Lucene search
+L

137 matches found

Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50718

Name of the Vulnerable Software and Affected Versions jupyter-server versions prior to 2.20.0 Description The nbconvert HTTP handlers render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy CSP, which is a security layer that helps...

9.3CVSS6AI score0.00227EPSS
Exploits0References15
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in nbconvert

The GitHub Security Lab identified sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML, which may lead to cross-site scripting XSS vulnerabilities if...

7.5CVSS6.2AI score0.01102EPSS
Exploits1References1
OSV
OSV
added 2026/05/09 12:30 p.m.7 views

OESA-2026-2215 python-nbconvert security update

The nbconvert tool, jupyter nbconvert, converts notebooks to various other formats via Jinja templates. The nbconvert tool allows you to convert an .ipynb notebook file into various static formats including HTML, LaTeX, PDF, Reveal JS, Markdown md, ReStructured Text rst and executable script...

6.5CVSS5.9AI score0.00306EPSS
Exploits0References3
OSV
OSV
added 2026/05/03 9:58 a.m.16 views

OESA-2026-2196 python-nbconvert security update

The nbconvert tool, jupyter nbconvert, converts notebooks to various other formats via Jinja templates. The nbconvert tool allows you to convert an .ipynb notebook file into various static formats including HTML, LaTeX, PDF, Reveal JS, Markdown md, ReStructured Text rst and executable script...

6.5CVSS5.9AI score0.00306EPSS
Exploits0References3
OSV
OSV
added 2026/05/03 9:58 a.m.9 views

OESA-2026-2195 python-nbconvert security update

The nbconvert tool, jupyter nbconvert, converts notebooks to various other formats via Jinja templates. The nbconvert tool allows you to convert an .ipynb notebook file into various static formats including HTML, LaTeX, PDF, Reveal JS, Markdown md, ReStructured Text rst and executable script...

6.5CVSS5.9AI score0.00306EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/24 1:36 a.m.11 views

SUSE CVE-2025-53000

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution...

7.8CVSS5.9AI score0.00238EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/22 8:20 p.m.7 views

CVE-2026-39378

A flaw was found in nbconvert, a tool used to convert Jupyter notebooks. A malicious notebook can exploit this vulnerability when the HTMLExporter.embedimages setting is enabled. This allows for path traversal in image references, which can lead to arbitrary file read. Consequently, sensitive fil...

6.5CVSS5.8AI score0.00306EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/04/22 1:37 a.m.9 views

SUSE CVE-2026-39377

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The...

6.5CVSS5.9AI score0.00266EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/22 1:37 a.m.8 views

SUSE CVE-2026-39378

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when HTMLExporter.embedimages=True, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook...

6.5CVSS5.9AI score0.00306EPSS
Exploits0References3
OSV
OSV
added 2026/04/22 12:0 a.m.2 views

OPENSUSE-SU-2026:10603-1 jupyter-nbconvert-7.17.1-1.1 on GA media

These are all security issues fixed in the jupyter-nbconvert-7.17.1-1.1 package on the GA media of openSUSE Tumbleweed...

8.5CVSS5.8AI score0.00306EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2026/04/21 5:18 p.m.5 views

a-mailx (=0.1.0), aepsych (>=0.3.0 <=0.4.0) +180 more potentially affected by CVE-2026-39378 via nbconvert (>=6.5.0 <=7.17.0)

nbconvert PYPI version =6.5.0, =0.3.0, =0.9.5, =0.1.0, =1.0.1, =1.0.1, =0.0.1, =1.0.0, =0.1.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.10, =0.1.20 and more Source cves: CVE-2026-39378 Source advisory: OSV:GHSA-7JQV-FW35-GMX9...

6.5CVSS5.7AI score0.00306EPSS
Exploits0
EUVD
EUVD
added 2026/04/21 5:18 p.m.7 views

EUVD-2026-24025

nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding...

6.5CVSS5.7AI score0.00306EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/21 5:18 p.m.12 views

nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding

Summary When HTMLExporter.embedimages=True, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook can exfiltrate sensitive files from the conversion host by embedding them as base64 data URIs in the output HTML. Patches Upgrade to...

6.5CVSS5.9AI score0.00306EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/21 5:18 p.m.3 views

GHSA-7JQV-FW35-GMX9 nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding

Summary When HTMLExporter.embedimages=True, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook can exfiltrate sensitive files from the conversion host by embedding them as base64 data URIs in the output HTML. Patches Upgrade to...

6.5CVSS5.9AI score0.00306EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/21 5:18 p.m.8 views

EUVD-2026-24023

nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames...

6.5CVSS5.7AI score0.00266EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/21 5:18 p.m.11 views

nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames

Arbitrary File Write via Path Traversal in Cell Attachment Filenames Summary nbconvert allows arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The ExtractAttachmentsPreprocessor passes attachment...

6.5CVSS5.9AI score0.00266EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/21 5:18 p.m.7 views

a-mailx (=0.1.0), aepsych (>=0.3.0 <=0.4.0) +180 more potentially affected by CVE-2026-39377 via nbconvert (>=6.5.0 <=7.17.0)

nbconvert PYPI version =6.5.0, =0.3.0, =0.9.5, =0.1.0, =1.0.1, =1.0.1, =0.0.1, =1.0.0, =0.1.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.10, =0.1.20 and more Source cves: CVE-2026-39377 Source advisory: OSV:GHSA-4C99-QJ7H-P3VG...

6.5CVSS5.7AI score0.00266EPSS
Exploits0
OSV
OSV
added 2026/04/21 5:18 p.m.7 views

GHSA-4C99-QJ7H-P3VG nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames

Arbitrary File Write via Path Traversal in Cell Attachment Filenames Summary nbconvert allows arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The ExtractAttachmentsPreprocessor passes attachment...

6.5CVSS5.9AI score0.00266EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/21 2:1 p.m.7 views

CVE-2026-39377

A flaw was found in nbconvert, a tool used to convert Jupyter notebooks. When processing notebooks containing specially crafted cell attachment filenames, a remote attacker can exploit a path traversal vulnerability. This allows the attacker to write arbitrary files to locations outside the...

6.5CVSS5.9AI score0.00266EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/04/21 2:8 a.m.4 views

a-mailx (=0.1.0), aepsych (>=0.3.0 <=0.4.0) +180 more potentially affected by CVE-2026-39378 via nbconvert (>=6.5.0 <=7.17.0)

nbconvert PYPI version =6.5.0, =0.3.0, =0.9.5, =0.1.0, =1.0.1, =1.0.1, =0.0.1, =1.0.0, =0.1.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.10, =0.1.20 and more Source cves: CVE-2026-39378 Source advisory: SNYK:PYTHON-NBCONVERT-16115385...

6.5CVSS5.7AI score0.00306EPSS
Exploits0
Rows per page
Query Builder