Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/jupyter-server@2.0.0a1
Typepypi
Namespace
Namejupyter-server
Version2.0.0a1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.18.0
Latest_non_vulnerable_version2.18.0
Affected_by_vulnerabilities
0
url VCID-28rs-8cqr-bybp
vulnerability_id VCID-28rs-8cqr-bybp
summary The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows machine hosting the Jupyter server, or access other network-accessible machines or 3rd party services using that credential. Or an attacker perform an NTLM relay attack without cracking the credential to gain access to other network-accessible machines. This vulnerability is fixed in 2.14.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-35178
reference_id
reference_type
scores
0
value 0.01506
scoring_system epss
scoring_elements 0.81527
published_at 2026-06-05T12:55:00Z
1
value 0.01506
scoring_system epss
scoring_elements 0.81528
published_at 2026-06-07T12:55:00Z
2
value 0.01506
scoring_system epss
scoring_elements 0.81529
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-35178
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/jupyter-server/jupyter_server
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server
3
reference_url https://github.com/jupyter-server/jupyter_server/commit/79fbf801c5908f4d1d9bc90004b74cfaaeeed2df
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-06T17:41:02Z/
url https://github.com/jupyter-server/jupyter_server/commit/79fbf801c5908f4d1d9bc90004b74cfaaeeed2df
4
reference_url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-hrw6-wg82-cm62
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-06T17:41:02Z/
url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-hrw6-wg82-cm62
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2024-165.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2024-165.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-35178
reference_id CVE-2024-35178
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-35178
7
reference_url https://github.com/advisories/GHSA-hrw6-wg82-cm62
reference_id GHSA-hrw6-wg82-cm62
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hrw6-wg82-cm62
fixed_packages
0
url pkg:pypi/jupyter-server@2.14.1
purl pkg:pypi/jupyter-server@2.14.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4afw-qvxb-27eg
1
vulnerability VCID-bj7m-yew4-3qgz
2
vulnerability VCID-bnpq-rekd-ekdc
3
vulnerability VCID-pn97-fwsd-4bg6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyter-server@2.14.1
aliases CVE-2024-35178, GHSA-hrw6-wg82-cm62, PYSEC-2024-165
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-28rs-8cqr-bybp
1
url VCID-4afw-qvxb-27eg
vulnerability_id VCID-4afw-qvxb-27eg
summary Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._redirect_safe()`, which allows redirects to arbitrary external domains via values such as `///example.com`. An attacker can use a crafted login URL to redirect users to a malicious site and facilitate phishing attacks. This issue is fixed in version 2.18.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61669.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61669.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61669
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02174
published_at 2026-06-07T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03256
published_at 2026-06-05T12:55:00Z
2
value 0.00016
scoring_system epss
scoring_elements 0.03988
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61669
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61669
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61669
3
reference_url https://github.com/jupyter-server/jupyter_server
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server
4
reference_url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
3
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T20:16:38Z/
url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2026-67.yaml
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2026-67.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61669
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61669
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136022
reference_id 1136022
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136022
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2466810
reference_id 2466810
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2466810
9
reference_url https://github.com/advisories/GHSA-qh7q-6qm3-653w
reference_id GHSA-qh7q-6qm3-653w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qh7q-6qm3-653w
fixed_packages
0
url pkg:pypi/jupyter-server@2.18.0
purl pkg:pypi/jupyter-server@2.18.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyter-server@2.18.0
aliases CVE-2025-61669, GHSA-qh7q-6qm3-653w, PYSEC-2026-67
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4afw-qvxb-27eg
2
url VCID-bj7m-yew4-3qgz
vulnerability_id VCID-bj7m-yew4-3qgz
summary Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runtime/jupyter_cookie_secret and is never rotated when a user changes their password. After a password reset and server restart, any previously issued authentication cookie remains cryptographically valid because the signing key has not changed. An attacker who has captured a session cookie through any means retains full authenticated access to the server regardless of subsequent password changes. This affects deployments using password-based authentication, particularly shared or public-facing servers where credential rotation is expected to revoke existing sessions. This issue has been fixed in version 2.18.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40934.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40934.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40934
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.05984
published_at 2026-06-07T12:55:00Z
1
value 0.00023
scoring_system epss
scoring_elements 0.06674
published_at 2026-06-05T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.07852
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40934
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40934
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40934
3
reference_url https://github.com/jupyter-server/jupyter_server
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server
4
reference_url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T03:55:46Z/
url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2026-69.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2026-69.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40934
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40934
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136022
reference_id 1136022
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136022
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2466909
reference_id 2466909
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2466909
9
reference_url https://github.com/advisories/GHSA-5mrq-x3x5-8v8f
reference_id GHSA-5mrq-x3x5-8v8f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5mrq-x3x5-8v8f
fixed_packages
0
url pkg:pypi/jupyter-server@2.18.0
purl pkg:pypi/jupyter-server@2.18.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyter-server@2.18.0
aliases CVE-2026-40934, GHSA-5mrq-x3x5-8v8f, PYSEC-2026-69
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bj7m-yew4-3qgz
3
url VCID-bnpq-rekd-ekdc
vulnerability_id VCID-bnpq-rekd-ekdc
summary 
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_dir and access sibling directories whose names begin with the same prefix as the root_dir. For example, with a root_dir named "test", the API permits access to a sibling directory named "testtest" through a crafted request to the /api/contents endpoint using encoded path components. An attacker can read, write, and delete files in affected sibling directories. Multi-tenant deployments using predictable naming schemes are particularly at risk, as a user with a directory named "user1" could access directories for user10 through user19 and beyond. A user who can choose a single-character folder name could gain access to a significant number of sibling directories. 

Version 2.18.0 contains a fix. As a workaround, ensure folder names do not share a common prefix with any sibling directory.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35397
reference_id
reference_type
scores
0
value 0.00051
scoring_system epss
scoring_elements 0.1621
published_at 2026-06-05T12:55:00Z
1
value 0.00058
scoring_system epss
scoring_elements 0.1854
published_at 2026-06-07T12:55:00Z
2
value 0.00058
scoring_system epss
scoring_elements 0.18578
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35397
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35397
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35397
2
reference_url https://github.com/jupyter-server/jupyter_server
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server
3
reference_url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-06T15:48:46Z/
url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2026-68.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2026-68.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35397
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35397
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136022
reference_id 1136022
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136022
7
reference_url https://github.com/advisories/GHSA-5789-5fc7-67v3
reference_id GHSA-5789-5fc7-67v3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5789-5fc7-67v3
fixed_packages
0
url pkg:pypi/jupyter-server@2.18.0
purl pkg:pypi/jupyter-server@2.18.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyter-server@2.18.0
aliases CVE-2026-35397, GHSA-5789-5fc7-67v3, PYSEC-2026-68
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bnpq-rekd-ekdc
4
url VCID-n5zr-m5c8-v7hc
vulnerability_id VCID-n5zr-m5c8-v7hc
summary The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information. There is no known mechanism by which to trigger these errors without authentication, so the paths revealed are not considered particularly sensitive, given that the requesting user has arbitrary execution permissions already in the same environment. A fix has been introduced in commit `0056c3aa52` which no longer includes traceback information in JSON error responses. For compatibility, the traceback field is present, but always empty. This commit has been included in version 2.11.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49080
reference_id
reference_type
scores
0
value 0.00237
scoring_system epss
scoring_elements 0.46983
published_at 2026-06-05T12:55:00Z
1
value 0.00237
scoring_system epss
scoring_elements 0.4694
published_at 2026-06-08T12:55:00Z
2
value 0.00237
scoring_system epss
scoring_elements 0.46969
published_at 2026-06-07T12:55:00Z
3
value 0.00237
scoring_system epss
scoring_elements 0.46986
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49080
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49080
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49080
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/jupyter-server/jupyter_server
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server
4
reference_url https://github.com/jupyter-server/jupyter_server/commit/0056c3aa52cbb28b263a7a609ae5f17618b36652
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server/commit/0056c3aa52cbb28b263a7a609ae5f17618b36652
5
reference_url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-h56g-gq9v-vc8r
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-h56g-gq9v-vc8r
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2023-272.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2023-272.yaml
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62LO7PPIAMLIDEKUOORXLHKLGA6QPL77
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62LO7PPIAMLIDEKUOORXLHKLGA6QPL77
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62LO7PPIAMLIDEKUOORXLHKLGA6QPL77/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62LO7PPIAMLIDEKUOORXLHKLGA6QPL77/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG2JWZI5KPUYMDPS53AIFTZJWZD3IT6I
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG2JWZI5KPUYMDPS53AIFTZJWZD3IT6I
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG2JWZI5KPUYMDPS53AIFTZJWZD3IT6I/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG2JWZI5KPUYMDPS53AIFTZJWZD3IT6I/
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057454
reference_id 1057454
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057454
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49080
reference_id CVE-2023-49080
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49080
13
reference_url https://github.com/advisories/GHSA-h56g-gq9v-vc8r
reference_id GHSA-h56g-gq9v-vc8r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h56g-gq9v-vc8r
fixed_packages
0
url pkg:pypi/jupyter-server@2.11.2
purl pkg:pypi/jupyter-server@2.11.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28rs-8cqr-bybp
1
vulnerability VCID-4afw-qvxb-27eg
2
vulnerability VCID-bj7m-yew4-3qgz
3
vulnerability VCID-bnpq-rekd-ekdc
4
vulnerability VCID-pn97-fwsd-4bg6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyter-server@2.11.2
aliases CVE-2023-49080, GHSA-h56g-gq9v-vc8r, PYSEC-2023-272
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n5zr-m5c8-v7hc
5
url VCID-pn97-fwsd-4bg6
vulnerability_id VCID-pn97-fwsd-4bg6
summary jupyter-server: Jupyter Server: Cross-Origin Resource Sharing (CORS) bypass via improper Origin header validation
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40110.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40110.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40110
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02424
published_at 2026-06-07T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03113
published_at 2026-06-05T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.0434
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40110
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40110
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40110
3
reference_url https://github.com/jupyter-server/jupyter_server
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server
4
reference_url https://github.com/jupyter-server/jupyter_server/commit/057869a327c46730afede3eab0ca2d2e3e74acea
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T03:55:47Z/
url https://github.com/jupyter-server/jupyter_server/commit/057869a327c46730afede3eab0ca2d2e3e74acea
5
reference_url https://github.com/jupyter-server/jupyter_server/commit/49b34392feaa97735b3b777e3baf8f22f2a14ed8
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T03:55:47Z/
url https://github.com/jupyter-server/jupyter_server/commit/49b34392feaa97735b3b777e3baf8f22f2a14ed8
6
reference_url https://github.com/jupyter-server/jupyter_server/pull/603
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T03:55:47Z/
url https://github.com/jupyter-server/jupyter_server/pull/603
7
reference_url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T03:55:47Z/
url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40110
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40110
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136022
reference_id 1136022
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136022
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2466912
reference_id 2466912
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2466912
11
reference_url https://github.com/advisories/GHSA-24qx-w28j-9m6p
reference_id GHSA-24qx-w28j-9m6p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-24qx-w28j-9m6p
fixed_packages
0
url pkg:pypi/jupyter-server@2.18.0
purl pkg:pypi/jupyter-server@2.18.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyter-server@2.18.0
aliases CVE-2026-40110, GHSA-24qx-w28j-9m6p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pn97-fwsd-4bg6
6
url VCID-qxjd-ybkh-dyek
vulnerability_id VCID-qxjd-ybkh-dyek
summary jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. This issue has been addressed in commit `29036259` which is included in release 2.7.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39968
reference_id
reference_type
scores
0
value 0.0048
scoring_system epss
scoring_elements 0.65497
published_at 2026-06-05T12:55:00Z
1
value 0.0048
scoring_system epss
scoring_elements 0.65484
published_at 2026-06-08T12:55:00Z
2
value 0.0048
scoring_system epss
scoring_elements 0.65495
published_at 2026-06-07T12:55:00Z
3
value 0.0048
scoring_system epss
scoring_elements 0.65507
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39968
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39968
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39968
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/jupyter-server/jupyter_server
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server
4
reference_url https://github.com/jupyter-server/jupyter_server/commit/290362593b2ffb23c59f8114d76f77875de4b925
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:17Z/
url https://github.com/jupyter-server/jupyter_server/commit/290362593b2ffb23c59f8114d76f77875de4b925
5
reference_url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-r726-vmfq-j9j3
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:17Z/
url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-r726-vmfq-j9j3
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2023-155.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2023-155.yaml
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRP7DNZYVOIA4ZB3U3ZWKTFZEPYWNGCQ
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRP7DNZYVOIA4ZB3U3ZWKTFZEPYWNGCQ
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XDKQAWQN6SQTOVACZNXYKEHWQXGG4DOF
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XDKQAWQN6SQTOVACZNXYKEHWQXGG4DOF
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057739
reference_id 1057739
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057739
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39968
reference_id CVE-2023-39968
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39968
11
reference_url https://blog.xss.am/2023/08/cve-2023-39968-jupyter-token-leak
reference_id CVE-2023-39968-JUPYTER-TOKEN-LEAK
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://blog.xss.am/2023/08/cve-2023-39968-jupyter-token-leak
12
reference_url https://github.com/advisories/GHSA-r726-vmfq-j9j3
reference_id GHSA-r726-vmfq-j9j3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r726-vmfq-j9j3
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRP7DNZYVOIA4ZB3U3ZWKTFZEPYWNGCQ/
reference_id NRP7DNZYVOIA4ZB3U3ZWKTFZEPYWNGCQ
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:17Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRP7DNZYVOIA4ZB3U3ZWKTFZEPYWNGCQ/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XDKQAWQN6SQTOVACZNXYKEHWQXGG4DOF/
reference_id XDKQAWQN6SQTOVACZNXYKEHWQXGG4DOF
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:17Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XDKQAWQN6SQTOVACZNXYKEHWQXGG4DOF/
fixed_packages
0
url pkg:pypi/jupyter-server@2.7.2
purl pkg:pypi/jupyter-server@2.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28rs-8cqr-bybp
1
vulnerability VCID-4afw-qvxb-27eg
2
vulnerability VCID-bj7m-yew4-3qgz
3
vulnerability VCID-bnpq-rekd-ekdc
4
vulnerability VCID-n5zr-m5c8-v7hc
5
vulnerability VCID-pn97-fwsd-4bg6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyter-server@2.7.2
aliases CVE-2023-39968, GHSA-r726-vmfq-j9j3, PYSEC-2023-155
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qxjd-ybkh-dyek
7
url VCID-rr3u-zpuc-dbhp
vulnerability_id VCID-rr3u-zpuc-dbhp
summary jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit `87a49272728` which has been included in release `2.7.2`. Users are advised to upgrade. Users unable to upgrade may use the lower performance `--ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler`, which implements the correct checks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-40170
reference_id
reference_type
scores
0
value 0.00722
scoring_system epss
scoring_elements 0.72925
published_at 2026-06-05T12:55:00Z
1
value 0.00722
scoring_system epss
scoring_elements 0.72932
published_at 2026-06-06T12:55:00Z
2
value 0.00722
scoring_system epss
scoring_elements 0.72901
published_at 2026-06-08T12:55:00Z
3
value 0.00722
scoring_system epss
scoring_elements 0.72915
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-40170
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40170
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40170
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/jupyter-server/jupyter_server
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server
4
reference_url https://github.com/jupyter-server/jupyter_server/commit/87a4927272819f0b1cae1afa4c8c86ee2da002fd
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:22Z/
url https://github.com/jupyter-server/jupyter_server/commit/87a4927272819f0b1cae1afa4c8c86ee2da002fd
5
reference_url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-64x5-55rw-9974
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:22Z/
url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-64x5-55rw-9974
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2023-157.yaml
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2023-157.yaml
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRP7DNZYVOIA4ZB3U3ZWKTFZEPYWNGCQ
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRP7DNZYVOIA4ZB3U3ZWKTFZEPYWNGCQ
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XDKQAWQN6SQTOVACZNXYKEHWQXGG4DOF
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XDKQAWQN6SQTOVACZNXYKEHWQXGG4DOF
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057097
reference_id 1057097
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057097
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-40170
reference_id CVE-2023-40170
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-40170
11
reference_url https://github.com/advisories/GHSA-64x5-55rw-9974
reference_id GHSA-64x5-55rw-9974
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-64x5-55rw-9974
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRP7DNZYVOIA4ZB3U3ZWKTFZEPYWNGCQ/
reference_id NRP7DNZYVOIA4ZB3U3ZWKTFZEPYWNGCQ
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:22Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRP7DNZYVOIA4ZB3U3ZWKTFZEPYWNGCQ/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XDKQAWQN6SQTOVACZNXYKEHWQXGG4DOF/
reference_id XDKQAWQN6SQTOVACZNXYKEHWQXGG4DOF
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:22Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XDKQAWQN6SQTOVACZNXYKEHWQXGG4DOF/
fixed_packages
0
url pkg:pypi/jupyter-server@2.7.2
purl pkg:pypi/jupyter-server@2.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28rs-8cqr-bybp
1
vulnerability VCID-4afw-qvxb-27eg
2
vulnerability VCID-bj7m-yew4-3qgz
3
vulnerability VCID-bnpq-rekd-ekdc
4
vulnerability VCID-n5zr-m5c8-v7hc
5
vulnerability VCID-pn97-fwsd-4bg6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyter-server@2.7.2
aliases CVE-2023-40170, GHSA-64x5-55rw-9974, PYSEC-2023-157
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rr3u-zpuc-dbhp
Fixing_vulnerabilities
0
url VCID-jstj-8yag-tfcj
vulnerability_id VCID-jstj-8yag-tfcj
summary Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of `root_dir` that contains the starting user's home directory, then the underlying REST API can be used to leak the access token assigned at start time by guessing/brute forcing the PID of the jupyter server. While this requires an authenticated user session, this URL can be used from a cross-site scripting payload or from a hooked or otherwise compromised browser to leak this access token to a malicious third party. This token can be used along with the REST API to interact with Jupyter services/notebooks such as modifying or overwriting critical files, such as .bashrc or .ssh/authorized_keys, allowing a malicious user to read potentially sensitive data and possibly gain control of the impacted system. This issue is patched in version 1.17.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29241
reference_id
reference_type
scores
0
value 0.00268
scoring_system epss
scoring_elements 0.50507
published_at 2026-06-06T12:55:00Z
1
value 0.00268
scoring_system epss
scoring_elements 0.50457
published_at 2026-06-08T12:55:00Z
2
value 0.00268
scoring_system epss
scoring_elements 0.50488
published_at 2026-06-07T12:55:00Z
3
value 0.00268
scoring_system epss
scoring_elements 0.505
published_at 2026-06-05T12:55:00Z
4
value 0.00268
scoring_system epss
scoring_elements 0.50439
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29241
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29241
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29241
2
reference_url https://github.com/jupyter-server/jupyter_server
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server
3
reference_url https://github.com/jupyter-server/jupyter_server/commit/3485007abbb459585357212dcaa20521989272e8
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server/commit/3485007abbb459585357212dcaa20521989272e8
4
reference_url https://github.com/jupyter-server/jupyter_server/commit/877da10cd0d7ae45f8b1e385fa1f5a335e7adf1f
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server/commit/877da10cd0d7ae45f8b1e385fa1f5a335e7adf1f
5
reference_url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-q874-g24w-4q9g
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:23Z/
url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-q874-g24w-4q9g
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2022-211.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2022-211.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29241
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29241
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013271
reference_id 1013271
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013271
9
reference_url https://github.com/advisories/GHSA-q874-g24w-4q9g
reference_id GHSA-q874-g24w-4q9g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q874-g24w-4q9g
fixed_packages
0
url pkg:pypi/jupyter-server@1.17.0
purl pkg:pypi/jupyter-server@1.17.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28rs-8cqr-bybp
1
vulnerability VCID-4afw-qvxb-27eg
2
vulnerability VCID-bj7m-yew4-3qgz
3
vulnerability VCID-bnpq-rekd-ekdc
4
vulnerability VCID-n5zr-m5c8-v7hc
5
vulnerability VCID-pn97-fwsd-4bg6
6
vulnerability VCID-qxjd-ybkh-dyek
7
vulnerability VCID-rr3u-zpuc-dbhp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyter-server@1.17.0
1
url pkg:pypi/jupyter-server@1.17.1
purl pkg:pypi/jupyter-server@1.17.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28rs-8cqr-bybp
1
vulnerability VCID-4afw-qvxb-27eg
2
vulnerability VCID-bj7m-yew4-3qgz
3
vulnerability VCID-bnpq-rekd-ekdc
4
vulnerability VCID-n5zr-m5c8-v7hc
5
vulnerability VCID-pn97-fwsd-4bg6
6
vulnerability VCID-qxjd-ybkh-dyek
7
vulnerability VCID-rr3u-zpuc-dbhp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyter-server@1.17.1
2
url pkg:pypi/jupyter-server@2.0.0a1
purl pkg:pypi/jupyter-server@2.0.0a1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28rs-8cqr-bybp
1
vulnerability VCID-4afw-qvxb-27eg
2
vulnerability VCID-bj7m-yew4-3qgz
3
vulnerability VCID-bnpq-rekd-ekdc
4
vulnerability VCID-n5zr-m5c8-v7hc
5
vulnerability VCID-pn97-fwsd-4bg6
6
vulnerability VCID-qxjd-ybkh-dyek
7
vulnerability VCID-rr3u-zpuc-dbhp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyter-server@2.0.0a1
aliases CVE-2022-29241, GHSA-q874-g24w-4q9g, PYSEC-2022-211
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jstj-8yag-tfcj
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/jupyter-server@2.0.0a1