Lfnovo Open-Notebook vulnerabilities
4 known vulnerabilities affecting lfnovo/open-notebook.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-33587P2CRITICALCVSS 10.0fixed in 1.8.42026-05-07
CVE-2026-33587 [CRITICAL] CWE-20 CVE-2026-33587: Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Pytho
Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations.
nvd
CVE-2026-33588P3HIGHCVSS 8.1fixed in 1.8.42026-05-07
CVE-2026-33588 [HIGH] CWE-20 CVE-2026-33588: Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the ap
Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal.
nvd
CVE-2026-28201P3HIGHCVSS 7.8fixed in 1.8.32026-05-07
CVE-2026-28201 [HIGH] CWE-20 CVE-2026-28201: An improper input validation, together with an overly permissive default CORS configuration in Open
An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration is also possible.
nvd
CVE-2026-33589P3MEDIUMCVSS 6.5fixed in 1.8.42026-05-07
CVE-2026-33589 [MEDIUM] CWE-20 CVE-2026-33589: Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the ap
Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal.
nvd