Lucene search
K

11 matches found

Cvelist
Cvelist
added 2026/05/13 3:8 p.m.72 views

CVE-2026-42266 JupyterLab has an Extension Manager API/GUI Policy Discrepancy allowing 3rd party (malicious) extensions install via POST request.

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab. The Py...

8.8CVSS0.0053EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 8:33 a.m.9 views

CVE-2024-39700

JupyterLab extension template is a copier template for JupyterLab extensions. Repositories created using this template with test option include update-integration-tests.yml workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to...

9.9CVSS7AI score0.01024EPSS
Exploits3References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-9739

Malicious code in bioql PyPI...

7.4CVSS7.3AI score0.00557EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-38192

Malicious code in bioql PyPI...

9.9CVSS6.4AI score0.01024EPSS
Exploits3References2
NVD
NVD
added 2025/04/03 10:15 p.m.7 views

CVE-2025-30370

jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions. If...

7.4CVSS0.00557EPSS
Exploits0References4
OSV
OSV
added 2025/04/03 10:0 p.m.10 views

CVE-2025-30370 jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"

jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions. If...

7.4CVSS7.4AI score0.00557EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/04/03 10:0 p.m.9 views

CVE-2025-30370 jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"

jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions. If...

7.4CVSS7.3AI score0.00557EPSS
Exploits0References4
OSV
OSV
added 2025/03/04 9:31 a.m.3 views

MAL-2025-2086 Malicious code in amazon-codewhisperer-jupyterlab-ext (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a4e17673b58fae37b25deaea3bf55c6fdb9a69285dde321917e6e775d7cdf57 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
NVD
NVD
added 2024/07/16 6:15 p.m.46 views

CVE-2024-39700

JupyterLab extension template is a copier template for JupyterLab extensions. Repositories created using this template with test option include update-integration-tests.yml workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to...

9.9CVSS0.01024EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2024/07/16 5:37 p.m.19 views

CVE-2024-39700 Remote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action

JupyterLab extension template is a copier template for JupyterLab extensions. Repositories created using this template with test option include update-integration-tests.yml workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to...

9.9CVSS7AI score0.01024EPSS
Exploits3References2
CVE
CVE
added 2024/07/16 5:37 p.m.99 views

CVE-2024-39700

CVE-2024-39700 describes a remote code execution in the JupyterLab extension template copier, specifically in the update-integration-tests.yml workflow of the JupyterLab extension template used to bootstrap projects. The RCE is linked to repositories created with the template’s test option. Affec...

9.9CVSS9.7AI score0.01024EPSS
Exploits3References2Affected Software1
Rows per page
Query Builder