Every CVE whose affected-product data names Jupyter Notebook, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2021-32798 — CVSS 10.0 (critical): The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute…
CVE-2026-42557 — CVSS 9.6 (critical): jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to…
CVE-2018-8768 — CVSS 7.8 (high): In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context…
CVE-2024-43805 — CVSS 7.6 (high): jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This…
CVE-2024-22421 — CVSS 7.6 (high): JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users…
CVE-2022-24758 — CVSS 7.5 (high): The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access…
CVE-2015-7337 — CVSS 6.8 (medium): The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript…
CVE-2024-22420 — CVSS 6.5 (medium): JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This…
CVE-2019-10856 — CVSS 6.1 (medium): In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for…
CVE-2019-10255 — CVSS 6.1 (medium): An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before…
CVE-2018-19352 — CVSS 6.1 (medium): Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs…
CVE-2018-19351 — CVSS 6.1 (medium): Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as…
CVE-2019-9644 — CVSS 5.4 (medium): An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited…
CVE-2018-21030 — CVSS 5.3 (medium): Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS…
CVE-2020-26215 — CVSS 4.4 (medium): Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect…
CVE-2022-29238 — CVSS 4.3 (medium): Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the…
CVE-2015-6938 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter…