jupyterlab
PyPI8 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting jupyterlabpage 1 of 1
- CVE-2021-32797HIGHCVSS 7.4EG 7.4✓ Fixed in 3.1.42021-08-09
vulnerable: 0.0.1 ... 3.1.2 (294 versions)
JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribu…
- CVE-2024-22420MEDIUMCVSS 6.5EG 6.5✓ Fixed in 4.0.112024-01-19
vulnerable: 4.0.0 ... 4.0.9 (11 versions)
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab previe…
- CVE-2024-22421HIGHCVSS 7.6EG 7.6✓ Fixed in 3.6.72024-01-19
vulnerable: 0.0.1 ... 3.6.6 (440 versions)
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken` tokens expo…
- CVE-2024-43805HIGHCVSS 7.6EG 7.6✓ Fixed in 4.2.52024-08-28
vulnerable: 4.0.0 ... 4.2.4 (45 versions)
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown…
- CVE-2025-59842MEDIUMCVSS 4.3EG 4.3✓ Fixed in 4.4.82025-09-26
vulnerable: 0.0.1 ... 4.4.7 (565 versions)
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to version 4.4.8, links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterL…
- CVE-2026-40171HIGHCVSS 8.4EG 8.4✓ Fixed in 4.5.72026-05-06
vulnerable: 0.0.1 ... 4.5.6 (584 versions)
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting i…
- CVE-2026-42266HIGHCVSS 8.8EG 8.8✓ Fixed in 4.5.72026-05-13
vulnerable: 4.0.0 ... 4.5.6 (102 versions)
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_ex…
- CVE-2026-42557CRITICALCVSS 9.6EG 9.6✓ Fixed in 4.5.72026-05-13
vulnerable: 0.0.1 ... 4.5.6 (584 versions)
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args o…
Check whether jupyterlab is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for jupyterlab CVEs against the assets you own.
Start Free Scan →