Lucene search
K

335 matches found

OSV
OSV
added 5 days ago3 views

OPENSUSE-SU-2026:11138-1 jupyter-jupyterlab-templates-0.5.3-2.1 on GA media

These are all security issues fixed in the jupyter-jupyterlab-templates-0.5.3-2.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.00782EPSS
Exploits1References1
Snyk
Snyk
added 2026/06/19 7:36 p.m.4 views

Improper Handling of Case Sensitivity

Overview jupyterlab-git is an A JupyterLab extension for version control using git Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the prepare function due to improper enforcement of excluded directory paths on case-insensitive filesystems. An attacker...

7.1CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:36 p.m.7 views

Cross-site Scripting (XSS)

Overview @jupyterlab/git is an A JupyterLab extension for version control using git Affected versions of this package are vulnerable to Cross-site Scripting XSS in the createHeader method. An attacker can execute arbitrary JavaScript in another user's browser session by crafting a malicious...

8.4CVSS6AI score
Exploits1References2
OSV
OSV
added 2026/06/19 3:11 p.m.8 views

GHSA-VMHF-C436-HXJ4 JupyterLab: Stored XSS in extension manager through package metadata unsanitized URI protocol

A malicious PyPI package can place a javascript: URL in its project.urls metadata. JupyterLab's Extension Manager renders this as the extension's home-page link without validating the protocol, so a user who clicks the extension name executes attacker-controlled JavaScript in the JupyterLab origi...

5.1CVSS5.9AI score
Exploits0References5
Circl
Circl
added 2026/06/18 7:12 a.m.8 views

CVE-2026-54528

creationtimestamp| type| source ---|---|--- 2026-06-18 07:12:50+00:00| published-proof-of-concept| https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-436q-jwfr-rm2h...

5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.9 views

CVE-2026-42557

A flaw was found in jupyterlab. This vulnerability allows a remote attacker to achieve arbitrary code execution by presenting a user with a specially crafted notebook containing a deceptive button in its pre-saved HTML cell output. When the user clicks this button, the CommandLinker component...

9.6CVSS6.1AI score0.00386EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.8 views

CVE-2026-42266

A flaw was found in JupyterLab, an extensible environment for interactive computing. The PyPI Extension Manager, responsible for installing extensions, failed to properly enforce its allow-list of approved extensions. This vulnerability allowed for the installation of unauthorized extensions from...

8.8CVSS6.4AI score0.0053EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/16 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-42266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the...

8.8CVSS5.8AI score0.0053EPSS
Exploits0References3
OSV
OSV
added 2026/05/15 8:42 a.m.4 views

BIT-JUPYTERLAB-2026-42557 jupyterlab: Command linker attributes in HTML enable one-click command execution from untrusted content

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...

9.6CVSS6.4AI score0.00386EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 8:42 a.m.5 views

BIT-JUPYTER-NOTEBOOK-2026-42557 jupyterlab: Command linker attributes in HTML enable one-click command execution from untrusted content

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...

9.6CVSS6.4AI score0.00386EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 8:41 a.m.6 views

BIT-JUPYTER-BASE-NOTEBOOK-2026-42557 jupyterlab: Command linker attributes in HTML enable one-click command execution from untrusted content

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...

9.6CVSS6.3AI score0.00386EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.8 views

SUSE CVE-2026-42266

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab. The Py...

8.8CVSS5.8AI score0.0053EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.8 views

SUSE CVE-2026-42557

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...

9.6CVSS6.3AI score0.00386EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-42557

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTM...

9.6CVSS6.4AI score0.00386EPSS
Exploits0References3
OSV
OSV
added 2026/05/13 4:16 p.m.3 views

DEBIAN-CVE-2026-42557

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...

9.6CVSS6.3AI score0.00386EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.7 views

CVE-2026-42557

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...

9.6CVSS0.00386EPSS
Exploits0References4
PyPA
PyPA
added 2026/05/13 4:16 p.m.12 views

PYSEC-2026-164

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab. The Py...

8.8CVSS5.8AI score0.0053EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/13 4:16 p.m.6 views

a-mailx (=0.1.0), a2 (>=0.1.0 <=0.3.17) +262 more potentially affected by CVE-2026-42266 via jupyterlab (>=4.0.0 <=4.5.6)

jupyterlab PYPI version =4.0.0, =0.1.0, =0.1.0b0, =0.1.0b0, =0.1.0b0, =0.1.0, =0.5.5, =2.0.0, =0.1.1, =4.33.0, =0.6.4, =0.8.0, =1.0.1, =0.1.0, =0.5.0 and more Source cves: CVE-2026-42266 Source advisory: OSV:PYSEC-2026-164...

8.8CVSS5.7AI score0.0053EPSS
Exploits0
OSV
OSV
added 2026/05/13 4:16 p.m.9 views

PYSEC-2026-164

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab. The Py...

8.8CVSS5.8AI score0.0053EPSS
Exploits0References4
OSV
OSV
added 2026/05/13 4:16 p.m.5 views

DEBIAN-CVE-2026-42266

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab. The Py...

8.8CVSS5.8AI score0.0053EPSS
Exploits0References1
Rows per page
Query Builder