Known Vulnerabilities for products from Jupyter
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Jupyter".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-24758 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-03-31 | 2022-04-08 |
| CVE-2022-24757 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-03-23 | 2022-04-04 |
| CVE-2022-21697 | Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to ... | 7.1 - HIGH | 2022-01-25 | 2022-02-01 |
| CVE-2021-41247 | JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab... | 7.5 - HIGH | 2021-11-04 | 2021-11-10 |
| CVE-2021-41134 | nbdime provides tools for diffing and merging of Jupyter Notebooks. In affected versions a stored cross-site scripting (XSS) ... | 5.4 - MEDIUM | 2021-11-03 | 2021-11-05 |
| CVE-2021-39159 | BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from... | 9.8 - CRITICAL | 2021-08-25 | 2022-10-25 |
| CVE-2021-32862 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2022-08-18 | 2024-01-25 |
| CVE-2021-32798 | The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook c... | 9.6 - CRITICAL | 2021-08-09 | 2021-08-17 |
| CVE-2021-32797 | JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected ve... | 9.6 - CRITICAL | 2021-08-09 | 2022-04-07 |
| CVE-2020-36191 | JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user r... | 4.5 - MEDIUM | 2021-01-13 | 2021-01-19 |
| CVE-2020-26275 | The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like ... | 6.1 - MEDIUM | 2020-12-21 | 2022-08-06 |
| CVE-2020-26250 | OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the depre... | 6.3 - MEDIUM | 2020-12-01 | 2020-12-08 |
| CVE-2020-26232 | Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could ... | 5.4 - MEDIUM | 2020-11-24 | 2020-12-02 |
| CVE-2020-26215 | Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server cou... | 6.1 - MEDIUM | 2020-11-18 | 2020-12-03 |
| CVE-2019-10856 | In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete ... | 6.1 - MEDIUM | 2019-04-04 | 2019-04-05 |
| CVE-2019-10255 | An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in Jupyt... | 6.1 - MEDIUM | 2019-03-28 | 2023-11-07 |
| CVE-2019-9644 | An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious page... | 5.4 - MEDIUM | 2019-03-12 | 2023-11-07 |
| CVE-2018-21030 | Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for ex... | 5.3 - MEDIUM | 2019-10-31 | 2020-11-19 |
| CVE-2018-19352 | Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles... | 6.1 - MEDIUM | 2018-11-18 | 2018-12-17 |
| CVE-2018-19351 | Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the sam... | 6.1 - MEDIUM | 2018-11-18 | 2023-11-07 |
Known software with vulnerabilities from Jupyter
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Jupyter | Jupyter Server | 0.0.1 |
| Application | Jupyter | Jupyterhub | 0.1.0 |
| Application | Jupyter | Notebook | 4.0.0 |
| Application | Jupyter | Oauthenticator | 0.1.0 |