Jupyter Core vulnerabilities

CVE-2025-30167 [HIGH] CWE-427 CVE-2025-30167: Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration files affecting other users. Only shared Wind

CVE-2022-39286 [HIGH] CWE-250 CVE-2022-39286: Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this is