JetBrains PyCharm 跨站脚本漏洞

JetBrains PyCharm is an integrated development environment IDE for Python language developed by the Czech company JetBrains. Versions of JetBrains PyCharm prior to 2025.3.4 contained a cross-site scripting vulnerability, which originated from Markdown cells in Jupyter notebooks, where a...

Astra Linux - уязвимость в nbconvert

The GitHub Security Lab identified sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML, which may lead to cross-site scripting XSS vulnerabilities if...

[SECURITY] Fedora 44 Update: python-jupytext-1.19.1-4.fc44

Have you always wished Jupyter notebooks were plain text documents? Wished you could edit them in your favorite IDE? And get clear and meaningful diffs when doing version control? Then... Jupytext may well be the tool you're looking for! Jupytext is a plugin for Jupyter that can save Jupyter...

[SECURITY] Fedora 42 Update: python-jupytext-1.19.1-4.fc42

Have you always wished Jupyter notebooks were plain text documents? Wished you could edit them in your favorite IDE? And get clear and meaningful diffs when doing version control? Then... Jupytext may well be the tool you're looking for! Jupytext is a plugin for Jupyter that can save Jupyter...

[SECURITY] Fedora 43 Update: python-jupytext-1.19.1-4.fc43

Have you always wished Jupyter notebooks were plain text documents? Wished you could edit them in your favorite IDE? And get clear and meaningful diffs when doing version control? Then... Jupytext may well be the tool you're looking for! Jupytext is a plugin for Jupyter that can save Jupyter...

Cross-site Scripting (XSS)

Overview @jupyterlab/rendermime-interfaces is a JupyterLab - Interfaces for Mime Renderers Affected versions of this package are vulnerable to Cross-site Scripting XSS via the handling of data-commandlinker-command and data-commandlinker-args attributes in HTML content. An attacker can execute...

CVE-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker

In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...

PT-2026-36305

Name of the Vulnerable Software and Affected Versions Jupyter Notebook versions prior to 7.5.6 JupyterLab versions prior to 4.5.7 Description A stored Cross-Site Scripting XSS issue allows attackers to steal authentication tokens from users who open malicious notebook files and interact with...

[SECURITY] Fedora 44 Update: LabPlot-2.12.1-17.fc44

LabPlot is a FREE, open source and cross-platform Data Visualization and Analysis software accessible to everyone. - High-quality Data Visualization and Plotting with just a few clicks - Reliable and easy Data Analysis and Statistics, no coding required! - Intuitive and fast Computing with...

CVE-2026-39378

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when HTMLExporter.embedimages=True, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook...

UBUNTU-CVE-2026-39378

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when HTMLExporter.embedimages=True, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook...

CVE-2026-39377

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The...

UBUNTU-CVE-2026-39377

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The...

CVE-2026-30926 SiYuan Note publish service authorization bypass allows low-privilege users to modify notebook content

SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts RoleReader to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint...

EUVD-2026-10394

SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts RoleReader to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint...

PT-2026-24116

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.10 Description A privilege escalation issue exists in the publish service of SiYuan Note. A low-privilege publish account RoleReader can modify notebook content through the /api/block/appendHeadingChildren API...

📄 WordPress Project Notebooks 1.1.4 Remote Code Execution

Proof of concept exploit for the WordPress Project Notebooks plugin version 1.1.4 remote code execution vulnerability that allows for privilege escalation through improper validation of AJAX actions and nonce exposure...

Cross-site Scripting (XSS)

Overview google-cloud-aiplatform is a Vertex AI API client library Affected versions of this package are vulnerable to Cross-site Scripting XSS via the genai/evalsvisualization component. An attacker can execute arbitrary JavaScript code in a victim's Jupyter or Colab environment by injecting...

[SECURITY] Fedora 43 Update: python-jupytext-1.19.1-1.fc43

Have you always wished Jupyter notebooks were plain text documents? Wished you could edit them in your favorite IDE? And get clear and meaningful diffs when doing version control? Then... Jupytext may well be the tool you're looking for! Jupytext is a plugin for Jupyter that can save Jupyter...

[SECURITY] Fedora 42 Update: python-jupytext-1.19.1-1.fc42

Have you always wished Jupyter notebooks were plain text documents? Wished you could edit them in your favorite IDE? And get clear and meaningful diffs when doing version control? Then... Jupytext may well be the tool you're looking for! Jupytext is a plugin for Jupyter that can save Jupyter...