Package impact
PyPI / jupyter-server
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-35397 | high | 8.8 | 8.8 | 23d ago | Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_d… | |||
| CVE-2026-40110 | high | 7.3 | 7.3 | 23d ago | Jupyter Server has a CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat` (from huntr) |