4 matches found
CVE-2026-52798
Gogs is an open source self-hosted Git service. Prior to 0.14.3, although .ipynb previews are sanitized on the server side via /-/api/sanitizeipynb, the inserted content is re-rendered on the client side without sanitization using marked on elements with the .nb-markdown-cell class. During this...
CVE-2026-48704
Warp Markdown notebooks can trigger opening of executable local files via local-file links in Markdown documents. From Warp versions 0.2023.10.24.08.03.stable_00 through 0.2026.05.06.15.42.stable_01, clicking a local-file link in a rendered Markdown may route the target to a platform file opener ...
CVE-2026-48704 Warp Markdown notebook links may open executable local files
Warp is an agentic development environment. From 0.2023.10.24.08.03.stable00 until 0.2026.05.06.15.42.stable01, Warp may open executable local files through the operating system default file handler. A malicious Markdown document or project can contain a local-file link that appears as normal...
Cross-site Scripting (XSS)
Overview @jupyterlab/rendermime is a JupyterLab - RenderMime Affected versions of this package are vulnerable to Cross-site Scripting XSS via the handling of data-commandlinker-command and data-commandlinker-args attributes in HTML content. An attacker can execute arbitrary commands, including co...