1259 matches found
CVE-2026-41205 vulnerabilities
Vulnerabilities for packages: dagster-fips, airflow, mlflow, prefect-fips, dagster, jupyter-base-notebook, superset, nemo, pgadmin4-fips, airflow-core, open-webui...
CVE-2026-7810
A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function createnotebook/readnotebook/editcell/addcell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit h...
CVE-2026-41205 vulnerabilities
Vulnerabilities for packages: open-webui, mlflow, superset, airflow, jupyter-base-notebook...
Jupyter多款产品 跨站脚本漏洞
Jupyter Notebook is an open-source web application developed by Project Jupyter, designed for creating and sharing code along with explanatory text documents. JupyterLab is another open-source project developed by JupyterLab, offering an extensible environment for interactive and reproducible...
PT-2026-38276
Name of the Vulnerable Software and Affected Versions JupyterLab versions prior to 4.5.7 Jupyter Notebook versions prior to 7.5.6 Description The HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements. Because CommandLinker listens for all click events...
EUVD-2026-27211
A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function createnotebook/readnotebook/editcell/addcell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit h...
CVE-2026-7810
A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function createnotebook/readnotebook/editcell/addcell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit h...
CVE-2026-7810 UsamaK98 python-notebook-mcp server.py add_cell path traversal
A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function createnotebook/readnotebook/editcell/addcell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit h...
CVE-2026-7810
CVE-2026-7810 affects UsamaK98 python-notebook-mcp (server.py) with path traversal in create_notebook/read_notebook/edit_cell/add_cell. Root cause: manipulation in server.py enables remote attack. Exploit published and may be used; no product version details due to rolling-release approach. CVSS ...
CVE-2026-7810 UsamaK98 python-notebook-mcp server.py add_cell path traversal
A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function createnotebook/readnotebook/editcell/addcell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit h...
CVE-2026-7810
A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function createnotebook/readnotebook/editcell/addcell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit h...
Python Notebook MCP 路径遍历漏洞
Python Notebook MCP is an interactive tool developed by Usama Khatab, allowing AI assistants to operate Jupyter notebooks. Python Notebook MCP has a path traversal vulnerability, which stems from issues with the functions createnotebook/readnotebook/editcell/addcell in the file server.py,...
PT-2026-36970
A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function create notebook/read notebook/edit cell/add cell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The explo...
Open Redirect
Overview jupyterlab is a JupyterLab computational environment. Affected versions of this package are vulnerable to Open Redirect in the CommandLinker class. An attacker can steal authentication tokens and gain unauthorized access to user accounts by convincing a user to open a malicious notebook...
Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS
Impact A stored Cross-Site Scripting XSS vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls single click interaction. T...
a-mailx (=0.1.0), aaa-ml-datasets-course (=1.0.0) +105 more potentially affected by CVE-2026-40171 via notebook (>=7.0.0 <=7.5.5)
notebook PYPI version =7.0.0, =0.0.7, =1.0.1, =0.1.0, =1.6.4, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =0.1.8, =0.0.2, =0.0.6 - compare-my-stocks =1.0.5 and more Source cves: CVE-2026-40171 Source advisory: SNYK:PYTHON-NOTEBOOK-16347195...
a-mailx (=0.1.0), aaa-ml-datasets-course (=1.0.0) +105 more potentially affected by CVE-2026-40171 via notebook (>=7.0.0 <=7.5.5)
notebook PYPI version =7.0.0, =0.0.7, =1.0.1, =0.1.0, =1.6.4, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =0.1.8, =0.0.2, =0.0.6 - compare-my-stocks =1.0.5 and more Source cves: CVE-2026-40171 Source advisory: OSV:GHSA-RCH3-82JR-F9W9...
Open Redirect
Overview @jupyter-notebook/help-extension is a Jupyter Notebook - Help Extension Affected versions of this package are vulnerable to Open Redirect in the CommandLinker class. An attacker can steal authentication tokens and gain unauthorized access to user accounts by convincing a user to open a...
GHSA-RCH3-82JR-F9W9 Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS
Impact A stored Cross-Site Scripting XSS vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls single click interaction. T...
Open Redirect
Overview notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. Affected versions of this package are vulnerable to Open Redirect in the CommandLinker class. An attacker can steal authentication tokens a...