Vulnerabilities > Jupyter > Notebook > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-28 | CVE-2024-43805 | Cross-site Scripting vulnerability in Jupyter Jupyterlab and Notebook jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. | 6.1 |
| 2024-01-19 | CVE-2024-22420 | Cross-site Scripting vulnerability in multiple products JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. | 6.1 |
| 2024-01-19 | CVE-2024-22421 | Relative Path Traversal vulnerability in multiple products JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. | 6.5 |
| 2022-06-14 | CVE-2022-29238 | Forced Browsing vulnerability in Jupyter Notebook Jupyter Notebook is a web-based notebook environment for interactive computing. | 4.3 |
| 2020-11-18 | CVE-2020-26215 | Open Redirect vulnerability in multiple products Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. | 6.1 |
| 2019-10-31 | CVE-2018-21030 | Incorrect Authorization vulnerability in Jupyter Notebook Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. | 5.3 |
| 2019-04-04 | CVE-2019-10856 | Open Redirect vulnerability in Jupyter Notebook In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. | 6.1 |
| 2019-03-28 | CVE-2019-10255 | Open Redirect vulnerability in Jupyter Jupyterhub and Notebook An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. | 6.1 |
| 2019-03-12 | CVE-2019-9644 | Cross-site Scripting vulnerability in Jupyter Notebook An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. | 5.4 |
| 2018-11-18 | CVE-2018-19352 | Cross-site Scripting vulnerability in Jupyter Notebook Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely. | 6.1 |