| CVE-2026-35397 |
high |
8.8 |
8.8 |
|
|
|
29d ago |
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_d… |
| CVE-2026-40110 |
high |
7.3 |
7.3 |
|
|
|
29d ago |
Jupyter Server has a CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat` (from huntr) |
| CVE-2026-40934 |
medium |
6.8 |
6.8 |
|
|
|
29d ago |
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runt… |
| CVE-2025-61669 |
medium |
6.1 |
6.1 |
|
|
|
29d ago |
Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._red… |
| CVE-2020-26275 |
medium |
— |
5.5 |
|
|
|
6y ago |
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version … |
| CVE-2024-35178 |
unknown |
— |
— |
|
|
|
2y ago |
The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows us… |
| CVE-2023-49080 |
unknown |
— |
— |
|
|
|
3y ago |
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests … |
| CVE-2023-39968 |
unknown |
— |
— |
|
|
|
3y ago |
jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in se… |
| CVE-2023-40170 |
unknown |
— |
— |
|
|
|
3y ago |
jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untr… |
| CVE-2022-29241 |
unknown |
— |
— |
|
|
|
4y ago |
Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with … |
| CVE-2022-24757 |
unknown |
— |
— |
|
|
|
4y ago |
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information … |
| CVE-2020-26232 |
unknown |
— |
— |
|
|
|
6y ago |
Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are techn… |
