MAL-2025-38654 Malicious code in vscode-notebook-renderer (npm)

The package vscode-notebook-renderer was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 065f8a29b916aea70aa9f29ac9cde574ebd734c0cd450699387684aa7e3d60fa This package installs a dependency hosted on a custom domain tha...

GHSA-PWQ7-2GVJ-VG9V vulnerabilities

Vulnerabilities for packages: tensorflow-cpu-jupyter...

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets. When using a terminal interpreter i.e. %sh.terminal in an Apache Zeppelin notebook, a WebSocket server is spawned on a random port. This server does not implement an origin check and as such is...

Cross-site Scripting (XSS)

Overview org.apache.zeppelin:zeppelin-web is a web-based notebook. Affected versions of this package are vulnerable to Cross-site Scripting XSS via insufficient input validation in the Helium module. An attacker can execute arbitrary scripts in the context of the user's browser by injecting...

Exploring the Jupyter Ecosystem: an Empirical Study of Bugs and Vulnerabilities

Background. Jupyter notebooks are one of the main tools used by data scientists. Notebooks include features configuration scripts, markdown, images, etc. that make them challenging to analyze compared to traditional software. As a result, existing software engineering models, tools, and studies d...

GHSA-H7X8-JV97-FVVM Dagster Local File Inclusion vulnerability

Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...

Directory Traversal

Overview dagster is a Dagster is an orchestration platform for the development, production, and observation of data assets. Affected versions of this package are vulnerable to Directory Traversal via the getnotebookdata function in the grpc/impl.py file, which checks path validation only if the...

PYSEC-2025-102

Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...

CVE-2025-51481

Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...

PYSEC-2025-102

Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...

Dagster 路径遍历漏洞

Dagster is a Dagster open source orchestration platform for developing, producing and observing data assets. A security vulnerability exists in Dagster version 1.10.14, which stems from a path traversal sequence in the notebookpath field that can bypass extension-based checks and lead to the...

SingleStore: IDOR - Scheduled data leak to other accounts By "projectID"

The Insecure Direct Object Reference IDOR vulnerability was discovered in the GetNotebookScheduledPaginatedJobs endpoint on backend.singlestore.com. The API failed to verify the requestor's permission to access the specified project, allowing an authenticated user to access scheduled job...

Fedora 42 : jupyterlab / python-notebook (2025-ebcd1295c7)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-ebcd1295c7 advisory. New jupyterlab and notebook Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

Fedora 43 : jupyterlab / python-notebook (2025-7472c8fb5c)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-7472c8fb5c advisory. New jupyterlab and notebook Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

Fedora: Security Advisory (FEDORA-2025-e15a193ad3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-4b5f3d51ca)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-ebcd1295c7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-d335b971e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-6aa3b5248f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-7756

A potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a local attacker to escalate privileges by accessing an embedded UEFI shell...