| CVE-2026-35397 |
high |
8.8 |
8.8 |
|
|
|
23d ago |
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_d… |
| CVE-2026-40110 |
high |
7.3 |
7.3 |
|
|
|
23d ago |
Jupyter Server has a CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat` (from huntr) |
| CVE-2026-40934 |
medium |
6.8 |
6.8 |
|
|
|
23d ago |
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runt… |
| CVE-2025-61669 |
medium |
6.1 |
6.1 |
|
|
|
23d ago |
Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._red… |
| CVE-2020-26275 |
medium |
— |
5.5 |
|
|
|
6y ago |
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version … |