Lucene search
K

428 matches found

PyPA
PyPA
added 4 days ago7 views

HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering

ImpactThe vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature.A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user...

8.8CVSS6.1AI score0.00373EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2026/06/24 9:16 p.m.7 views

CVE-2026-52816

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Jupyter Notebook ipynb sanitizer endpoint at POST /-/api/sanitizeipynb allows arbitrary data: URIs without proper restrictions, potentially leading to Cross-Site Scripting XSS. The endpoint uses bluemonday.UGCPolicy with...

6.4CVSS0.00677EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 8:26 p.m.28 views

CVE-2026-52816 Gogs: Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Jupyter Notebook ipynb sanitizer endpoint at POST /-/api/sanitizeipynb allows arbitrary data: URIs without proper restrictions, potentially leading to Cross-Site Scripting XSS. The endpoint uses bluemonday.UGCPolicy with...

6.4CVSS0.00677EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/23 5:33 p.m.12 views

Gogs's Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS

Summary The Jupyter Notebook ipynb sanitizer endpoint at POST /-/api/sanitizeipynb allows arbitrary data: URIs without proper restrictions, potentially leading to Cross-Site Scripting XSS. The endpoint uses bluemonday.UGCPolicy with p.AllowURLSchemes"data" which permits all data URI schemes...

6.4CVSS6.1AI score0.00677EPSS
Exploits0References5Affected Software1
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.17 views

GHSA-6V7P-G79W-8964 vulnerabilities

Vulnerabilities for packages: openstack-keystone-2026.1-fips, ansible-operator, kubeflow-katib, localstack, openstack-keystone-2025.2, airflow, datadog-agent, openstack-placement-2025.1, jupyter-all-spark-notebook, openstack-tempest-2025.2, superset-fips, openstack-horizon-2025.1, authentik,...

6.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51634

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description The Jupyter Notebook ipynb sanitizer endpoint at 'POST /-/api/sanitize ipynb' allows arbitrary data: URIs without proper restrictions, which can lead to Cross-Site Scripting XSS. The endpoint utilizes...

6.4CVSS6AI score0.00677EPSS
Exploits0References8
OSV
OSV
added 2026/06/19 9:42 p.m.11 views

GHSA-6VXV-WG6J-5QWP Gogs: XSS in .ipynb files renderer due to outdated notebookjs

Summary Gogs renders Jupyter notebook files .ipynb using jsvine/notebookjs, but the version is outdated, missing patches for known XSS vulnerabilities. Details Gogs uses version 0.4.2 of notebookjs to render Jupyter notebook files:...

8.5CVSS5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.9 views

CVE-2026-49384

In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible...

6.1CVSS5.4AI score0.00181EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-40171

A flaw was found in Jupyter Notebook and JupyterLab. A stored cross-site scripting XSS vulnerability in the help command linker can be exploited by an attacker who crafts a malicious notebook file. When a user interacts with this file, the XSS is triggered, allowing the attacker to steal...

8.8CVSS6.4AI score0.00476EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.32 views

JetBrains PyCharm < 2025.3.4 Stored XSS

According to its self-reported version, the JetBrains PyCharm installation on the remote host is prior to 2025.3.4. It is, therefore, affected by a stored cross-site scripting XSS vulnerability in Jupyter notebook Markdown cells. In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook...

6.1CVSS5.3AI score0.00181EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:15 p.m.22 views

CVE-2026-49384

In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible...

6.1CVSS5.8AI score0.00181EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/29 6:15 p.m.35 views

CVE-2026-49384

In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible...

6.1CVSS0.00181EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 6:15 p.m.14 views

CVE-2026-49384

In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible...

6.1CVSS5.8AI score0.00181EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 6:15 p.m.12 views

EUVD-2026-33392

In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible...

6.1CVSS5.8AI score0.00181EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 6:15 p.m.39 views

CVE-2026-49384

JetBrains PyCharm before 2025.3.4 is affected by a stored XSS vulnerability in Jupyter notebook Markdown cells. The CVE notes untrusted content in Markdown cells can be rendered, enabling potential script execution. Supported data: CVSS 3.1 base score 6.1 (Network attack vector, required user int...

6.1CVSS5.8AI score0.00181EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.22 views

PT-2026-44964

Name of the Vulnerable Software and Affected Versions JetBrains PyCharm versions prior to 2025.3.4 Description Stored Cross-Site Scripting XSS is possible within Jupyter notebook Markdown cells. Cross-Site Scripting is a type of security flaw where malicious scripts are injected into trusted...

6.1CVSS5.8AI score0.00181EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in jupyter-notebook

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions, untrusted notebooks may execute code upon loading. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be exploited to trigger XSS...

10CVSS8.8AI score0.02106EPSS
Exploits1References2
OSV
OSV
added 2026/05/11 5:42 a.m.12 views

BIT-JUPYTERLAB-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker

In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...

8.4CVSS6AI score0.00476EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 5:41 a.m.7 views

BIT-JUPYTER-NOTEBOOK-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker

In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...

8.4CVSS6AI score0.00476EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 5:41 a.m.5 views

BIT-JUPYTER-BASE-NOTEBOOK-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker

In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...

8.4CVSS6AI score0.00476EPSS
Exploits0References2
Rows per page
Query Builder