jupyter-server
PyPI12 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting jupyter-serverpage 1 of 1
- CVE-2020-26232MEDIUMCVSS 4.1EG 4.1✓ Fixed in 1.0.62020-11-24
vulnerable: 0.0.0 ... 1.0.5 (34 versions)
Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciou…
- CVE-2020-26275MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.1.12020-12-21
vulnerable: 0.0.0 ... 1.1.0 (41 versions)
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version 1.1.1, an open redirect vulnerability co…
- CVE-2022-24757HIGHCVSS 7.5EG 7.5✓ Fixed in 1.15.42022-03-23
vulnerable: 0.0.0 ... 1.9.0 (82 versions)
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is…
- CVE-2022-29241HIGHCVSS 7.1EG 7.1✓ Fixed in 1.17.02022-06-14
vulnerable: 0.0.0 ... 1.9.0 (86 versions)
Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of `root_dir` that contains the …
- CVE-2023-39968MEDIUMCVSS 4.3EG 4.3✓ Fixed in 2.7.22023-08-28
vulnerable: 0.0.0 ... 2.7.1 (132 versions)
jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary site…
- CVE-2023-40170MEDIUMCVSS 4.6EG 4.6✓ Fixed in 2.7.22023-08-28
vulnerable: 0.0.0 ... 2.7.1 (132 versions)
jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab"…
- CVE-2023-49080LOWCVSS 3.5EG 3.5✓ Fixed in 2.11.22023-12-04
vulnerable: 0.0.0 ... 2.9.1 (141 versions)
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user includ…
- CVE-2024-35178HIGHCVSS 7.5EG 7.5✓ Fixed in 2.14.12024-06-06
vulnerable: 0.0.0 ... 2.9.1 (150 versions)
The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attack…
- CVE-2025-61669MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.18.02026-05-05
vulnerable: 0.0.0 ... 2.9.1 (155 versions)
Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._redirect_safe()`, which allows redirects to…
- CVE-2026-35397HIGHCVSS 8.8EG 8.8✓ Fixed in 2.18.02026-05-05
vulnerable: 0.0.0 ... 2.9.1 (155 versions)
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_dir and access sibling directories whose …
- CVE-2026-40110HIGHCVSS 7.3EG 7.3✓ Fixed in 2.18.02026-05-05
vulnerable: 0.0.0 ... 2.9.1 (155 versions)
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pat configuration value. Because re.match(…
- CVE-2026-40934MEDIUMCVSS 6.8EG 6.8✓ Fixed in 2.18.02026-05-05
vulnerable: 0.0.0 ... 2.9.1 (155 versions)
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runtime/jupyter_cookie_secret and is never r…
Check whether jupyter-server is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for jupyter-server CVEs against the assets you own.
Start Free Scan →