Vulnerabilities > Jupyter

DATE CVE VULNERABILITY TITLE RISK
2021-08-09 CVE-2021-32798 Cross-site Scripting vulnerability in Jupyter Notebook
The Jupyter notebook is a web-based notebook environment for interactive computing.
network
jupyter CWE-79
6.8
2021-01-13 CVE-2020-36191 Cross-Site Request Forgery (CSRF) vulnerability in Jupyter Jupyterhub 1.1.0
JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).
network
jupyter CWE-352
3.5
2020-12-21 CVE-2020-26275 Open Redirect vulnerability in Jupyter Server
The Jupyter Server provides the backend (i.e.
network
jupyter CWE-601
5.8
2020-12-01 CVE-2020-26250 Incorrect Authorization vulnerability in Jupyter Oauthenticator 0.12.0/0.12.1
OAuthenticator is an OAuth login mechanism for JupyterHub.
network
jupyter CWE-863
3.5
2020-11-24 CVE-2020-26232 Open Redirect vulnerability in Jupyter Server
Jupyter Server before version 1.0.6 has an Open redirect vulnerability.
network
low complexity
jupyter CWE-601
5.5
2020-11-18 CVE-2020-26215 Open Redirect vulnerability in multiple products
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability.
5.8
2019-10-31 CVE-2018-21030 Incorrect Authorization vulnerability in Jupyter Notebook
Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin.
network
low complexity
jupyter CWE-863
5.0
2019-04-04 CVE-2019-10856 Open Redirect vulnerability in Jupyter Notebook
In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc.
network
jupyter CWE-601
5.8
2019-03-28 CVE-2019-10255 Open Redirect vulnerability in Jupyter Jupyterhub and Notebook
An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login.
network
jupyter CWE-601
5.8
2019-03-12 CVE-2019-9644 Cross-site Scripting vulnerability in Jupyter Notebook
An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server.
network
jupyter CWE-79
4.3