Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/jupyterlab@4.2.6

Type pypi

Namespace

Name jupyterlab

Version 4.2.6

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.5.7

Latest_non_vulnerable_version 4.5.7

Affected_by_vulnerabilities

url VCID-ue1w-amy4-tye7

vulnerability_id VCID-ue1w-amy4-tye7

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-40171

reference_id

reference_type

scores

value	0.0004
scoring_system	epss
scoring_elements	0.12368
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-40171

reference_url

https://github.com/jupyter/notebook

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jupyter/notebook

reference_url

https://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9

reference_id

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T12:24:07Z/

url

https://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9

reference_url

https://jupyterlab.readthedocs.io/en/latest/user/commands.html#commands-in-markdown-output-and-files

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://jupyterlab.readthedocs.io/en/latest/user/commands.html#commands-in-markdown-output-and-files

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-40171

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-40171

reference_url

https://github.com/advisories/GHSA-rch3-82jr-f9w9

reference_id

GHSA-rch3-82jr-f9w9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rch3-82jr-f9w9

fixed_packages

url	pkg:pypi/jupyterlab@4.5.7
purl	pkg:pypi/jupyterlab@4.5.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterlab@4.5.7

aliases CVE-2026-40171, GHSA-rch3-82jr-f9w9

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ue1w-amy4-tye7

url VCID-v114-tdxj-ybdu

vulnerability_id VCID-v114-tdxj-ybdu

summary JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions_uris) is not correctly enforced by JupyterLab. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This vulnerability is fixed in 4.5.7.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-42266

reference_id

reference_type

scores

value	0.00029
scoring_system	epss
scoring_elements	0.08996
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-42266

reference_url

https://github.com/jupyterlab/jupyterlab

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jupyterlab/jupyterlab

reference_url

https://github.com/jupyterlab/jupyterlab/releases/tag/v4.5.7

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-13T15:28:30Z/

url

https://github.com/jupyterlab/jupyterlab/releases/tag/v4.5.7

reference_url

https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-37w4-hwhx-4rc4

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-13T15:28:30Z/

url

https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-37w4-hwhx-4rc4

reference_url

https://jupyterhub.readthedocs.io/en/5.2.1/explanation/websecurity.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-13T15:28:30Z/

url

https://jupyterhub.readthedocs.io/en/5.2.1/explanation/websecurity.html

reference_url

https://jupyterlab.readthedocs.io/en/latest/user/extensions.html#extension-manager-implementations

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-13T15:28:30Z/

url

https://jupyterlab.readthedocs.io/en/latest/user/extensions.html#extension-manager-implementations

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-42266

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-42266

reference_url

https://github.com/advisories/GHSA-37w4-hwhx-4rc4

reference_id

GHSA-37w4-hwhx-4rc4

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-37w4-hwhx-4rc4

fixed_packages

url	pkg:pypi/jupyterlab@4.5.7
purl	pkg:pypi/jupyterlab@4.5.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterlab@4.5.7

aliases BIT-jupyterlab-2026-42266, CVE-2026-42266, GHSA-37w4-hwhx-4rc4, PYSEC-2026-164

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v114-tdxj-ybdu

url VCID-y4b2-mg5a-17gw

vulnerability_id VCID-y4b2-mg5a-17gw

summary

JupyterLab LaTeX typesetter links did not enforce `noopener` attribute
Links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the `noopener` attribute.

This is deemed to have no impact on the default installations. Theoretically users of third-party LaTeX-rendering extensions could find themselves vulnerable to reverse tabnabbing attacks if:
- links generated by those extensions included `target=_blank` (no such extensions are known at time of writing) and
- they were to click on a link generated in LaTeX (typically visibly different from other links).

For consistency with handling on other links, new versions of JupyterLab will enforce `noopener` and `target=_blank` on all links generated by typesetters. The former will harden the resilience of JupyterLab to extensions with lack of secure defaults in link rendering, and the latter will improve user experience by preventing accidental state loss when clicking on links rendered by LaTeX typesetters.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59842.json

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59842.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-59842

reference_id

reference_type

scores

value	0.00032
scoring_system	epss
scoring_elements	0.09717
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-59842

reference_url

https://github.com/jupyterlab/jupyterlab

reference_id

reference_type

scores

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/jupyterlab/jupyterlab

reference_url

https://github.com/jupyterlab/jupyterlab/commit/88ef373039a8cc09f27d3814382a512d9033675c

reference_id

reference_type

scores

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T17:36:09Z/

url

https://github.com/jupyterlab/jupyterlab/commit/88ef373039a8cc09f27d3814382a512d9033675c

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118967
reference_id	1118967
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118967

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2399757
reference_id	2399757
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2399757

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-59842

reference_id

CVE-2025-59842

reference_type

scores

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-59842

reference_url

https://github.com/advisories/GHSA-vvfj-2jqx-52jm

reference_id

GHSA-vvfj-2jqx-52jm

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vvfj-2jqx-52jm

reference_url

https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-vvfj-2jqx-52jm

reference_id

GHSA-vvfj-2jqx-52jm

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-26T17:36:09Z/

url

https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-vvfj-2jqx-52jm

fixed_packages

url pkg:pypi/jupyterlab@4.4.8

purl pkg:pypi/jupyterlab@4.4.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ue1w-amy4-tye7

vulnerability	VCID-v114-tdxj-ybdu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterlab@4.4.8

aliases CVE-2025-59842, GHSA-vvfj-2jqx-52jm

risk_score 1.4

exploitability 0.5

weighted_severity 2.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y4b2-mg5a-17gw

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterlab@4.2.6

Package Instance