GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
7 advisories
Jupyter Server Proxy's Websocket Proxying does not require authentication
Critical
CVE-2024-28179
was published
for
jupyter-server-proxy
(pip)
Mar 20, 2024
jupyter-scheduler's endpoint is missing authentication
Moderate
CVE-2024-28188
was published
for
jupyter-scheduler
(pip)
May 23, 2024
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering
High
CVE-2024-43805
was published
for
jupyterlab
(pip)
Aug 29, 2024
jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"
High
CVE-2025-30370
was published
for
jupyterlab-git
(pip)
Apr 4, 2025
Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
High
CVE-2025-30167
was published
for
jupyter_core
(pip)
Jun 4, 2025
JupyterLab LaTeX typesetter links did not enforce `noopener` attribute
Low
CVE-2025-59842
was published
for
jupyterlab
(pip)
Sep 26, 2025
nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows
High
CVE-2025-53000
was published
for
nbconvert
(pip)
Dec 18, 2025
ProTip!
Advisories are also available from the
GraphQL API