72 matches found
Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed
Summary The /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLECODEEXECUTION=false. The feature gate is not enforced on the API endpoint — the configuration says "disabled" but code still executes. Details The...
GHSA-RCH3-82JR-F9W9 vulnerabilities
Vulnerabilities for packages: tensorflow-cpu-jupyter, jupyter-base-notebook...
UBUNTU-CVE-2026-39377
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The...
GHSA-GFMX-QQQH-F38Q vulnerabilities
Vulnerabilities for packages: tensorflow-cpu-jupyter...
CVE-2026-0897 vulnerabilities
Vulnerabilities for packages: tensorflow-cpu-jupyter, kubeflow-pipelines-visualization-server, tensorflow-gpu-jupyter...
CVE-2025-9905 vulnerabilities
Vulnerabilities for packages: tensorflow-cpu-jupyter...
GHSA-C9RC-MG46-23W3 vulnerabilities
Vulnerabilities for packages: tensorflow-cpu-jupyter, tensorflow-gpu-jupyter...
GHSA-HGF8-39GV-G3F2 vulnerabilities
Vulnerabilities for packages: tensorflow-cpu-jupyter, mlflow, superset...
CVE-2025-12058 vulnerabilities
Vulnerabilities for packages: tensorflow-cpu-jupyter, kubeflow-pipelines-visualization-server, tensorflow-gpu-jupyter...
[SECURITY] Fedora 40 Update: python-notebook-7.2.2-1.fc40
The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...
NTLM Credential Theft Risk in Python Apps Threaten Windows Security
New research reveals critical vulnerabilities in Python applications for Windows including Snowflake, Gradio, Jupyter, and Streamlit that could…...
CVE-2024-39903
Solara is a pure Python, React-style framework for scaling Jupyter and web apps. A Local File Inclusion LFI vulnerability was identified in widgetti/solara, in version 1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI...
CVE-2024-39903 Local File Inclusion in Solara
Solara is a pure Python, React-style framework for scaling Jupyter and web apps. A Local File Inclusion LFI vulnerability was identified in widgetti/solara, in version 1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI...
MAL-2024-5287 Malicious code in jupyter-pytest-fi-console (PyPI)
--- -= Per source details. Do not edit below this line.=-...
VSCode ipynb Remote Code Execution Exploit
VSCode when opening a Jupyter notebook .ipynb file bypasses the trust model. On versions v1.4.0 through v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code at...
Vger - An Interactive CLI Application For Interacting With Authenticated Jupyter Instances
V'ger is an interactive command-line application for post-exploitation of authenticated Jupyter instances with a focus on AI/ML security operations. User Stories As a Red Teamer , you've found Jupyter credentials, but don't know what you can do with them. V'ger is organized in a format that shoul...
[SECURITY] Fedora 39 Update: python-notebook-7.0.7-1.fc39
The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...
jupyter-server errors include tracebacks with path information
Impact Unhandled errors in API requests include traceback information, which can include path information. There is no known mechanism by which to trigger these errors without authentication, so the paths revealed are not considered particularly sensitive, given that the requesting user has...
Security Update for Microsoft Visual Studio Code (November 2023)
A Jupyter extension spoofing vulnerability exists in Visual Studio Code when the installed Jupyter extension is prior to 2023.10.1100000000. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 Tenable,...
New Jupyter Infostealer Version Emerges with Sophisticated Stealth Tactics
An updated version of an information stealer malware known as Jupyter has resurfaced with "simple yet impactful changes" that aim to stealthily establish a persistent foothold on compromised systems. "The team has discovered new waves of Jupyter Infostealer attacks which leverage PowerShell comma...