Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jupyter notebook vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-7337
The editor in IPython Notebook prior to 3.2.2 and Jupyter Notebook 4.0.x prior to 4.0.5 allows remote malicious users to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.
Ipython Notebook
Jupyter Notebook 4.0.4
Jupyter Notebook 4.0.3
Jupyter Notebook 4.0.2
Jupyter Notebook 4.0.1
Jupyter Notebook 4.0.0
9.6
CVSSv3
CVE-2021-32798
The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an ...
Jupyter Notebook
Jupyter Notebook 6.4.0
NA
CVE-2015-6938
Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook prior to 3.2.2 and Jupyter Notebook 4.0.x prior to 4.0.5 allows remote malicious users to inject arbitrary web script or HTML via a folder name. NOTE: this was originally r...
Jupyter Notebook 4.0.4
Jupyter Notebook 4.0.3
Jupyter Notebook 4.0.2
Jupyter Notebook 4.0.1
Jupyter Notebook 4.0.0
Fedoraproject Fedora 22
Fedoraproject Fedora 23
Fedoraproject Fedora 21
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Ipython Notebook
6.1
CVSSv3
CVE-2019-10255
An Open Redirect vulnerability for all browsers in Jupyter Notebook prior to 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub prior to 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_ur...
Jupyter Jupyterhub
Jupyter Notebook
5.4
CVSSv3
CVE-2019-9644
An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook prior to 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer thro...
Jupyter Notebook
7.5
CVSSv3
CVE-2022-24758
The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter ser...
Jupyter Notebook
6.1
CVSSv3
CVE-2018-19351
Jupyter Notebook prior to 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers...
Jupyter Notebook
6.1
CVSSv3
CVE-2018-19352
Jupyter Notebook prior to 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely.
Jupyter Notebook
4.3
CVSSv3
CVE-2022-29238
Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, not accessing individual h...
Jupyter Notebook
7.8
CVSSv3
CVE-2018-8768
In Jupyter Notebook prior to 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous.
Jupyter Notebook
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »