Vulnerabilities > Jupyter > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-11-03 CVE-2021-41134 Cross-site Scripting vulnerability in Jupyter Nbdime and Nbdime-Jupyterlab
nbdime provides tools for diffing and merging of Jupyter Notebooks.
network
low complexity
jupyter CWE-79
5.4
5.4
2021-01-13 CVE-2020-36191 Cross-Site Request Forgery (CSRF) vulnerability in Jupyter Jupyterhub 1.1.0
JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).
network
low complexity
jupyter CWE-352
4.5
4.5
2020-12-21 CVE-2020-26275 Open Redirect vulnerability in Jupyter Server
The Jupyter Server provides the backend (i.e.
network
low complexity
jupyter CWE-601
6.1
6.1
2020-12-01 CVE-2020-26250 Incorrect Authorization vulnerability in Jupyter Oauthenticator 0.12.0/0.12.1
OAuthenticator is an OAuth login mechanism for JupyterHub.
network
high complexity
jupyter CWE-863
6.3
6.3
2020-11-24 CVE-2020-26232 Open Redirect vulnerability in Jupyter Server
Jupyter Server before version 1.0.6 has an Open redirect vulnerability.
network
low complexity
jupyter CWE-601
5.4
5.4
2020-11-18 CVE-2020-26215 Open Redirect vulnerability in multiple products
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability.
network
low complexity
jupyter debian CWE-601
6.1
6.1
2019-10-31 CVE-2018-21030 Incorrect Authorization vulnerability in Jupyter Notebook
Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin.
network
low complexity
jupyter CWE-863
5.3
5.3
2019-04-04 CVE-2019-10856 Open Redirect vulnerability in Jupyter Notebook
In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc.
network
low complexity
jupyter CWE-601
6.1
6.1
2019-03-28 CVE-2019-10255 Open Redirect vulnerability in Jupyter Jupyterhub and Notebook
An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login.
network
low complexity
jupyter CWE-601
6.1
6.1
2019-03-12 CVE-2019-9644 Cross-site Scripting vulnerability in Jupyter Notebook
An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server.
network
low complexity
jupyter CWE-79
5.4
5.4