Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jupyter notebook vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2020-26215
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasona...
Jupyter Notebook
Debian Debian Linux 9.0
9.3
CVSSv2
CVE-2020-16977
<p>A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged...
Microsoft Visual Studio Code -
1 Github repository
5
CVSSv2
CVE-2018-21030
Jupyter Notebook prior to 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document.
Jupyter Notebook
5.8
CVSSv2
CVE-2019-10856
In Jupyter Notebook prior to 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255.
Jupyter Notebook
5.8
CVSSv2
CVE-2019-10255
An Open Redirect vulnerability for all browsers in Jupyter Notebook prior to 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub prior to 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_ur...
Jupyter Jupyterhub
Jupyter Notebook
4.3
CVSSv2
CVE-2019-9644
An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook prior to 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer thro...
Jupyter Notebook
4.3
CVSSv2
CVE-2018-19351
Jupyter Notebook prior to 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers...
Jupyter Notebook
4.3
CVSSv2
CVE-2018-19352
Jupyter Notebook prior to 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely.
Jupyter Notebook
6.8
CVSSv2
CVE-2018-8768
In Jupyter Notebook prior to 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous.
Jupyter Notebook
6.8
CVSSv2
CVE-2015-7337
The editor in IPython Notebook prior to 3.2.2 and Jupyter Notebook 4.0.x prior to 4.0.5 allows remote malicious users to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.
Ipython Notebook
Jupyter Notebook 4.0.4
Jupyter Notebook 4.0.3
Jupyter Notebook 4.0.2
Jupyter Notebook 4.0.1
Jupyter Notebook 4.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »