Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
PYSEC-2026-2681
  • PyPI/notebook
JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content 6 days ago
  • Fix available
  • Severity - 8.6 (High)
PYSEC-2026-2537
  • PyPI/jupyterlab
JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content 6 days ago
  • Fix available
  • Severity - 8.6 (High)
PYSEC-2026-2538
  • PyPI/jupyterlab
Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS 6 days ago
  • Fix available
  • Severity - 8.4 (High)
PYSEC-2026-2682
  • PyPI/notebook
Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS 6 days ago
  • Fix available
  • Severity - 8.4 (High)
PYSEC-2026-2536
  • PyPI/jupyterlab
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering 6 days ago
  • Fix available
  • Severity - 8.8 (High)
PYSEC-2026-2534
  • PyPI/jupyterlab
JupyterLab vulnerable to potential authentication and CSRF tokens leak 6 days ago
  • Fix available
  • Severity - 7.6 (High)
PYSEC-2026-2535
  • PyPI/jupyterlab
JupyterLab vulnerable to SXSS in Markdown Preview 6 days ago
  • Fix available
  • Severity - 6.5 (Medium)
PYSEC-2026-2531
  • PyPI/jupyter-notebook
Improper Neutralization of Input During Web Page Generation in Jupyter Notebook 09 Jul
  • Fix available
  • Severity - 5.1 (Medium)
PYSEC-2026-2683
  • PyPI/notebook
Open Redirect vulnerability in jupyterhub and notebook 09 Jul
  • Fix available
  • Severity - 6.1 (Medium)
PYSEC-2026-1481
  • PyPI/notebook
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering 07 Jul
  • Fix available
  • Severity - 8.8 (High)
PYSEC-2026-1706
  • PyPI/notebook
JupyterLab vulnerable to potential authentication and CSRF tokens leak 07 Jul
  • Fix available
  • Severity - 7.6 (High)
PYSEC-2026-1707
  • PyPI/notebook
JupyterLab vulnerable to SXSS in Markdown Preview 07 Jul
  • Fix available
  • Severity - 6.5 (Medium)
PYSEC-2026-688
  • PyPI/notebook
JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form> 02 Jul
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-mqcg-5x36-vfcg
  • PyPI/jupyterlab
  • PyPI/notebook
JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content 06 May
  • Fix available
  • Severity - 8.6 (High)
GHSA-rch3-82jr-f9w9
  • PyPI/jupyterlab
  • PyPI/notebook
  • npm/@jupyter-notebook/help-extension
  • npm/@jupyterlab/help-extension
Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS 30 Apr
  • Fix available
  • Severity - 8.4 (High)
GHSA-9q39-rmj3-p4r2
  • PyPI/jupyterlab
  • PyPI/notebook
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering 29 Aug 2024
  • Fix available
  • Severity - 8.8 (High)