cbcvebase.

Jupyter-Server Jupyter Server vulnerabilities

12 known vulnerabilities affecting jupyter-server/jupyter_server.

Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM7

Vulnerabilities

Page 1 of 1
CVE-2026-35397P2HIGHCVSS 8.8fixed in 2.18.02026-05-05
CVE-2026-35397 [HIGH] CWE-22 CVE-2026-35397: Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path t Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_dir and access sibling directories whose names begin with the same prefix as the root_dir. For example, with a root_dir named "test", the API permits access
nvd
CVE-2022-29241P3HIGHCVSS 8.8fixed in 1.17.12022-06-14
CVE-2022-29241 [HIGH] CWE-200 CVE-2022-29241: Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter w Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of `root_dir` that contains the starting user's home directory, then the underlying REST API can be used to leak the access token assigned at star
nvd
CVE-2024-35178P3HIGHCVSS 7.5fixed in 2.14.12024-06-06
CVE-2024-35178 [HIGH] CWE-200 CVE-2024-35178: The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows machine hosting the Jupyter server, or access other networ
ghsanvd
CVE-2026-40934P3MEDIUMCVSS 6.8fixed in 2.18.02026-05-05
CVE-2026-40934 [MEDIUM] CWE-613 CVE-2026-40934: Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secr Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runtime/jupyter_cookie_secret and is never rotated when a user changes their password. After a password reset and server restart, any previously issued auth
nvd
CVE-2022-24757P3HIGHCVSS 7.5fixed in 1.15.42022-03-23
CVE-2022-24757 [HIGH] CWE-532 CVE-2022-24757: The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyt The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering th
nvd
CVE-2026-40110P3HIGHCVSS 7.3≤ 2.17.02026-05-05
CVE-2026-40110 [HIGH] CWE-777 CVE-2026-40110: Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Orig Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pat configuration value. Because re.match() only anchors at the start of the string and does not require a full match, a pattern intended to match only a tr
nvd
CVE-2025-61669P4MEDIUMCVSS 6.1≤ 2.17.02026-05-05
CVE-2025-61669 [MEDIUM] CWE-601 CVE-2025-61669: Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17. Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._redirect_safe()`, which allows redirects to arbitrary external domains via values such as `///example.com`. An attacker can use a crafted login URL to redi
nvd
CVE-2026-44727P4MEDIUMCVSS 5.4fixed in 2.202026-06-22
CVE-2026-44727 [MEDIUM] CWE-79 CVE-2026-44727: Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handle Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload i
nvd
CVE-2023-39968P4MEDIUMCVSS 6.1fixed in 2.7.22023-08-28
CVE-2023-39968 [MEDIUM] CWE-601 CVE-2023-39968: jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. This issue has been addressed in commit `29036259`
nvd
CVE-2023-40170P4MEDIUMCVSS 6.1fixed in 2.7.22023-08-28
CVE-2023-40170 [MEDIUM] CWE-284 CVE-2023-40170: jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit `87a49272728` which has been included in release `2.7.2`. Users are adv
nvd
CVE-2020-26275P4MEDIUMCVSS 6.1fixed in 1.1.12020-12-21
CVE-2020-26275 [MEDIUM] CWE-601 CVE-2020-26275: The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyt The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version 1.1.1, an open redirect vulnerability could cause the jupyter server to redirect the browser to a different malicious website. All jupyter servers runni
nvd
CVE-2023-49080P4MEDIUMCVSS 4.3fixed in 2.11.22023-12-04
CVE-2023-49080 [MEDIUM] CWE-209 CVE-2023-49080: The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyt The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information. There is no known mechanism by which to trigger the
nvd
Jupyter-Server Jupyter Server vulnerabilities | cvebase