OESA-2026-2196 python-nbconvert security update

The nbconvert tool, jupyter nbconvert, converts notebooks to various other formats via Jinja templates. The nbconvert tool allows you to convert an .ipynb notebook file into various static formats including HTML, LaTeX, PDF, Reveal JS, Markdown md, ReStructured Text rst and executable script...

EUVD-2026-24023

nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames...

a-mailx (=0.1.0), aepsych (>=0.3.0 <=0.4.0) +183 more potentially affected by CVE-2026-39377 via nbconvert (>=6.5.0 <=7.17.0)

nbconvert PYPI version =6.5.0, =0.3.0, =0.9.5, =0.1.0, =1.0.1, =1.0.1, =0.0.1, =1.0.0, =0.1.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.10, =0.1.20 and more Source cves: CVE-2026-39377 Source advisory: OSV:GHSA-4C99-QJ7H-P3VG...

a-mailx (=0.1.0), almax-common (>=0.9.5 <=1.0.2.dev20240601170722) +70 more potentially affected by CVE-2026-39377 via nbconvert (>=7.0.0 <=7.17.0)

nbconvert PYPI version =7.0.0, =0.9.5, =1.0.1, =1.0.1, =0.1.0, =0.0.1, =0.1.0, =0.1.0, =0.1.10, =0.0.15, =0.1.3, =3.0.0, =0.0.1, =0.0.2 - fashiontrendforecasting =0.1.0 and more Source cves: CVE-2026-39377 Source advisory: SNYK:PYTHON-NBCONVERT-16115368...

CVE-2026-39378 nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when HTMLExporter.embedimages=True, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook...

Linux Distros Unpatched Vulnerability : CVE-2026-39377

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file...

PT-2026-33878

Name of the Vulnerable Software and Affected Versions nbconvert versions 6.5 through 7.17.0 Description The nbconvert tool converts Jupyter notebooks to various formats using Jinja templates. A path traversal issue exists where the ExtractAttachmentsPreprocessor function passes attachment filenam...

Linux Distros Unpatched Vulnerability : CVE-2026-39378

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when...

CVE-2025-53000

A flaw was found in nbconvert, specifically in the jupyter nbconvert tool on Windows. A third party can exploit this vulnerability by creating a malicious inkscape.bat file in a directory. When a user then converts a Jupyter notebook containing SVG output to a PDF from this directory, the malicio...

Linux Distros Unpatched Vulnerability : CVE-2025-53000

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6...

Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element due to unsafe executable resolution when exporting notebooks containing SVG output to PDF. During export, the svg2pdf.py preprocessor resolves the inkscape executable using shutil.which, which on Windows...

a-mailx (=0.1.0), almax-common (>=0.9.5 <=1.0.2.dev20240601170722) +68 more potentially affected by CVE-2025-53000 via nbconvert (>=7.0.0 <=7.16.6)

nbconvert PYPI version =7.0.0, =0.9.5, =1.0.1, =1.0.1, =0.1.0, =0.0.1, =0.1.0, =0.1.0, =0.1.10, =0.0.15, =0.1.3, =3.0.0, =0.0.1, =0.0.2 - fashiontrendforecasting =0.1.0 and more Source cves: CVE-2025-53000 Source advisory: SNYK:PYTHON-NBCONVERT-14463457...

CVE-2025-53000

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution...

CVE-2025-53000 nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution...

EUVD-2022-0161

Malicious code in bioql PyPI...

Fedora 38 : python-nbclient / python-nbconvert (2022-b910e3473f)

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2022-b910e3473f advisory. New versions of nbclient and nbconvert. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus ha...

abracadabra (>=0.0.0 <=0.0.7), ai-economist (>=1.0.0 <=1.7.1) +161 more potentially affected by CVE-2021-32862 via nbconvert (>=4.2.0 <=6.3.0)

nbconvert PYPI version =4.2.0, =0.0.0, =1.0.0, =1.3.4, =1.0.0, =1.0.1, =1.13.0.post1, =1.0.0, =0.1.0.dev2021118, =0.0.0, =0.3.4, =0.1.0rc1, =0.0.1, =0.2.1 - combnetdep =1.0.0 and more Source cves: CVE-2021-32862 Source advisory: OSV:PYSEC-2022-249...