428 matches found
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering
ImpactThe vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature.A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user...
CVE-2026-52816
Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Jupyter Notebook ipynb sanitizer endpoint at POST /-/api/sanitizeipynb allows arbitrary data: URIs without proper restrictions, potentially leading to Cross-Site Scripting XSS. The endpoint uses bluemonday.UGCPolicy with...
CVE-2026-52816 Gogs: Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS
Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Jupyter Notebook ipynb sanitizer endpoint at POST /-/api/sanitizeipynb allows arbitrary data: URIs without proper restrictions, potentially leading to Cross-Site Scripting XSS. The endpoint uses bluemonday.UGCPolicy with...
Gogs's Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS
Summary The Jupyter Notebook ipynb sanitizer endpoint at POST /-/api/sanitizeipynb allows arbitrary data: URIs without proper restrictions, potentially leading to Cross-Site Scripting XSS. The endpoint uses bluemonday.UGCPolicy with p.AllowURLSchemes"data" which permits all data URI schemes...
GHSA-6V7P-G79W-8964 vulnerabilities
Vulnerabilities for packages: openstack-keystone-2026.1-fips, ansible-operator, kubeflow-katib, localstack, openstack-keystone-2025.2, airflow, datadog-agent, openstack-placement-2025.1, jupyter-all-spark-notebook, openstack-tempest-2025.2, superset-fips, openstack-horizon-2025.1, authentik,...
PT-2026-51634
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description The Jupyter Notebook ipynb sanitizer endpoint at 'POST /-/api/sanitize ipynb' allows arbitrary data: URIs without proper restrictions, which can lead to Cross-Site Scripting XSS. The endpoint utilizes...
GHSA-6VXV-WG6J-5QWP Gogs: XSS in .ipynb files renderer due to outdated notebookjs
Summary Gogs renders Jupyter notebook files .ipynb using jsvine/notebookjs, but the version is outdated, missing patches for known XSS vulnerabilities. Details Gogs uses version 0.4.2 of notebookjs to render Jupyter notebook files:...
CVE-2026-49384
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible...
CVE-2026-40171
A flaw was found in Jupyter Notebook and JupyterLab. A stored cross-site scripting XSS vulnerability in the help command linker can be exploited by an attacker who crafts a malicious notebook file. When a user interacts with this file, the XSS is triggered, allowing the attacker to steal...
JetBrains PyCharm < 2025.3.4 Stored XSS
According to its self-reported version, the JetBrains PyCharm installation on the remote host is prior to 2025.3.4. It is, therefore, affected by a stored cross-site scripting XSS vulnerability in Jupyter notebook Markdown cells. In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook...
CVE-2026-49384
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible...
CVE-2026-49384
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible...
CVE-2026-49384
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible...
EUVD-2026-33392
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible...
CVE-2026-49384
JetBrains PyCharm before 2025.3.4 is affected by a stored XSS vulnerability in Jupyter notebook Markdown cells. The CVE notes untrusted content in Markdown cells can be rendered, enabling potential script execution. Supported data: CVSS 3.1 base score 6.1 (Network attack vector, required user int...
PT-2026-44964
Name of the Vulnerable Software and Affected Versions JetBrains PyCharm versions prior to 2025.3.4 Description Stored Cross-Site Scripting XSS is possible within Jupyter notebook Markdown cells. Cross-Site Scripting is a type of security flaw where malicious scripts are injected into trusted...
Astra Linux – Vulnerability in jupyter-notebook
The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions, untrusted notebooks may execute code upon loading. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be exploited to trigger XSS...
BIT-JUPYTERLAB-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...
BIT-JUPYTER-NOTEBOOK-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...
BIT-JUPYTER-BASE-NOTEBOOK-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...