Vulnerabilities > Jupyter
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-13 | CVE-2020-36191 | Cross-Site Request Forgery (CSRF) vulnerability in Jupyter Jupyterhub 1.1.0 JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account). | 3.5 |
| 2020-12-21 | CVE-2020-26275 | Open Redirect vulnerability in Jupyter Server The Jupyter Server provides the backend (i.e. | 5.8 |
| 2020-12-01 | CVE-2020-26250 | Incorrect Authorization vulnerability in Jupyter Oauthenticator 0.12.0/0.12.1 OAuthenticator is an OAuth login mechanism for JupyterHub. | 3.5 |
| 2020-11-24 | CVE-2020-26232 | Open Redirect vulnerability in Jupyter Server Jupyter Server before version 1.0.6 has an Open redirect vulnerability. | 5.5 |
| 2020-11-18 | CVE-2020-26215 | Open Redirect vulnerability in multiple products Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. | 5.8 |
| 2019-10-31 | CVE-2018-21030 | Incorrect Authorization vulnerability in Jupyter Notebook Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. | 5.0 |
| 2019-04-04 | CVE-2019-10856 | Open Redirect vulnerability in Jupyter Notebook In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. | 5.8 |
| 2019-03-28 | CVE-2019-10255 | Open Redirect vulnerability in Jupyter Jupyterhub and Notebook An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. | 6.1 |
| 2019-03-12 | CVE-2019-9644 | Cross-site Scripting vulnerability in Jupyter Notebook An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. | 5.4 |
| 2018-11-18 | CVE-2018-19352 | Cross-site Scripting vulnerability in Jupyter Notebook Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely. | 4.3 |