MEDIUM 6.1 PyPI
GHSA-3p4q-x8f3-p7vq · CVE-2018-19352, PYSEC-2018-18 Jupyter Notebook XSS via directory name
Modified: 9/27/2024
package
PyPI / notebook
pkg:pypi/notebook
HIGH 7.6 PyPI
GHSA-44cc-43rp-5947 · BIT-jupyter-base-notebook-2024-22421, BIT-jupyter-notebook-2024-22421 JupyterLab vulnerable to potential authentication and CSRF tokens leak
Modified: 2/20/2024
HIGH 7.4 PyPI
GHSA-4952-p58q-6crx · BIT-jupyterlab-2021-32797, CVE-2021-32797 JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>
Modified: 3/13/2026
MEDIUM 6.1 PyPI
GHSA-49qr-xh3w-h436 · CVE-2018-19351, PYSEC-2018-17 Jupyter Notebook XSS via untrusted notebooks
Modified: 9/27/2024
MEDIUM 6.5 PyPI
GHSA-4m77-cmpx-vjc4 · BIT-jupyter-base-notebook-2024-22420, BIT-jupyter-notebook-2024-22420 JupyterLab vulnerable to SXSS in Markdown Preview
Modified: 2/20/2024
MEDIUM 6.1 PyPI
GHSA-4vwq-x64q-j4cj · CVE-2015-6938, PYSEC-2015-24 Improper Neutralization of Input During Web Page Generation in Jupyter Notebook
Modified: 9/23/2024
HIGH 7.8 PyPI
GHSA-6cwv-x26c-w2q4 · CVE-2018-8768, PYSEC-2018-57 Jupyter Notebook file bypasses sanitization, executes JavaScript
Modified: 12/7/2024
CRITICAL 9.8 PyPI
GHSA-92mr-v722-f48m · CVE-2015-7337, PYSEC-2015-25 Improper Input Validation in Jupyter Notebook
Modified: 9/20/2024
HIGH 7.6 PyPI
GHSA-9q39-rmj3-p4r2 · BIT-jupyter-base-notebook-2024-43805, BIT-jupyter-notebook-2024-43805 HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering
Modified: 8/30/2024
MEDIUM 4.4 PyPI
GHSA-c7vm-f5p4-8fqh · BIT-jupyter-base-notebook-2020-26215, BIT-jupyter-notebook-2020-26215 Open redirect in Jupyter Notebook
Modified: 3/13/2026
MEDIUM 5.4 PyPI
GHSA-hhx8-cr55-qcxx · CVE-2019-9644, PYSEC-2019-159 Improper Neutralization of Input During Web Page Generation in Jupyter Notebook
Modified: 9/26/2024
CRITICAL 10.0 PyPI
GHSA-hwvq-6gjx-j797 · BIT-jupyter-base-notebook-2021-32798, BIT-jupyter-notebook-2021-32798 Special Element Injection in notebook
Modified: 3/13/2026
MEDIUM 5.3 PyPI
GHSA-jqwc-jm56-wcwj · CVE-2018-21030, PYSEC-2019-157 Cross-site scripting in Jupyter Notebook
Modified: 10/7/2024
HIGH 7.5 PyPI
GHSA-m87f-39q9-6f55 · BIT-jupyter-base-notebook-2022-24758, BIT-jupyter-notebook-2022-24758 Sensitive Auth & Cookie data stored in Jupyter server logs
Modified: 12/6/2023
HIGH PyPI
GHSA-mqcg-5x36-vfcg · BIT-jupyter-base-notebook-2026-42557, BIT-jupyter-notebook-2026-42557 JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content
Modified: 5/15/2026
MEDIUM 6.1 PyPI
GHSA-rcx2-m7jp-p9wj · CVE-2019-10856, PYSEC-2019-158 Jupyter Notebook open redirect vulnerability
Modified: 9/26/2024
MEDIUM 6.1 PyPI
GHSA-rv62-4pmj-xw6h · CVE-2019-10255 Open Redirect vulnerability in jupyterhub and notebook
Modified: 2/18/2024
MEDIUM 4.3 PyPI
GHSA-v7vq-3x77-87vg · BIT-jupyter-base-notebook-2022-29238, BIT-jupyter-notebook-2022-29238 Token bruteforcing.
Modified: 12/6/2023
— PyPI
PYSEC-2015-26 · CVE-2015-6938, GHSA-4vwq-x64q-j4cj Modified: 11/8/2023
— PyPI
PYSEC-2015-27 · CVE-2015-7337, GHSA-92mr-v722-f48m Modified: 11/8/2023
— PyPI
PYSEC-2018-17 · CVE-2018-19351, GHSA-49qr-xh3w-h436 Modified: 11/8/2023
— PyPI
PYSEC-2018-18 · CVE-2018-19352, GHSA-3p4q-x8f3-p7vq Modified: 11/8/2023
— PyPI
PYSEC-2018-57 · CVE-2018-8768, GHSA-6cwv-x26c-w2q4 Modified: 11/8/2023
— PyPI
PYSEC-2019-157 · CVE-2018-21030, GHSA-jqwc-jm56-wcwj Modified: 11/8/2023
— PyPI
PYSEC-2019-158 · CVE-2019-10856, GHSA-rcx2-m7jp-p9wj Modified: 11/8/2023
— PyPI
PYSEC-2019-159 · CVE-2019-9644, GHSA-hhx8-cr55-qcxx Modified: 11/8/2023
— PyPI
PYSEC-2020-215 · BIT-jupyter-base-notebook-2020-26215, BIT-jupyter-notebook-2020-26215 Modified: 10/9/2025
— PyPI
PYSEC-2021-118 · BIT-jupyter-base-notebook-2021-32798, BIT-jupyter-notebook-2021-32798 Modified: 12/6/2023
— PyPI
PYSEC-2022-180 · BIT-jupyter-base-notebook-2022-24758, BIT-jupyter-notebook-2022-24758 Modified: 10/9/2025
— PyPI
PYSEC-2022-212 · BIT-jupyter-base-notebook-2022-29238, BIT-jupyter-notebook-2022-29238 Modified: 10/9/2025
HIGH npm PyPI
GHSA-rch3-82jr-f9w9 · BIT-jupyter-base-notebook-2026-40171, BIT-jupyter-notebook-2026-40171 Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS
Modified: 5/11/2026