Lucene search
K

1290 matches found

Wolfi
Wolfi
added 3 days ago11 views

CVE-2026-49851 vulnerabilities

Vulnerabilities for packages: jupyter-base-notebook, kubeflow-pipelines-visualization-server, tensorflow-cpu-jupyter...

8.7CVSS7AI score0.0035EPSS
Exploits0
Wolfi
Wolfi
added 3 days ago12 views

GHSA-QCQ2-496W-V96P vulnerabilities

Vulnerabilities for packages: jupyter-base-notebook, kubeflow-pipelines-visualization-server, tensorflow-cpu-jupyter...

6.1AI score
Exploits0
OSV
OSV
added last week5 views

PYSEC-2026-1481 HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering

Impact The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user...

8.8CVSS6.1AI score0.00373EPSS
Exploits0References7
PyPA
PyPA
added last week8 views

HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering

ImpactThe vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature.A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user...

8.8CVSS6.1AI score0.00373EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-688 JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>

Impact Untrusted notebook can execute code on load. This is a remote code execution, but requires user action to open a notebook. Patches Patched in the following versions: 3.1.4, 3.0.17, 2.3.2, 2.2.10, 1.2.21. References OWASP Page on Restricting Form Submissions For more information If you have...

7.4CVSS6.3AI score0.02638EPSS
Exploits1References7
OSV
OSV
added 2026/07/02 2:13 p.m.5 views

PYSEC-2026-647 Open Redirect vulnerability in jupyterhub and notebook

An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.8 and some browsers Chrome, Firefox in JupyterHub before 0.9.6 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a baseurl prefix are not affecte...

6.1CVSS6.6AI score0.01741EPSS
Exploits0References11
Fedora
Fedora
added 2026/07/01 1:22 a.m.8 views

[SECURITY] Fedora 43 Update: python-jupytext-1.19.4-1.fc43

Have you always wished Jupyter notebooks were plain text documents? Wished you could edit them in your favorite IDE? And get clear and meaningful diffs when doing version control? Then... Jupytext may well be the tool you're looking for! Jupytext is a plugin for Jupyter that can save Jupyter...

7.5CVSS5.7AI score0.00782EPSS
Exploits2
Fedora
Fedora
added 2026/07/01 1:2 a.m.8 views

[SECURITY] Fedora 44 Update: python-jupytext-1.19.4-1.fc44

Have you always wished Jupyter notebooks were plain text documents? Wished you could edit them in your favorite IDE? And get clear and meaningful diffs when doing version control? Then... Jupytext may well be the tool you're looking for! Jupytext is a plugin for Jupyter that can save Jupyter...

7.5CVSS5.7AI score0.00782EPSS
Exploits2
NVD
NVD
added 2026/06/24 9:16 p.m.7 views

CVE-2026-52816

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Jupyter Notebook ipynb sanitizer endpoint at POST /-/api/sanitizeipynb allows arbitrary data: URIs without proper restrictions, potentially leading to Cross-Site Scripting XSS. The endpoint uses bluemonday.UGCPolicy with...

6.4CVSS0.00677EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 9:16 p.m.5 views

CVE-2026-52798

Gogs is an open source self-hosted Git service. Prior to 0.14.3, although .ipynb previews are sanitized on the server side via /-/api/sanitizeipynb, the inserted content is re-rendered on the client side without sanitization using marked on elements with the .nb-markdown-cell class. During this...

8.9CVSS0.00429EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 8:26 p.m.28 views

CVE-2026-52816 Gogs: Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Jupyter Notebook ipynb sanitizer endpoint at POST /-/api/sanitizeipynb allows arbitrary data: URIs without proper restrictions, potentially leading to Cross-Site Scripting XSS. The endpoint uses bluemonday.UGCPolicy with...

6.4CVSS0.00677EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 8:26 p.m.18 views

CVE-2026-52816

Gogs exposes an unauthenticated REST endpoint POST /-/api/sanitize_ipynb that uses bluemonday.UGCPolicy with AllowURLSchemes("data"), allowing all data: URIs (including data:text/html). This enables a registered user to craft payloads that survive sanitization and execute XSS when rendered in oth...

6.4CVSS6AI score0.00677EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:14 p.m.4 views

CVE-2026-52798

Gogs is an open source self-hosted Git service. Prior to 0.14.3, although .ipynb previews are sanitized on the server side via /-/api/sanitizeipynb, the inserted content is re-rendered on the client side without sanitization using marked on elements with the .nb-markdown-cell class. During this...

8.9CVSS6AI score0.00429EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/24 8:14 p.m.17 views

CVE-2026-52798

Gogs (self-hosted Git service) is affected by CVE-2026-52798: prior to 0.14.3, .ipynb previews are sanitized server-side, but the client-side re-rendering with marked() on .nb-markdown-cell can regenerate javascript: links, enabling Stored XSS when a victim clicks a crafted link in an attacker-su...

8.9CVSS6AI score0.00429EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 5:35 p.m.20 views

CVE-2026-48704

Warp Markdown notebooks can trigger opening of executable local files via local-file links in Markdown documents. From Warp versions 0.2023.10.24.08.03.stable_00 through 0.2026.05.06.15.42.stable_01, clicking a local-file link in a rendered Markdown may route the target to a platform file opener ...

8.8CVSS5.9AI score0.00255EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/23 5:33 p.m.13 views

Gogs's Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS

Summary The Jupyter Notebook ipynb sanitizer endpoint at POST /-/api/sanitizeipynb allows arbitrary data: URIs without proper restrictions, potentially leading to Cross-Site Scripting XSS. The endpoint uses bluemonday.UGCPolicy with p.AllowURLSchemes"data" which permits all data URI schemes...

6.4CVSS6.1AI score0.00677EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/23 5:33 p.m.6 views

GHSA-3W28-36P9-W929 Gogs's Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS

Summary The Jupyter Notebook ipynb sanitizer endpoint at POST /-/api/sanitizeipynb allows arbitrary data: URIs without proper restrictions, potentially leading to Cross-Site Scripting XSS. The endpoint uses bluemonday.UGCPolicy with p.AllowURLSchemes"data" which permits all data URI schemes...

6.4CVSS6.1AI score0.00677EPSS
Exploits0References5
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.21 views

GHSA-6V7P-G79W-8964 vulnerabilities

Vulnerabilities for packages: openstack-placement-2025.2-fips, dbt-bigquery, openstack-horizon-2025.2-fips, openstack-tempest-2026.1, request-1276, openstack-glance-2025.1-fips, azure-functions-host, mitmproxy, openstack-placement-2025.1-fips, pypy-3.11, openstack-placement-2026.1,...

6.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51634

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description The Jupyter Notebook ipynb sanitizer endpoint at 'POST /-/api/sanitize ipynb' allows arbitrary data: URIs without proper restrictions, which can lead to Cross-Site Scripting XSS. The endpoint utilizes...

6.4CVSS6AI score0.00677EPSS
Exploits0References8
OSV
OSV
added 2026/06/22 11:58 p.m.4 views

GHSA-JQ8V-RMF6-65JW Gogs has Stored XSS in `.ipynb` Preview

Summary Although .ipynb previews are sanitized on the server side via /-/api/sanitizeipynb, the inserted content is re-rendered on the client side without sanitization using marked on elements with the .nb-markdown-cell class. During this process, links containing schemes such as javascript: can ...

8.9CVSS5.8AI score0.00429EPSS
Exploits0References5
Rows per page
Query Builder