Jupyter Nbconvert vulnerabilities

CVE-2025-53000 [HIGH] CWE-427 CVE-2025-53000: The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a `inkscape.bat` fi

CVE-2021-32862 [MEDIUM] CWE-79 CVE-2021-32862: The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in n The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting (XSS) vulnerabilities if these HTML notebooks are served by a web server (eg: nbv