Vulnerabilities > Jupyter > Notebook > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-28 CVE-2024-43805 Cross-site Scripting vulnerability in Jupyter Jupyterlab and Notebook
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture.
network
low complexity
jupyter CWE-79
6.1
2024-01-19 CVE-2024-22420 Cross-site Scripting vulnerability in multiple products
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture.
network
low complexity
jupyter fedoraproject CWE-79
6.1
2024-01-19 CVE-2024-22421 Relative Path Traversal vulnerability in multiple products
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture.
network
low complexity
jupyter fedoraproject CWE-23
6.5
2022-06-14 CVE-2022-29238 Forced Browsing vulnerability in Jupyter Notebook
Jupyter Notebook is a web-based notebook environment for interactive computing.
network
low complexity
jupyter CWE-425
4.3
2020-11-18 CVE-2020-26215 Open Redirect vulnerability in multiple products
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability.
network
low complexity
jupyter debian CWE-601
6.1
2019-10-31 CVE-2018-21030 Incorrect Authorization vulnerability in Jupyter Notebook
Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin.
network
low complexity
jupyter CWE-863
5.3
2019-04-04 CVE-2019-10856 Open Redirect vulnerability in Jupyter Notebook
In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc.
network
low complexity
jupyter CWE-601
6.1
2019-03-28 CVE-2019-10255 Open Redirect vulnerability in Jupyter Jupyterhub and Notebook
An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login.
network
low complexity
jupyter CWE-601
6.1
2019-03-12 CVE-2019-9644 Cross-site Scripting vulnerability in Jupyter Notebook
An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server.
network
low complexity
jupyter CWE-79
5.4
2018-11-18 CVE-2018-19352 Cross-site Scripting vulnerability in Jupyter Notebook
Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely.
network
low complexity
jupyter CWE-79
6.1