Jupyter Jupyter Server — known CVE vulnerabilities
Every CVE whose affected-product data names Jupyter Jupyter Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2026-35397 — CVSS 8.8 (high): Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API…
CVE-2026-6657 — CVSS 8.8 (high): A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the…
CVE-2026-5422 — CVSS 8.1 (high): A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the…
CVE-2024-35178 — CVSS 7.5 (high): The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets…
CVE-2022-24757 — CVSS 7.5 (high): The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version…
CVE-2026-40110 — CVSS 7.3 (high): Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's…
CVE-2022-29241 — CVSS 7.1 (high): Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter Notebook…
CVE-2026-40934 — CVSS 6.8 (medium): Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies…
CVE-2020-26275 — CVSS 6.1 (medium): The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter…
CVE-2025-61669 — CVSS 6.1 (medium): Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the…
CVE-2026-44727 — CVSS 5.4 (medium): Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render…
CVE-2023-40170 — CVSS 4.6 (medium): jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of…
CVE-2023-39968 — CVSS 4.3 (medium): jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter…
CVE-2020-26232 — CVSS 4.1 (medium): Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the…
CVE-2023-49080 — CVSS 3.5 (low): The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter…