Lucene search
K

1303 matches found

RedhatCVE
RedhatCVE
added 4 days ago9 views

CVE-2026-44727

A flaw was found in Jupyter Server. The nbconvert HTTP handlers in Jupyter Server render user-authored notebook HTML without a sandbox directive in their Content-Security-Policy. This, combined with nbconvert.HTMLExporter's default non-sanitizing behavior, allows a notebook containing an HTML...

9.3CVSS6AI score0.00227EPSS
Exploits0References5
OSV
OSV
added 4 days ago6 views

PYSEC-2026-362 Jupyter Enterprise Gateway: Kubernetes Manifest Injection in Jinja2 Template Rendering

Summary The environment variables used during the rendering of the Kubernetes manifest allow YAML injection, enabling attackers to overwrite existing keys like securityContext and inject multi-document YAML to create additional unintended Kubernetes resources. Details The server interpolates...

10CVSS6.3AI score0.00062EPSS
Exploits0References5
OSV
OSV
added 4 days ago4 views

PYSEC-2026-363 Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass

Summary Jupyter Enterprise Gateway has a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 root. This can be bypassed. It is possible to launch kernels with a prohibited UID and/or GID by using a specially crafted KERNELUID or KERNELGID value. The feature...

9.8CVSS6.2AI score0.00106EPSS
Exploits0References6
OSV
OSV
added 4 days ago6 views

PYSEC-2026-364 Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resulting in Remote Code Execution

Summary The environment variables KERNELXXX used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection SSTI. By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service. The code can...

10CVSS6.4AI score0.0086EPSS
Exploits0References5
OSV
OSV
added 4 days ago5 views

PYSEC-2026-365 TigerVNC accessible via the network and not just via a UNIX socket as intended

Summary jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by jupyter-remote-desktop-proxy were still accessible via the network. This vulnerability does not affect users having...

9CVSS5.8AI score0.0082EPSS
Exploits0References6
Fedora
Fedora
added 6 days ago4 views

[SECURITY] Fedora 43 Update: python-jupyter-server-2.19.0-2.fc43

The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila...

8.8CVSS6.4AI score0.00583EPSS
Exploits4
OSV
OSV
added 6 days ago3 views

OPENSUSE-SU-2026:11137-1 python311-jupyter-ydoc-3.5.0-1.1 on GA media

These are all security issues fixed in the python311-jupyter-ydoc-3.5.0-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.00782EPSS
Exploits1References1
NVD
NVD
added 2026/06/26 10:16 a.m.7 views

CVE-2026-6658

A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...

5.4CVSS0.00134EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 9:40 a.m.36 views

CVE-2026-6658 Cross-site Scripting (XSS) in jupyter/nbconvert

A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...

5.4CVSS0.00134EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 9:40 a.m.5 views

CVE-2026-6658

A vulnerability in jupyter/nbconvert versions = 7.17.0 allows for Cross-site Scripting XSS via unsanitized text/vnd.mermaid output in HTML exports. The datamermaid block in share/templates/lab/base.html.j2 renders text/vnd.mermaid cell output directly into HTML without escaping, enabling attacker...

5.4CVSS6.3AI score0.00134EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 9:40 a.m.6 views

EUVD-2026-39642

A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...

5.4CVSS6.3AI score0.00134EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/26 9:40 a.m.5 views

CVE-2026-6658

A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...

5.4CVSS6.3AI score0.00134EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.8 views

Fedora 43 : python-jupyter-server (2026-9536c7cb79)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-9536c7cb79 advisory. New version of jupyter-server fixing various security vulnerabilities. Tenable has extracted the preceding description block directly from the Fedor...

8.8CVSS6.5AI score0.00583EPSS
Exploits4References4
OSV
OSV
added 2026/06/25 12:0 a.m.3 views

OPENSUSE-SU-2026:11123-1 jupyter-nbclassic-1.3.3-2.1 on GA media

These are all security issues fixed in the jupyter-nbclassic-1.3.3-2.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.00782EPSS
Exploits1References1
NVD
NVD
added 2026/06/24 9:16 p.m.7 views

CVE-2026-52816

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Jupyter Notebook ipynb sanitizer endpoint at POST /-/api/sanitizeipynb allows arbitrary data: URIs without proper restrictions, potentially leading to Cross-Site Scripting XSS. The endpoint uses bluemonday.UGCPolicy with...

6.4CVSS0.00677EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 8:26 p.m.21 views

CVE-2026-52816 Gogs: Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Jupyter Notebook ipynb sanitizer endpoint at POST /-/api/sanitizeipynb allows arbitrary data: URIs without proper restrictions, potentially leading to Cross-Site Scripting XSS. The endpoint uses bluemonday.UGCPolicy with...

6.4CVSS0.00677EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-44727

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under...

9.3CVSS5.8AI score0.00227EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/23 5:33 p.m.11 views

Gogs's Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS

Summary The Jupyter Notebook ipynb sanitizer endpoint at POST /-/api/sanitizeipynb allows arbitrary data: URIs without proper restrictions, potentially leading to Cross-Site Scripting XSS. The endpoint uses bluemonday.UGCPolicy with p.AllowURLSchemes"data" which permits all data URI schemes...

6.4CVSS6.1AI score0.00677EPSS
Exploits0References5Affected Software1
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.6 views

GHSA-VMHF-C436-HXJ4 vulnerabilities

Vulnerabilities for packages: tensorflow-gpu-jupyter...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.17 views

CVE-2026-44727 vulnerabilities

Vulnerabilities for packages: tensorflow-gpu-jupyter, tensorflow-cpu-jupyter...

9.3CVSS5.9AI score0.00227EPSS
Exploits0
Rows per page
Query Builder