GHSA-9MVJ-F7W8-PVH2 vulnerabilities

Vulnerabilities for packages: jupyter-base-notebook, rancher-api-ui...

CVE-2024-6484 vulnerabilities

Vulnerabilities for packages: jupyter-base-notebook, rancher-api-ui...

GHSA-9MVJ-F7W8-PVH2 vulnerabilities

Vulnerabilities for packages: jupyter-base-notebook, rancher-api-ui...

CVE-2024-6484 vulnerabilities

Vulnerabilities for packages: jupyter-base-notebook, rancher-api-ui...

EUVD-2025-203957

nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows...

CVE-2025-53000

A flaw was found in nbconvert, specifically in the jupyter nbconvert tool on Windows. A third party can exploit this vulnerability by creating a malicious inkscape.bat file in a directory. When a user then converts a Jupyter notebook containing SVG output to a PDF from this directory, the malicio...

Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element due to unsafe executable resolution when exporting notebooks containing SVG output to PDF. During export, the svg2pdf.py preprocessor resolves the inkscape executable using shutil.which, which on Windows...

CVE-2025-53000

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution...

Code Execution in Jupyter Notebook Exports

After our research on Cursor , in the context of developer-ecosystem security, we turn our attention to the Jupyter ecosystem. We expose security risks we identified in the notebook’s export functionality, in the default Windows environment, to help organizations better protect their assets and...

CVE-2025-63848

Stored cross site scripting xss vulnerability in SWISH prolog thru 2.2.0 allowing attackers to execute arbitrary code via crafted web IDE notebook...

EUVD-2025-198293

Stored cross site scripting xss vulnerability in SWISH prolog thru 2.2.0 allowing attackers to execute arbitrary code via crafted web IDE notebook...

CVE-2025-63848

Stored cross site scripting xss vulnerability in SWISH prolog thru 2.2.0 allowing attackers to execute arbitrary code via crafted web IDE notebook...

CVE-2025-63848

Stored cross site scripting xss vulnerability in SWISH prolog thru 2.2.0 allowing attackers to execute arbitrary code via crafted web IDE notebook...

PT-2025-47605

Name of the Vulnerable Software and Affected Versions SWISH prolog versions through 2.2.0 Description A stored cross site scripting issue exists in SWISH prolog through version 2.2.0. This allows attackers to execute arbitrary code through a specially crafted web IDE notebook. The issue involves...

CVE-2025-63848

The CVE-2025-63848 entry describes a stored XSS vulnerability in SWISH (SWI‑Prolog SWISH Web IDE) up to version 2.2.0. The issue allows an attacker to execute arbitrary code via a crafted notebook in the Web IDE, indicating code execution impact tied to the web interface. Affected component: SWIS...

CVE-2025-63848

Stored cross site scripting xss vulnerability in SWISH prolog thru 2.2.0 allowing attackers to execute arbitrary code via crafted web IDE notebook...

CVE-2025-63848

Stored cross site scripting xss vulnerability in SWISH prolog thru 2.2.0 allowing attackers to execute arbitrary code via crafted web IDE notebook...

Fedora: Security Advisory (FEDORA-2025-7472c8fb5c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-44056

Name of the Vulnerable Software and Affected Versions eLabFTW versions prior to 5.3.0 Description eLabFTW, an electronic lab notebook, allowed the serving of uploaded SVG files inline. Due to SVG’s support for active content, a malicious SVG file could be uploaded and executed when viewed, leadin...

ROS-20251020-02

Jupyter Core vulnerability in Jupyter Notebook interactive development and code execution environment is related to privilege management errors. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information, download and execute code. remotely, disclo...