Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/jupyter-server@1.13.4
Typepypi
Namespace
Namejupyter-server
Version1.13.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.18.0
Latest_non_vulnerable_version2.18.0
Affected_by_vulnerabilities
0
url VCID-2xu1-csu9-eufd
vulnerability_id VCID-2xu1-csu9-eufd
summary Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pat configuration value. Because re.match() only anchors at the start of the string and does not require a full match, a pattern intended to match only a trusted domain (e.g., trusted.example.com) will also match any origin that begins with that domain followed by additional characters (e.g., trusted.example.com.evil.com). An attacker who controls such a domain can bypass the CORS origin restriction and make cross-origin requests to the Jupyter Server API from an untrusted site. This issue has been fixed in version 2.18.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40110.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40110.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40110
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02391
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40110
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40110
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40110
3
reference_url https://github.com/jupyter-server/jupyter_server
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40110
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40110
5
reference_url https://github.com/jupyter-server/jupyter_server/commit/057869a327c46730afede3eab0ca2d2e3e74acea
reference_id 057869a327c46730afede3eab0ca2d2e3e74acea
reference_type
scores
0
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T03:55:47Z/
url https://github.com/jupyter-server/jupyter_server/commit/057869a327c46730afede3eab0ca2d2e3e74acea
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136022
reference_id 1136022
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136022
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2466912
reference_id 2466912
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2466912
8
reference_url https://github.com/jupyter-server/jupyter_server/commit/49b34392feaa97735b3b777e3baf8f22f2a14ed8
reference_id 49b34392feaa97735b3b777e3baf8f22f2a14ed8
reference_type
scores
0
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T03:55:47Z/
url https://github.com/jupyter-server/jupyter_server/commit/49b34392feaa97735b3b777e3baf8f22f2a14ed8
9
reference_url https://github.com/jupyter-server/jupyter_server/pull/603
reference_id 603
reference_type
scores
0
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T03:55:47Z/
url https://github.com/jupyter-server/jupyter_server/pull/603
10
reference_url https://github.com/advisories/GHSA-24qx-w28j-9m6p
reference_id GHSA-24qx-w28j-9m6p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-24qx-w28j-9m6p
11
reference_url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p
reference_id GHSA-24qx-w28j-9m6p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T03:55:47Z/
url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p
fixed_packages
0
url pkg:pypi/jupyter-server@2.18.0
purl pkg:pypi/jupyter-server@2.18.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyter-server@2.18.0
aliases CVE-2026-40110, GHSA-24qx-w28j-9m6p
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2xu1-csu9-eufd
1
url VCID-4hjb-94e3-fbfg
vulnerability_id VCID-4hjb-94e3-fbfg
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-40170
reference_id
reference_type
scores
0
value 0.00722
scoring_system epss
scoring_elements 0.72974
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-40170
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40170
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40170
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/jupyter-server/jupyter_server
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2023-157.yaml
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2023-157.yaml
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRP7DNZYVOIA4ZB3U3ZWKTFZEPYWNGCQ
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRP7DNZYVOIA4ZB3U3ZWKTFZEPYWNGCQ
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XDKQAWQN6SQTOVACZNXYKEHWQXGG4DOF
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XDKQAWQN6SQTOVACZNXYKEHWQXGG4DOF
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-40170
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-40170
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057097
reference_id 1057097
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057097
9
reference_url https://github.com/jupyter-server/jupyter_server/commit/87a4927272819f0b1cae1afa4c8c86ee2da002fd
reference_id 87a4927272819f0b1cae1afa4c8c86ee2da002fd
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:22Z/
url https://github.com/jupyter-server/jupyter_server/commit/87a4927272819f0b1cae1afa4c8c86ee2da002fd
10
reference_url https://github.com/advisories/GHSA-64x5-55rw-9974
reference_id GHSA-64x5-55rw-9974
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-64x5-55rw-9974
11
reference_url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-64x5-55rw-9974
reference_id GHSA-64x5-55rw-9974
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:22Z/
url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-64x5-55rw-9974
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRP7DNZYVOIA4ZB3U3ZWKTFZEPYWNGCQ/
reference_id NRP7DNZYVOIA4ZB3U3ZWKTFZEPYWNGCQ
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:22Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRP7DNZYVOIA4ZB3U3ZWKTFZEPYWNGCQ/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XDKQAWQN6SQTOVACZNXYKEHWQXGG4DOF/
reference_id XDKQAWQN6SQTOVACZNXYKEHWQXGG4DOF
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:22Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XDKQAWQN6SQTOVACZNXYKEHWQXGG4DOF/
fixed_packages
0
url pkg:pypi/jupyter-server@2.7.2
purl pkg:pypi/jupyter-server@2.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xu1-csu9-eufd
1
vulnerability VCID-55ne-wp17-bkcp
2
vulnerability VCID-6nem-qztd-4qf6
3
vulnerability VCID-8aa7-2dbq-3yd1
4
vulnerability VCID-hcgc-qph4-8yc7
5
vulnerability VCID-phff-yd2b-wyhe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyter-server@2.7.2
aliases CVE-2023-40170, GHSA-64x5-55rw-9974, PYSEC-2023-157
risk_score 2.8
exploitability 0.5
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4hjb-94e3-fbfg
2
url VCID-55ne-wp17-bkcp
vulnerability_id VCID-55ne-wp17-bkcp
summary Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runtime/jupyter_cookie_secret and is never rotated when a user changes their password. After a password reset and server restart, any previously issued authentication cookie remains cryptographically valid because the signing key has not changed. An attacker who has captured a session cookie through any means retains full authenticated access to the server regardless of subsequent password changes. This affects deployments using password-based authentication, particularly shared or public-facing servers where credential rotation is expected to revoke existing sessions. This issue has been fixed in version 2.18.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40934.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40934.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40934
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.06008
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40934
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40934
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40934
3
reference_url https://github.com/jupyter-server/jupyter_server
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2026-69.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2026-69.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40934
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40934
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136022
reference_id 1136022
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136022
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2466909
reference_id 2466909
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2466909
8
reference_url https://github.com/advisories/GHSA-5mrq-x3x5-8v8f
reference_id GHSA-5mrq-x3x5-8v8f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5mrq-x3x5-8v8f
9
reference_url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f
reference_id GHSA-5mrq-x3x5-8v8f
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T03:55:46Z/
url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f
fixed_packages
0
url pkg:pypi/jupyter-server@2.18.0
purl pkg:pypi/jupyter-server@2.18.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyter-server@2.18.0
aliases CVE-2026-40934, GHSA-5mrq-x3x5-8v8f, PYSEC-2026-69
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-55ne-wp17-bkcp
3
url VCID-5atx-dwn5-r3g9
vulnerability_id VCID-5atx-dwn5-r3g9
summary Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of `root_dir` that contains the starting user's home directory, then the underlying REST API can be used to leak the access token assigned at start time by guessing/brute forcing the PID of the jupyter server. While this requires an authenticated user session, this URL can be used from a cross-site scripting payload or from a hooked or otherwise compromised browser to leak this access token to a malicious third party. This token can be used along with the REST API to interact with Jupyter services/notebooks such as modifying or overwriting critical files, such as .bashrc or .ssh/authorized_keys, allowing a malicious user to read potentially sensitive data and possibly gain control of the impacted system. This issue is patched in version 1.17.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29241
reference_id
reference_type
scores
0
value 0.00268
scoring_system epss
scoring_elements 0.50543
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29241
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29241
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29241
2
reference_url https://github.com/jupyter-server/jupyter_server
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server
3
reference_url https://github.com/jupyter-server/jupyter_server/commit/3485007abbb459585357212dcaa20521989272e8
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server/commit/3485007abbb459585357212dcaa20521989272e8
4
reference_url https://github.com/jupyter-server/jupyter_server/commit/877da10cd0d7ae45f8b1e385fa1f5a335e7adf1f
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server/commit/877da10cd0d7ae45f8b1e385fa1f5a335e7adf1f
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2022-211.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2022-211.yaml
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013271
reference_id 1013271
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013271
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29241
reference_id CVE-2022-29241
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29241
8
reference_url https://github.com/advisories/GHSA-q874-g24w-4q9g
reference_id GHSA-q874-g24w-4q9g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q874-g24w-4q9g
9
reference_url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-q874-g24w-4q9g
reference_id GHSA-q874-g24w-4q9g
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:23Z/
url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-q874-g24w-4q9g
fixed_packages
0
url pkg:pypi/jupyter-server@1.17.0
purl pkg:pypi/jupyter-server@1.17.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xu1-csu9-eufd
1
vulnerability VCID-4hjb-94e3-fbfg
2
vulnerability VCID-55ne-wp17-bkcp
3
vulnerability VCID-6nem-qztd-4qf6
4
vulnerability VCID-8aa7-2dbq-3yd1
5
vulnerability VCID-hcgc-qph4-8yc7
6
vulnerability VCID-phff-yd2b-wyhe
7
vulnerability VCID-v5ta-kjn9-cygu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyter-server@1.17.0
1
url pkg:pypi/jupyter-server@1.17.1
purl pkg:pypi/jupyter-server@1.17.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xu1-csu9-eufd
1
vulnerability VCID-4hjb-94e3-fbfg
2
vulnerability VCID-55ne-wp17-bkcp
3
vulnerability VCID-6nem-qztd-4qf6
4
vulnerability VCID-8aa7-2dbq-3yd1
5
vulnerability VCID-hcgc-qph4-8yc7
6
vulnerability VCID-phff-yd2b-wyhe
7
vulnerability VCID-v5ta-kjn9-cygu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyter-server@1.17.1
2
url pkg:pypi/jupyter-server@2.0.0a1
purl pkg:pypi/jupyter-server@2.0.0a1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xu1-csu9-eufd
1
vulnerability VCID-4hjb-94e3-fbfg
2
vulnerability VCID-55ne-wp17-bkcp
3
vulnerability VCID-6nem-qztd-4qf6
4
vulnerability VCID-8aa7-2dbq-3yd1
5
vulnerability VCID-hcgc-qph4-8yc7
6
vulnerability VCID-phff-yd2b-wyhe
7
vulnerability VCID-v5ta-kjn9-cygu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyter-server@2.0.0a1
aliases CVE-2022-29241, GHSA-q874-g24w-4q9g, PYSEC-2022-211
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5atx-dwn5-r3g9
4
url VCID-6nem-qztd-4qf6
vulnerability_id VCID-6nem-qztd-4qf6
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-35178
reference_id
reference_type
scores
0
value 0.01506
scoring_system epss
scoring_elements 0.81575
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-35178
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/jupyter-server/jupyter_server
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2024-165.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2024-165.yaml
4
reference_url https://github.com/jupyter-server/jupyter_server/commit/79fbf801c5908f4d1d9bc90004b74cfaaeeed2df
reference_id 79fbf801c5908f4d1d9bc90004b74cfaaeeed2df
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-06T17:41:02Z/
url https://github.com/jupyter-server/jupyter_server/commit/79fbf801c5908f4d1d9bc90004b74cfaaeeed2df
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-35178
reference_id CVE-2024-35178
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-35178
6
reference_url https://github.com/advisories/GHSA-hrw6-wg82-cm62
reference_id GHSA-hrw6-wg82-cm62
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hrw6-wg82-cm62
7
reference_url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-hrw6-wg82-cm62
reference_id GHSA-hrw6-wg82-cm62
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-06T17:41:02Z/
url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-hrw6-wg82-cm62
fixed_packages
0
url pkg:pypi/jupyter-server@2.14.1
purl pkg:pypi/jupyter-server@2.14.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xu1-csu9-eufd
1
vulnerability VCID-55ne-wp17-bkcp
2
vulnerability VCID-hcgc-qph4-8yc7
3
vulnerability VCID-phff-yd2b-wyhe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyter-server@2.14.1
aliases CVE-2024-35178, GHSA-hrw6-wg82-cm62, PYSEC-2024-165
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6nem-qztd-4qf6
5
url VCID-8aa7-2dbq-3yd1
vulnerability_id VCID-8aa7-2dbq-3yd1
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49080
reference_id
reference_type
scores
0
value 0.00237
scoring_system epss
scoring_elements 0.47011
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49080
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49080
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49080
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/jupyter-server/jupyter_server
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server
4
reference_url https://github.com/jupyter-server/jupyter_server/commit/0056c3aa52cbb28b263a7a609ae5f17618b36652
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server/commit/0056c3aa52cbb28b263a7a609ae5f17618b36652
5
reference_url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-h56g-gq9v-vc8r
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-h56g-gq9v-vc8r
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2023-272.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2023-272.yaml
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62LO7PPIAMLIDEKUOORXLHKLGA6QPL77
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62LO7PPIAMLIDEKUOORXLHKLGA6QPL77
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62LO7PPIAMLIDEKUOORXLHKLGA6QPL77/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62LO7PPIAMLIDEKUOORXLHKLGA6QPL77/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG2JWZI5KPUYMDPS53AIFTZJWZD3IT6I
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG2JWZI5KPUYMDPS53AIFTZJWZD3IT6I
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG2JWZI5KPUYMDPS53AIFTZJWZD3IT6I/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG2JWZI5KPUYMDPS53AIFTZJWZD3IT6I/
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49080
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49080
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057454
reference_id 1057454
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057454
13
reference_url https://github.com/advisories/GHSA-h56g-gq9v-vc8r
reference_id GHSA-h56g-gq9v-vc8r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h56g-gq9v-vc8r
fixed_packages
0
url pkg:pypi/jupyter-server@2.11.2
purl pkg:pypi/jupyter-server@2.11.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xu1-csu9-eufd
1
vulnerability VCID-55ne-wp17-bkcp
2
vulnerability VCID-6nem-qztd-4qf6
3
vulnerability VCID-hcgc-qph4-8yc7
4
vulnerability VCID-phff-yd2b-wyhe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyter-server@2.11.2
aliases CVE-2023-49080, GHSA-h56g-gq9v-vc8r, PYSEC-2023-272
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8aa7-2dbq-3yd1
6
url VCID-ewea-t6sx-87dw
vulnerability_id VCID-ewea-t6sx-87dw
summary The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter Server version 1.15.4 contains a patch for this issue. There are currently no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24757
reference_id
reference_type
scores
0
value 0.00374
scoring_system epss
scoring_elements 0.59483
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24757
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24757
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24757
2
reference_url https://github.com/jupyter-server/jupyter_server
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2022-179.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2022-179.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008319
reference_id 1008319
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008319
5
reference_url https://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5a
reference_id a5683aca0b0e412672ac6218d09f74d44ca0de5a
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:26Z/
url https://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5a
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24757
reference_id CVE-2022-24757
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24757
7
reference_url https://github.com/advisories/GHSA-p737-p57g-4cpr
reference_id GHSA-p737-p57g-4cpr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p737-p57g-4cpr
8
reference_url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-p737-p57g-4cpr
reference_id GHSA-p737-p57g-4cpr
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:26Z/
url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-p737-p57g-4cpr
fixed_packages
0
url pkg:pypi/jupyter-server@1.15.4
purl pkg:pypi/jupyter-server@1.15.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xu1-csu9-eufd
1
vulnerability VCID-4hjb-94e3-fbfg
2
vulnerability VCID-55ne-wp17-bkcp
3
vulnerability VCID-5atx-dwn5-r3g9
4
vulnerability VCID-6nem-qztd-4qf6
5
vulnerability VCID-8aa7-2dbq-3yd1
6
vulnerability VCID-hcgc-qph4-8yc7
7
vulnerability VCID-phff-yd2b-wyhe
8
vulnerability VCID-v5ta-kjn9-cygu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyter-server@1.15.4
aliases CVE-2022-24757, GHSA-p737-p57g-4cpr, PYSEC-2022-179
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ewea-t6sx-87dw
7
url VCID-hcgc-qph4-8yc7
vulnerability_id VCID-hcgc-qph4-8yc7
summary Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._redirect_safe()`, which allows redirects to arbitrary external domains via values such as `///example.com`. An attacker can use a crafted login URL to redirect users to a malicious site and facilitate phishing attacks. This issue is fixed in version 2.18.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61669.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61669.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61669
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02151
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61669
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61669
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61669
3
reference_url https://github.com/jupyter-server/jupyter_server
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2026-67.yaml
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2026-67.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61669
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61669
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136022
reference_id 1136022
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136022
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2466810
reference_id 2466810
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2466810
8
reference_url https://github.com/advisories/GHSA-qh7q-6qm3-653w
reference_id GHSA-qh7q-6qm3-653w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qh7q-6qm3-653w
9
reference_url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w
reference_id GHSA-qh7q-6qm3-653w
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
3
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T20:16:38Z/
url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w
fixed_packages
0
url pkg:pypi/jupyter-server@2.18.0
purl pkg:pypi/jupyter-server@2.18.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyter-server@2.18.0
aliases CVE-2025-61669, GHSA-qh7q-6qm3-653w, PYSEC-2026-67
risk_score 2.9
exploitability 0.5
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hcgc-qph4-8yc7
8
url VCID-phff-yd2b-wyhe
vulnerability_id VCID-phff-yd2b-wyhe
summary 
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_dir and access sibling directories whose names begin with the same prefix as the root_dir. For example, with a root_dir named "test", the API permits access to a sibling directory named "testtest" through a crafted request to the /api/contents endpoint using encoded path components. An attacker can read, write, and delete files in affected sibling directories. Multi-tenant deployments using predictable naming schemes are particularly at risk, as a user with a directory named "user1" could access directories for user10 through user19 and beyond. A user who can choose a single-character folder name could gain access to a significant number of sibling directories. 

Version 2.18.0 contains a fix. As a workaround, ensure folder names do not share a common prefix with any sibling directory.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35397
reference_id
reference_type
scores
0
value 0.00058
scoring_system epss
scoring_elements 0.18559
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35397
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35397
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35397
2
reference_url https://github.com/jupyter-server/jupyter_server
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2026-68.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2026-68.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35397
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35397
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136022
reference_id 1136022
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136022
6
reference_url https://github.com/advisories/GHSA-5789-5fc7-67v3
reference_id GHSA-5789-5fc7-67v3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5789-5fc7-67v3
7
reference_url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3
reference_id GHSA-5789-5fc7-67v3
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-06T15:48:46Z/
url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3
fixed_packages
0
url pkg:pypi/jupyter-server@2.18.0
purl pkg:pypi/jupyter-server@2.18.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyter-server@2.18.0
aliases CVE-2026-35397, GHSA-5789-5fc7-67v3, PYSEC-2026-68
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-phff-yd2b-wyhe
9
url VCID-v5ta-kjn9-cygu
vulnerability_id VCID-v5ta-kjn9-cygu
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39968
reference_id
reference_type
scores
0
value 0.0048
scoring_system epss
scoring_elements 0.65553
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39968
1
reference_url https://blog.xss.am/2023/08/cve-2023-39968-jupyter-token-leak
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://blog.xss.am/2023/08/cve-2023-39968-jupyter-token-leak
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39968
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39968
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/jupyter-server/jupyter_server
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter-server/jupyter_server
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2023-155.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2023-155.yaml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRP7DNZYVOIA4ZB3U3ZWKTFZEPYWNGCQ
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRP7DNZYVOIA4ZB3U3ZWKTFZEPYWNGCQ
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XDKQAWQN6SQTOVACZNXYKEHWQXGG4DOF
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XDKQAWQN6SQTOVACZNXYKEHWQXGG4DOF
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39968
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39968
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057739
reference_id 1057739
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057739
10
reference_url https://github.com/jupyter-server/jupyter_server/commit/290362593b2ffb23c59f8114d76f77875de4b925
reference_id 290362593b2ffb23c59f8114d76f77875de4b925
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:17Z/
url https://github.com/jupyter-server/jupyter_server/commit/290362593b2ffb23c59f8114d76f77875de4b925
11
reference_url https://github.com/advisories/GHSA-r726-vmfq-j9j3
reference_id GHSA-r726-vmfq-j9j3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r726-vmfq-j9j3
12
reference_url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-r726-vmfq-j9j3
reference_id GHSA-r726-vmfq-j9j3
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:17Z/
url https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-r726-vmfq-j9j3
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRP7DNZYVOIA4ZB3U3ZWKTFZEPYWNGCQ/
reference_id NRP7DNZYVOIA4ZB3U3ZWKTFZEPYWNGCQ
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:17Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRP7DNZYVOIA4ZB3U3ZWKTFZEPYWNGCQ/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XDKQAWQN6SQTOVACZNXYKEHWQXGG4DOF/
reference_id XDKQAWQN6SQTOVACZNXYKEHWQXGG4DOF
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:43:17Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XDKQAWQN6SQTOVACZNXYKEHWQXGG4DOF/
fixed_packages
0
url pkg:pypi/jupyter-server@2.7.2
purl pkg:pypi/jupyter-server@2.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xu1-csu9-eufd
1
vulnerability VCID-55ne-wp17-bkcp
2
vulnerability VCID-6nem-qztd-4qf6
3
vulnerability VCID-8aa7-2dbq-3yd1
4
vulnerability VCID-hcgc-qph4-8yc7
5
vulnerability VCID-phff-yd2b-wyhe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyter-server@2.7.2
aliases CVE-2023-39968, GHSA-r726-vmfq-j9j3, PYSEC-2023-155
risk_score 2.8
exploitability 0.5
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v5ta-kjn9-cygu
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/jupyter-server@1.13.4