jupyterhub-ltiauthenticator

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting jupyterhub-ltiauthenticatorpage 1 of 1

CVE-2023-25574CRITICALCVSS 10.0EG 10.0✓ Fixed in 1.4.0
2025-02-25
vulnerable: 1.3.0
`jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was introduced in `jupyterhub-ltiauthenticator` 1.3.0 wasn't validating JWT signatures. This is believed to allo…
CVE-2026-34052MEDIUMCVSS 5.9EG 5.9✓ Fixed in 1.6.3
2026-04-03
vulnerable: 0.1 ... 1.6.2 (14 versions)
LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so a…

Check whether jupyterhub-ltiauthenticator is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for jupyterhub-ltiauthenticator CVEs against the assets you own.

Start Free Scan →