HIGH PyPI
GHSA-24qx-w28j-9m6p · CVE-2026-40110 Jupyter Server has a CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat` (from huntr)
Modified: 5/8/2026
package
PyPI / jupyter-server
pkg:pypi/jupyter-server
HIGH 7.1 PyPI
GHSA-5789-5fc7-67v3 · CVE-2026-35397, PYSEC-2026-68 Jupyter Server: Path Traversal via incorrect startswith() root directory check allows access to sibling directories
Modified: 6/6/2026
MEDIUM 6.8 PyPI
GHSA-5mrq-x3x5-8v8f · CVE-2026-40934, PYSEC-2026-69 Jupyter Server's Authentication Cookies Remain Valid After Password Reset and Server Restart
Modified: 6/6/2026
MEDIUM 4.6 PyPI
GHSA-64x5-55rw-9974 · CVE-2023-40170, PYSEC-2023-157 cross-site inclusion (XSSI) of files in jupyter-server
Modified: 2/4/2026
MEDIUM 6.1 PyPI
GHSA-9f66-54xg-pc2c · CVE-2020-26275, PYSEC-2020-346 Jupyter Server open redirect vulnerability
Modified: 5/19/2026
MEDIUM 4.1 PyPI
GHSA-grfj-wjv9-4f9v · CVE-2020-26232, PYSEC-2020-234 Open redirect in Jupyter Server
Modified: 3/13/2026
MEDIUM 4.3 PyPI
GHSA-h56g-gq9v-vc8r · CVE-2023-49080, PYSEC-2023-272 jupyter-server errors include tracebacks with path information
Modified: 2/4/2026
HIGH 7.5 PyPI
GHSA-hrw6-wg82-cm62 · CVE-2024-35178, PYSEC-2024-165 Jupyter server on Windows discloses Windows user password hash
Modified: 6/10/2026
HIGH 7.5 PyPI
GHSA-p737-p57g-4cpr · CVE-2022-24757, PYSEC-2022-179 Insertion of Sensitive Information into Log File in Jupyter notebook
Modified: 11/8/2023
HIGH 7.1 PyPI
GHSA-q874-g24w-4q9g · CVE-2022-29241, PYSEC-2022-211 Jupyter server Token bruteforcing
Modified: 2/4/2026
MEDIUM PyPI
GHSA-qh7q-6qm3-653w · CVE-2025-61669, PYSEC-2026-67 Jupyter Server has an open redirection vulnerability in `next` query parameter
Modified: 6/5/2026
MEDIUM 6.1 PyPI
GHSA-r726-vmfq-j9j3 · CVE-2023-39968, PYSEC-2023-155 Open Redirect Vulnerability in jupyter-server
Modified: 2/4/2026
— PyPI
PYSEC-2020-234 · CVE-2020-26232, GHSA-grfj-wjv9-4f9v Modified: 11/8/2023
MEDIUM 6.1 PyPI
PYSEC-2020-346 · CVE-2020-26275, GHSA-9f66-54xg-pc2c Modified: 5/19/2026
— PyPI
PYSEC-2020-50 · CVE-2020-26275, GHSA-9f66-54xg-pc2c Modified: 5/19/2026
— PyPI
PYSEC-2022-179 · CVE-2022-24757, GHSA-p737-p57g-4cpr Modified: 11/8/2023
— PyPI
PYSEC-2022-211 · CVE-2022-29241, GHSA-q874-g24w-4q9g Modified: 11/8/2023
MEDIUM 6.1 PyPI
PYSEC-2023-155 · CVE-2023-39968, GHSA-r726-vmfq-j9j3 Modified: 11/8/2023
MEDIUM 6.1 PyPI
PYSEC-2023-157 · CVE-2023-40170, GHSA-64x5-55rw-9974 Modified: 11/8/2023
MEDIUM 4.3 PyPI
PYSEC-2023-272 · CVE-2023-49080, GHSA-h56g-gq9v-vc8r Modified: 11/21/2024
HIGH 7.5 PyPI
PYSEC-2024-165 · CVE-2024-35178, GHSA-hrw6-wg82-cm62 Modified: 6/10/2026
MEDIUM 6.1 PyPI
PYSEC-2026-67 · CVE-2025-61669, GHSA-qh7q-6qm3-653w Modified: 5/20/2026
HIGH 8.8 PyPI
PYSEC-2026-68 · CVE-2026-35397, GHSA-5789-5fc7-67v3 Modified: 5/20/2026
MEDIUM 6.8 PyPI
PYSEC-2026-69 · CVE-2026-40934, GHSA-5mrq-x3x5-8v8f Modified: 5/20/2026