Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/62320?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/62320?format=api", "purl": "pkg:pypi/jupyterhub@1.0.0", "type": "pypi", "namespace": "", "name": "jupyterhub", "version": "1.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.4.5", "latest_non_vulnerable_version": "5.4.5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57356?format=api", "vulnerability_id": "VCID-7tnx-wrk3-w3bs", "summary": "JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the `admin:users` scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that `admin:users` is already an extremely privileged scope only granted to trusted users.\nIn effect, `admin:users` is equivalent to `admin=True`, which is not intended. Note that the change here only prevents escalation to the built-in JupyterHub admin role that has unrestricted permissions. It does not prevent users with e.g. `groups` permissions from granting themselves or other users permissions via group membership, which is intentional. Versions 4.1.6 and 5.1.0 fix this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41942", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32217", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32233", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32032", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41942" }, { "reference_url": "https://github.com/jupyterhub/jupyterhub", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jupyterhub/jupyterhub" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/jupyterhub/PYSEC-2024-200.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/jupyterhub/PYSEC-2024-200.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078344", "reference_id": "1078344", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078344" }, { "reference_url": "https://github.com/jupyterhub/jupyterhub/commit/99e2720b0fc626cbeeca3c6337f917fdacfaa428", "reference_id": "99e2720b0fc626cbeeca3c6337f917fdacfaa428", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:16:29Z/" } ], "url": "https://github.com/jupyterhub/jupyterhub/commit/99e2720b0fc626cbeeca3c6337f917fdacfaa428" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41942", "reference_id": "CVE-2024-41942", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41942" }, { "reference_url": "https://github.com/jupyterhub/jupyterhub/commit/ff2db557a85b6980f90c3158634bf924063ab8ba", "reference_id": "ff2db557a85b6980f90c3158634bf924063ab8ba", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:16:29Z/" } ], "url": "https://github.com/jupyterhub/jupyterhub/commit/ff2db557a85b6980f90c3158634bf924063ab8ba" }, { "reference_url": "https://github.com/advisories/GHSA-9x4q-3gxw-849f", "reference_id": "GHSA-9x4q-3gxw-849f", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9x4q-3gxw-849f" }, { "reference_url": "https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-9x4q-3gxw-849f", "reference_id": "GHSA-9x4q-3gxw-849f", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:16:29Z/" } ], "url": "https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-9x4q-3gxw-849f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32940?format=api", "purl": "pkg:pypi/jupyterhub@4.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7w47-6dx6-auab" }, { "vulnerability": "VCID-ke6t-cnks-kkht" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/32939?format=api", "purl": "pkg:pypi/jupyterhub@5.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7w47-6dx6-auab" }, { "vulnerability": "VCID-ke6t-cnks-kkht" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@5.1.0" } ], "aliases": [ "BIT-jupyterhub-2024-41942", "CVE-2024-41942", "GHSA-9x4q-3gxw-849f", "PYSEC-2024-200" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7tnx-wrk3-w3bs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40031?format=api", "vulnerability_id": "VCID-e6ku-5pdp-8yd1", "summary": "JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former's session. More precisely, in the context of JupyterHub, this XSS could achieve full access to JupyterHub API and user's single-user server. The affected configurations are single-origin JupyterHub deployments and JupyterHub deployments with user-controlled applications running on subdomains or peer subdomains of either the Hub or a single-user server. This vulnerability is fixed in 4.1.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-28233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29225", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29206", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29003", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-28233" }, { "reference_url": "https://github.com/jupyterhub/jupyterhub", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jupyterhub/jupyterhub" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070388", "reference_id": "1070388", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070388" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28233", "reference_id": "CVE-2024-28233", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28233" }, { "reference_url": "https://github.com/jupyterhub/jupyterhub/commit/e2798a088f5ad45340fe79cdf1386198e664f77f", "reference_id": "e2798a088f5ad45340fe79cdf1386198e664f77f", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-15T14:36:04Z/" } ], "url": "https://github.com/jupyterhub/jupyterhub/commit/e2798a088f5ad45340fe79cdf1386198e664f77f" }, { "reference_url": "https://github.com/advisories/GHSA-7r3h-4ph8-w38g", "reference_id": "GHSA-7r3h-4ph8-w38g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7r3h-4ph8-w38g" }, { "reference_url": "https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-7r3h-4ph8-w38g", "reference_id": "GHSA-7r3h-4ph8-w38g", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-15T14:36:04Z/" } ], "url": "https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-7r3h-4ph8-w38g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30087?format=api", "purl": "pkg:pypi/jupyterhub@4.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7tnx-wrk3-w3bs" }, { "vulnerability": "VCID-7w47-6dx6-auab" }, { "vulnerability": "VCID-ke6t-cnks-kkht" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@4.1.0" } ], "aliases": [ "CVE-2024-28233", "GHSA-7r3h-4ph8-w38g" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e6ku-5pdp-8yd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217537?format=api", "vulnerability_id": "VCID-f291-pudw-wfa3", "summary": "JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials (for the single-user server only, not the Hub) reinstated after logout, if another active JupyterLab session is open while the logout takes place. Upgrade to JupyterHub 1.5. For distributed deployments, it is jupyterhub in the _user_ environment that needs patching. There are no patches necessary in the Hub environment. The only workaround is to make sure that only one JupyterLab tab is open when you log out.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41247", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43857", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.44011", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.44031", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41247" }, { "reference_url": "https://github.com/jupyterhub/jupyterhub", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jupyterhub/jupyterhub" }, { "reference_url": "https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27" }, { "reference_url": "https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/jupyterhub/PYSEC-2021-386.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/jupyterhub/PYSEC-2021-386.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41247", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41247" }, { "reference_url": "https://github.com/advisories/GHSA-cw7p-q79f-m2v7", "reference_id": "GHSA-cw7p-q79f-m2v7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cw7p-q79f-m2v7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67455?format=api", "purl": "pkg:pypi/jupyterhub@1.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7tnx-wrk3-w3bs" }, { "vulnerability": "VCID-e6ku-5pdp-8yd1" }, { "vulnerability": "VCID-ke6t-cnks-kkht" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@1.5.0" } ], "aliases": [ "BIT-jupyterhub-2021-41247", "CVE-2021-41247", "GHSA-cw7p-q79f-m2v7", "PYSEC-2021-386" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f291-pudw-wfa3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77928?format=api", "vulnerability_id": "VCID-ke6t-cnks-kkht", "summary": "JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to version 5.4.4, an open redirect vulnerability in JupyterHub allows attackers to construct links which, when clicked, take users to the JupyterHub login page, after which they are sent to an arbitrary attacker-controlled site outside JupyterHub instead of a JupyterHub page, bypassing JupyterHub's check to prevent this. This issue has been patched in version 5.4.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33709", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03686", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03679", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.0367", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33709" }, { "reference_url": "https://github.com/jupyterhub/jupyterhub", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jupyterhub/jupyterhub" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33709", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33709" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132715", "reference_id": "1132715", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132715" }, { "reference_url": "https://github.com/jupyterhub/jupyterhub/releases/tag/5.4.4", "reference_id": "5.4.4", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T17:33:39Z/" } ], "url": "https://github.com/jupyterhub/jupyterhub/releases/tag/5.4.4" }, { "reference_url": "https://github.com/advisories/GHSA-3vff-hjqv-m7h8", "reference_id": "GHSA-3vff-hjqv-m7h8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3vff-hjqv-m7h8" }, { "reference_url": "https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-3vff-hjqv-m7h8", "reference_id": "GHSA-3vff-hjqv-m7h8", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T17:33:39Z/" } ], "url": "https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-3vff-hjqv-m7h8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374205?format=api", "purl": "pkg:pypi/jupyterhub@5.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7w47-6dx6-auab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@5.4.4" } ], "aliases": [ "CVE-2026-33709", "GHSA-3vff-hjqv-m7h8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ke6t-cnks-kkht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210278?format=api", "vulnerability_id": "VCID-v9vy-ct5f-k3bn", "summary": "Cross-Site Request Forgery in JupyterHub", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36191", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31113", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31328", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.3131", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36191" }, { "reference_url": "https://github.com/jupyterhub/jupyterhub", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jupyterhub/jupyterhub" }, { "reference_url": "https://github.com/jupyterhub/jupyterhub/issues/3304", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jupyterhub/jupyterhub/issues/3304" }, { "reference_url": "https://github.com/jupyterhub/jupyterhub/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jupyterhub/jupyterhub/releases" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/jupyterhub/PYSEC-2021-67.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/jupyterhub/PYSEC-2021-67.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014774", "reference_id": "1014774", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014774" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36191", "reference_id": "CVE-2020-36191", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36191" }, { "reference_url": "https://github.com/advisories/GHSA-7xx3-qp5w-fw96", "reference_id": "GHSA-7xx3-qp5w-fw96", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7xx3-qp5w-fw96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22700?format=api", "purl": "pkg:pypi/jupyterhub@1.2.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7tnx-wrk3-w3bs" }, { "vulnerability": "VCID-e6ku-5pdp-8yd1" }, { "vulnerability": "VCID-f291-pudw-wfa3" }, { "vulnerability": "VCID-ke6t-cnks-kkht" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@1.2.0b1" } ], "aliases": [ "BIT-jupyterhub-2020-36191", "CVE-2020-36191", "GHSA-7xx3-qp5w-fw96", "PYSEC-2021-67" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v9vy-ct5f-k3bn" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@1.0.0" }