol
A malicious PyPI package can place a javascript: URL in its project.urls metadata. JupyterLab's Extension Manager renders this as the extension's home-page link without validating the protocol, so a user who clicks the extension name executes attacker-controlled JavaScript in the JupyterLab origi...
CVE-2026-54528
creationtimestamp| type| source ---|---|--- 2026-06-18 07:12:50+00:00| published-proof-of-concept| https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-436q-jwfr-rm2h...
CVE-2026-42557
A flaw was found in jupyterlab. This vulnerability allows a remote attacker to achieve arbitrary code execution by presenting a user with a specially crafted notebook containing a deceptive button in its pre-saved HTML cell output. When the user clicks this button, the CommandLinker component...
CVE-2026-42266
A flaw was found in JupyterLab, an extensible environment for interactive computing. The PyPI Extension Manager, responsible for installing extensions, failed to properly enforce its allow-list of approved extensions. This vulnerability allowed for the installation of unauthorized extensions from...
Linux Distros Unpatched Vulnerability : CVE-2026-42266
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the...