Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/jupyterhub@0.8.0b5
Typepypi
Namespace
Namejupyterhub
Version0.8.0b5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.4.5
Latest_non_vulnerable_version5.4.5
Affected_by_vulnerabilities
0
url VCID-7tnx-wrk3-w3bs
vulnerability_id VCID-7tnx-wrk3-w3bs
summary 
JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the `admin:users` scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that `admin:users` is already an extremely privileged scope only granted to trusted users.
In effect, `admin:users` is equivalent to `admin=True`, which is not intended. Note that the change here only prevents escalation to the built-in JupyterHub admin role that has unrestricted permissions. It does not prevent users with e.g. `groups` permissions from granting themselves or other users permissions via group membership, which is intentional. Versions 4.1.6 and 5.1.0 fix this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41942
reference_id
reference_type
scores
0
value 0.0013
scoring_system epss
scoring_elements 0.32217
published_at 2026-06-12T12:55:00Z
1
value 0.0013
scoring_system epss
scoring_elements 0.32032
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41942
1
reference_url https://github.com/jupyterhub/jupyterhub
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jupyterhub/jupyterhub
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jupyterhub/PYSEC-2024-200.yaml
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jupyterhub/PYSEC-2024-200.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078344
reference_id 1078344
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078344
4
reference_url https://github.com/jupyterhub/jupyterhub/commit/99e2720b0fc626cbeeca3c6337f917fdacfaa428
reference_id 99e2720b0fc626cbeeca3c6337f917fdacfaa428
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:16:29Z/
url https://github.com/jupyterhub/jupyterhub/commit/99e2720b0fc626cbeeca3c6337f917fdacfaa428
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41942
reference_id CVE-2024-41942
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41942
6
reference_url https://github.com/jupyterhub/jupyterhub/commit/ff2db557a85b6980f90c3158634bf924063ab8ba
reference_id ff2db557a85b6980f90c3158634bf924063ab8ba
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:16:29Z/
url https://github.com/jupyterhub/jupyterhub/commit/ff2db557a85b6980f90c3158634bf924063ab8ba
7
reference_url https://github.com/advisories/GHSA-9x4q-3gxw-849f
reference_id GHSA-9x4q-3gxw-849f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9x4q-3gxw-849f
8
reference_url https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-9x4q-3gxw-849f
reference_id GHSA-9x4q-3gxw-849f
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:16:29Z/
url https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-9x4q-3gxw-849f
fixed_packages
0
url pkg:pypi/jupyterhub@4.1.6
purl pkg:pypi/jupyterhub@4.1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7w47-6dx6-auab
1
vulnerability VCID-ke6t-cnks-kkht
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@4.1.6
1
url pkg:pypi/jupyterhub@5.1.0
purl pkg:pypi/jupyterhub@5.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7w47-6dx6-auab
1
vulnerability VCID-ke6t-cnks-kkht
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@5.1.0
aliases BIT-jupyterhub-2024-41942, CVE-2024-41942, GHSA-9x4q-3gxw-849f, PYSEC-2024-200
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7tnx-wrk3-w3bs
1
url VCID-e6ku-5pdp-8yd1
vulnerability_id VCID-e6ku-5pdp-8yd1
summary JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former's session. More precisely, in the context of JupyterHub, this XSS could achieve full access to JupyterHub API and user's single-user server. The affected configurations are single-origin JupyterHub deployments and JupyterHub deployments with user-controlled applications running on subdomains or peer subdomains of either the Hub or a single-user server. This vulnerability is fixed in 4.1.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28233
reference_id
reference_type
scores
0
value 0.0011
scoring_system epss
scoring_elements 0.29206
published_at 2026-06-12T12:55:00Z
1
value 0.0011
scoring_system epss
scoring_elements 0.29003
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28233
1
reference_url https://github.com/jupyterhub/jupyterhub
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jupyterhub/jupyterhub
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070388
reference_id 1070388
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070388
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28233
reference_id CVE-2024-28233
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28233
4
reference_url https://github.com/jupyterhub/jupyterhub/commit/e2798a088f5ad45340fe79cdf1386198e664f77f
reference_id e2798a088f5ad45340fe79cdf1386198e664f77f
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-15T14:36:04Z/
url https://github.com/jupyterhub/jupyterhub/commit/e2798a088f5ad45340fe79cdf1386198e664f77f
5
reference_url https://github.com/advisories/GHSA-7r3h-4ph8-w38g
reference_id GHSA-7r3h-4ph8-w38g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7r3h-4ph8-w38g
6
reference_url https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-7r3h-4ph8-w38g
reference_id GHSA-7r3h-4ph8-w38g
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-15T14:36:04Z/
url https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-7r3h-4ph8-w38g
fixed_packages
0
url pkg:pypi/jupyterhub@4.1.0
purl pkg:pypi/jupyterhub@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7tnx-wrk3-w3bs
1
vulnerability VCID-7w47-6dx6-auab
2
vulnerability VCID-ke6t-cnks-kkht
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@4.1.0
aliases CVE-2024-28233, GHSA-7r3h-4ph8-w38g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e6ku-5pdp-8yd1
2
url VCID-ke6t-cnks-kkht
vulnerability_id VCID-ke6t-cnks-kkht
summary JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to version 5.4.4, an open redirect vulnerability in JupyterHub allows attackers to construct links which, when clicked, take users to the JupyterHub login page, after which they are sent to an arbitrary attacker-controlled site outside JupyterHub instead of a JupyterHub page, bypassing JupyterHub's check to prevent this. This issue has been patched in version 5.4.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33709
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.0367
published_at 2026-06-11T12:55:00Z
1
value 0.00016
scoring_system epss
scoring_elements 0.03686
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33709
1
reference_url https://github.com/jupyterhub/jupyterhub
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jupyterhub/jupyterhub
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33709
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33709
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132715
reference_id 1132715
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132715
4
reference_url https://github.com/jupyterhub/jupyterhub/releases/tag/5.4.4
reference_id 5.4.4
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T17:33:39Z/
url https://github.com/jupyterhub/jupyterhub/releases/tag/5.4.4
5
reference_url https://github.com/advisories/GHSA-3vff-hjqv-m7h8
reference_id GHSA-3vff-hjqv-m7h8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3vff-hjqv-m7h8
6
reference_url https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-3vff-hjqv-m7h8
reference_id GHSA-3vff-hjqv-m7h8
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T17:33:39Z/
url https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-3vff-hjqv-m7h8
fixed_packages
0
url pkg:pypi/jupyterhub@5.4.4
purl pkg:pypi/jupyterhub@5.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7w47-6dx6-auab
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@5.4.4
aliases CVE-2026-33709, GHSA-3vff-hjqv-m7h8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ke6t-cnks-kkht
3
url VCID-n6a3-8x5p-2qby
vulnerability_id VCID-n6a3-8x5p-2qby
summary Open Redirect vulnerability in jupyterhub and notebook
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10255
reference_id
reference_type
scores
0
value 0.00462
scoring_system epss
scoring_elements 0.64612
published_at 2026-06-11T12:55:00Z
1
value 0.00462
scoring_system epss
scoring_elements 0.64715
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10255
1
reference_url https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10255
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10255
3
reference_url https://github.com/jupyter/notebook
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter/notebook
4
reference_url https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb
5
reference_url https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b
6
reference_url https://github.com/jupyter/notebook/commit/d65328d4841892b412aef9015165db1eb029a8ed
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter/notebook/commit/d65328d4841892b412aef9015165db1eb029a8ed
7
reference_url https://github.com/jupyter/notebook/compare/05aa4b2...16cf97c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter/notebook/compare/05aa4b2...16cf97c
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UP5RLEES2JBBNSNLBR65XM6PCD4EMF7D
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UP5RLEES2JBBNSNLBR65XM6PCD4EMF7D
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UP5RLEES2JBBNSNLBR65XM6PCD4EMF7D/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UP5RLEES2JBBNSNLBR65XM6PCD4EMF7D/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMDPJBVXOVO6LYGAT46VZNHH6JKSCURO
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMDPJBVXOVO6LYGAT46VZNHH6JKSCURO
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMDPJBVXOVO6LYGAT46VZNHH6JKSCURO/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMDPJBVXOVO6LYGAT46VZNHH6JKSCURO/
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925939
reference_id 925939
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925939
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10255
reference_id CVE-2019-10255
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10255
14
reference_url https://github.com/advisories/GHSA-rv62-4pmj-xw6h
reference_id GHSA-rv62-4pmj-xw6h
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rv62-4pmj-xw6h
15
reference_url https://usn.ubuntu.com/5585-1/
reference_id USN-5585-1
reference_type
scores
url https://usn.ubuntu.com/5585-1/
fixed_packages
0
url pkg:pypi/jupyterhub@0.9.6
purl pkg:pypi/jupyterhub@0.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7tnx-wrk3-w3bs
1
vulnerability VCID-e6ku-5pdp-8yd1
2
vulnerability VCID-ke6t-cnks-kkht
3
vulnerability VCID-v9vy-ct5f-k3bn
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@0.9.6
aliases CVE-2019-10255, GHSA-rv62-4pmj-xw6h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n6a3-8x5p-2qby
4
url VCID-v9vy-ct5f-k3bn
vulnerability_id VCID-v9vy-ct5f-k3bn
summary Cross-Site Request Forgery in JupyterHub
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36191
reference_id
reference_type
scores
0
value 0.00124
scoring_system epss
scoring_elements 0.31113
published_at 2026-06-11T12:55:00Z
1
value 0.00124
scoring_system epss
scoring_elements 0.3131
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36191
1
reference_url https://github.com/jupyterhub/jupyterhub
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
1
value 6.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jupyterhub/jupyterhub
2
reference_url https://github.com/jupyterhub/jupyterhub/issues/3304
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
1
value 6.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jupyterhub/jupyterhub/issues/3304
3
reference_url https://github.com/jupyterhub/jupyterhub/releases
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
1
value 6.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jupyterhub/jupyterhub/releases
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jupyterhub/PYSEC-2021-67.yaml
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
1
value 6.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jupyterhub/PYSEC-2021-67.yaml
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014774
reference_id 1014774
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014774
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36191
reference_id CVE-2020-36191
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
1
value 6.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36191
7
reference_url https://github.com/advisories/GHSA-7xx3-qp5w-fw96
reference_id GHSA-7xx3-qp5w-fw96
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-7xx3-qp5w-fw96
fixed_packages
0
url pkg:pypi/jupyterhub@1.2.0b1
purl pkg:pypi/jupyterhub@1.2.0b1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7tnx-wrk3-w3bs
1
vulnerability VCID-e6ku-5pdp-8yd1
2
vulnerability VCID-f291-pudw-wfa3
3
vulnerability VCID-ke6t-cnks-kkht
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@1.2.0b1
aliases BIT-jupyterhub-2020-36191, CVE-2020-36191, GHSA-7xx3-qp5w-fw96, PYSEC-2021-67
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v9vy-ct5f-k3bn
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@0.8.0b5