VIR Vulnerability Intelligence Relay

Package impact

python PyPI / notebook

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-42557 high 8.0 15d ago JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content debianpython
CVE-2026-40171 high 8.0 22d ago Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS debiannpmpython
CVE-2021-32798 high 8.0 5y ago The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Goo… archdebianpython
CVE-2021-32797 high 8.0 5y ago JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterL… archdebianpython
CVE-2015-7337 medium 6.8 11y ago The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files… debianpython
CVE-2018-19352 medium 5.5 8y ago Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely. archdebianpython
CVE-2018-19351 medium 5.5 8y ago Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can e… archdebianpython
CVE-2015-6938 medium 4.3 4y ago Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbi… debiansusefedorapython