VIR Vulnerability Intelligence Relay

Package impact

PIP / jupyter-server

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-35397 high 8.8 8.8 23d ago Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_d… debianpython
CVE-2026-40110 high 7.3 7.3 23d ago Jupyter Server has a CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat` (from huntr) debianpython
CVE-2026-40934 medium 6.8 6.8 23d ago Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runt… debianpython
CVE-2025-61669 medium 6.1 6.1 23d ago Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._red… debianpython
CVE-2020-26275 medium 5.5 6y ago The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version … debianpython