VIR Vulnerability Intelligence Relay

Package impact

python PyPI / jupyterhub

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-40864 medium 5.4 5.4 5d ago JupyterHub has cross-origin form POSTs bypass XSRF (CWE-352) debianpython
CVE-2026-33709 unknown 2mo ago JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to version 5.4.4, an open redirect vulnerability in JupyterHub allows attackers to construct links wh… debianpython
CVE-2024-41942 unknown 2y ago JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the `admin:users` scope, they may escalate their ow… debianpython
CVE-2024-28233 unknown 2y ago JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former's session. … debianpython
CVE-2020-36191 unknown 4y ago JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account). debianpython
CVE-2021-41247 unknown 5y ago JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the… debianpython
CVE-2019-10255 unknown 7y ago Open Redirect vulnerability in jupyterhub and notebook debianpython