Jupyter Jupyterlab vulnerabilities
6 known vulnerabilities affecting jupyter/jupyterlab.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM3LOW1
Vulnerabilities
Page 1 of 1
CVE-2025-59842LOWCVSS 2.1fixed in 4.4.82025-09-26
CVE-2025-59842 [LOW] CWE-1022 CVE-2025-59842: jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jup
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to version 4.4.8, links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the noopener attribute. This is deemed to have no impact on the default in
nvd
CVE-2024-43805MEDIUMCVSS 6.1fixed in 3.6.8≥ 4.0.0, < 4.2.52024-08-28
CVE-2024-43805 [MEDIUM] CWE-79 CVE-2024-43805: jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jup
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to
nvd
CVE-2024-39700CRITICALCVSS 9.8fixed in 4.3.02024-07-16
CVE-2024-39700 [CRITICAL] CWE-94 CVE-2024-39700: JupyterLab extension template is a `copier` template for JupyterLab extensions. Repositories create
JupyterLab extension template is a `copier` template for JupyterLab extensions. Repositories created using this template with `test` option include `update-integration-tests.yml` workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to the latest version. Users who made changes to
nvd
CVE-2024-22421MEDIUMCVSS 6.5fixed in 3.6.7≥ 4.0.0, < 4.0.112024-01-19
CVE-2024-22421 [MEDIUM] CWE-23 CVE-2024-22421: JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jup
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken` tokens exposed to a third party when running an older `jupyter-server` version. JupyterLab versions 4.1.0b2, 4.0.11, and 3.6
nvd
CVE-2024-22420MEDIUMCVSS 6.1≥ 4.0.0, < 4.0.112024-01-19
CVE-2024-22420 [MEDIUM] CWE-79 CVE-2024-22420: JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jup
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary
nvd
CVE-2021-32797CRITICALCVSS 9.6fixed in 1.2.21≥ 2.0.0, < 2.2.10+3 more2021-08-09
CVE-2021-32797 [CRITICAL] CWE-79 CVE-2021-32797: JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter
JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html ``. Using this it is possible to trigger the form validation outside of the form itself. This is a rem
nvd