Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
PYSEC-2026-164
  • PyPI/jupyterlab
 See record for full details 13 May
  • Fix available
  • Severity - 8.8 (High)
GHSA-mqcg-5x36-vfcg
  • PyPI/jupyterlab
  • PyPI/notebook
 JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content 06 May
  • Fix available
  • Severity - 8.6 (High)
GHSA-37w4-hwhx-4rc4
  • PyPI/jupyterlab
 JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request 05 May
  • Fix available
  • Severity - 8.8 (High)
GHSA-rch3-82jr-f9w9
  • PyPI/jupyterlab
  • PyPI/notebook
  • npm/@jupyter-notebook/help-extension
  • npm/@jupyterlab/help-extension
 Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS 30 Apr
  • Fix available
  • Severity - 8.4 (High)
GHSA-vvfj-2jqx-52jm
  • PyPI/jupyterlab
 JupyterLab LaTeX typesetter links did not enforce `noopener` attribute 26 Sep 2025
  • Fix available
  • Severity - 2.1 (Low)
GHSA-cj5w-8mjf-r5f8
  • PyPI/jupyterlab-git
 jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal" 04 Apr 2025
  • Fix available
  • Severity - 7.4 (High)
GHSA-9q39-rmj3-p4r2
  • PyPI/jupyterlab
  • PyPI/notebook
 HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering 29 Aug 2024
  • Fix available
  • Severity - 8.8 (High)
GHSA-44cc-43rp-5947
  • PyPI/jupyterlab
  • PyPI/notebook
 JupyterLab vulnerable to potential authentication and CSRF tokens leak 19 Jan 2024
  • Fix available
  • Severity - 7.6 (High)
GHSA-4m77-cmpx-vjc4
  • PyPI/jupyterlab
  • PyPI/notebook
 JupyterLab vulnerable to SXSS in Markdown Preview 19 Jan 2024
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-p6rw-44q7-3fw4
  • PyPI/nbdime
  • npm/nbdime
  • npm/nbdime-jupyterlab
 Stored XSS in Jupyter nbdime 08 Nov 2021
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-4952-p58q-6crx
  • PyPI/jupyterlab
  • PyPI/notebook
 JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form> 23 Aug 2021
  • Fix available
  • Severity - 6.3 (Medium)
PYSEC-2021-130
  • PyPI/jupyterlab
  • github.com/jupyterlab/jupyterlab
 See record for full details 09 Aug 2021
  • Fix available