EUVD-2021-0140

Malware in sbrugna...

OPENSUSE-SU-2025:15502-1 jupyter-nbdime-7.0.2-23.1 on GA media

These are all security issues fixed in the jupyter-nbdime-7.0.2-23.1 package on the GA media of openSUSE Tumbleweed...

jupyter-nbdime-7.0.2-21.1 on GA media (moderate)

jupyter-nbdime-7.0.2-21.1 on GA media Announcement ID: openSUSE-SU-2025:15380-1 Rating: moderate Cross-References: CVE-2025-7783 CVSS scores: CVE-2025-7783 SUSE : 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N CVE-2025-7783 SUSE : 9.4...

OPENSUSE-SU-2025:15380-1 jupyter-nbdime-7.0.2-21.1 on GA media

These are all security issues fixed in the jupyter-nbdime-7.0.2-21.1 package on the GA media of openSUSE Tumbleweed...

jupyter-nbdime-7.0.2-20.1 on GA media (moderate)

jupyter-nbdime-7.0.2-20.1 on GA media Announcement ID: openSUSE-SU-2025:15276-1 Rating: moderate Cross-References: CVE-2025-5889 CVSS scores: CVE-2025-5889 SUSE : 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2025-5889 SUSE : 2 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:...

OPENSUSE-SU-2025:15276-1 jupyter-nbdime-7.0.2-20.1 on GA media

These are all security issues fixed in the jupyter-nbdime-7.0.2-20.1 package on the GA media of openSUSE Tumbleweed...

Fedora: Security Advisory (FEDORA-2024-01e170c1ac)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 41 Update: python-nbdime-4.0.2-2.fc41

Nbdime provides tools for diffing and merging of Jupyter notebooks. - nbdiff: compare notebooks in a terminal-friendly way - nbmerge: three-way merge of notebooks with automatic conflict resolution - nbdiff-web: shows you a rich rendered diff of notebooks - nbmerge-web: gives you a web-based...

Fedora 40 : python-nbdime (2024-d32fd0e2d1)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-d32fd0e2d1 advisory. This update fixes CVE-2024-55565 by updating the vendored JavaScript to include a version of nanoid without the security issue. Tenable has extracted the...

Fedora: Security Advisory (FEDORA-2024-d32fd0e2d1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 41 : python-nbdime (2024-01e170c1ac)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-01e170c1ac advisory. This update fixes CVE-2024-55565 by updating the vendored JavaScript to include a version of nanoid without the security issue. Tenable has extracted the...

OPENSUSE-SU-2024:14560-1 jupyter-nbdime-7.0.2-18.1 on GA media

These are all security issues fixed in the jupyter-nbdime-7.0.2-18.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11630-1 jupyter-nbdime-6.1.2-8.1 on GA media

These are all security issues fixed in the jupyter-nbdime-6.1.2-8.1 package on the GA media of openSUSE Tumbleweed...

SUSE CVE-2021-41134

nbdime provides tools for diffing and merging of Jupyter Notebooks. In affected versions a stored cross-site scripting XSS issue exists within the Jupyter-owned nbdime project. It appears that when reading the file name and path from disk, the extension does not sanitize the string it constructs...

Stored XSS in Jupyter nbdime

Impact Improper handling of user controlled input caused a stored cross-site scripting XSS vulnerability. All previous versions of nbdime are affected. Patches Security patches will be released for each of the major versions of the nbdime packages since version 1.x of the nbdime python package...

GHSA-P6RW-44Q7-3FW4 Stored XSS in Jupyter nbdime

Impact Improper handling of user controlled input caused a stored cross-site scripting XSS vulnerability. All previous versions of nbdime are affected. Patches Security patches will be released for each of the major versions of the nbdime packages since version 1.x of the nbdime python package...

@jupyterlab/git (>=0.1.0 <=0.6.0), nbdime-jupyterlab (>=0.1.0 <=0.6.1) potentially affected by CVE-2021-41134 via nbdime (>=1.0.4 <=4.0.2)

nbdime NPM version =1.0.4, =0.1.0, =0.1.0, =0.6.1 Source cves: CVE-2021-41134 Source advisory: OSV:GHSA-P6RW-44Q7-3FW4...

jupyterlab-git (>=0.30.0b1 <=0.30.0b3) potentially affected by CVE-2021-41134 via nbdime (=3.0.0)

nbdime PYPI version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on nbdime and may be impacted: - jupyterlab-git =0.30.0b1, =0.30.0b3 Source cves: CVE-2021-41134 Source advisory: OSV:GHSA-P6RW-44Q7-3FW4...

Cross-site Scripting (XSS)

nbdime is vulnerable to cross-site scripting. The library does not properly sanitize input strings, allowing an attacker to inject and execute malicious javascript...

CVE-2021-41134

nbdime provides tools for diffing and merging of Jupyter Notebooks. In affected versions a stored cross-site scripting XSS issue exists within the Jupyter-owned nbdime project. It appears that when reading the file name and path from disk, the extension does not sanitize the string it constructs...