Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/notebook@7.0.3

Type pypi

Namespace

Name notebook

Version 7.0.3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 7.5.6

Latest_non_vulnerable_version 7.6.0a0

Affected_by_vulnerabilities

url VCID-5yap-6qrw-ybd9

vulnerability_id VCID-5yap-6qrw-ybd9

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. JupyterLab version 4.0.11 has been patched. Users are advised to upgrade. Users unable to upgrade should disable the table of contents extension.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-22420

reference_id

reference_type

scores

value	0.00343
scoring_system	epss
scoring_elements	0.57235
published_at	2026-06-05T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.5723
published_at	2026-06-07T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.57243
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-22420

reference_url

https://github.com/jupyterlab/jupyterlab

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jupyterlab/jupyterlab

reference_url

https://github.com/jupyterlab/jupyterlab/commit/dda0033cd49449572d077bbecd33b18d8d05f48a

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jupyterlab/jupyterlab/commit/dda0033cd49449572d077bbecd33b18d8d05f48a

reference_url

https://github.com/jupyterlab/jupyterlab/commit/e1b3aabab603878e46add445a3114e838411d2df

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:53:23Z/

url

https://github.com/jupyterlab/jupyterlab/commit/e1b3aabab603878e46add445a3114e838411d2df

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJKNRDRFMKGVRIYNNN6CKMNJDNYWO2H

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJKNRDRFMKGVRIYNNN6CKMNJDNYWO2H

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-22420

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-22420

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061221
reference_id	1061221
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061221

reference_url

https://github.com/advisories/GHSA-4m77-cmpx-vjc4

reference_id

GHSA-4m77-cmpx-vjc4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4m77-cmpx-vjc4

reference_url

https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4m77-cmpx-vjc4

reference_id

GHSA-4m77-cmpx-vjc4

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:53:23Z/

url

https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4m77-cmpx-vjc4

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJKNRDRFMKGVRIYNNN6CKMNJDNYWO2H/

reference_id

UQJKNRDRFMKGVRIYNNN6CKMNJDNYWO2H

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:53:23Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJKNRDRFMKGVRIYNNN6CKMNJDNYWO2H/

fixed_packages

url pkg:pypi/notebook@7.0.7

purl pkg:pypi/notebook@7.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6ru3-na8t-nuab

vulnerability	VCID-kfax-86fe-pkfw

vulnerability	VCID-x1da-f4dw-tua8

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/notebook@7.0.7

url pkg:pypi/notebook@7.1.0a0

purl pkg:pypi/notebook@7.1.0a0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6ru3-na8t-nuab

vulnerability	VCID-kfax-86fe-pkfw

vulnerability	VCID-x1da-f4dw-tua8

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/notebook@7.1.0a0

aliases CVE-2024-22420, GHSA-4m77-cmpx-vjc4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5yap-6qrw-ybd9

url VCID-6ru3-na8t-nuab

vulnerability_id VCID-6ru3-na8t-nuab

summary

HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering
The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature.

A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-43805

reference_id

reference_type

scores

value	0.00428
scoring_system	epss
scoring_elements	0.62835
published_at	2026-06-07T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62844
published_at	2026-06-06T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62836
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-43805

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/jupyterlab/jupyterlab

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jupyterlab/jupyterlab

reference_url

https://github.com/jupyterlab/jupyterlab/commit/06ad9de836f155add7d3d651ef936cc4c5ea8093

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jupyterlab/jupyterlab/commit/06ad9de836f155add7d3d651ef936cc4c5ea8093

reference_url

https://github.com/jupyterlab/jupyterlab/commit/88e24baac551196f9cb3de16bd060a7ab1597674

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jupyterlab/jupyterlab/commit/88e24baac551196f9cb3de16bd060a7ab1597674

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082871
reference_id	1082871
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082871

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-43805

reference_id

CVE-2024-43805

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-43805

reference_url

https://github.com/advisories/GHSA-9q39-rmj3-p4r2

reference_id

GHSA-9q39-rmj3-p4r2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9q39-rmj3-p4r2

reference_url

https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-9q39-rmj3-p4r2

reference_id

GHSA-9q39-rmj3-p4r2

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-28T19:58:47Z/

url

https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-9q39-rmj3-p4r2

fixed_packages

url pkg:pypi/notebook@7.2.2

purl pkg:pypi/notebook@7.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kfax-86fe-pkfw

vulnerability	VCID-x1da-f4dw-tua8

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/notebook@7.2.2

aliases CVE-2024-43805, GHSA-9q39-rmj3-p4r2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ru3-na8t-nuab

url VCID-kfax-86fe-pkfw

vulnerability_id VCID-kfax-86fe-pkfw

summary In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with attacker-controlled notebook content to steal authentication tokens with a single click. An attacker can craft a malicious notebook file containing elements that appear indistinguishable from legitimate controls and trigger execution when a user interacts with them. Successful exploitation allows theft of the user's authentication token and complete takeover of the Jupyter session through the REST API, including reading files, creating or modifying files, accessing kernels to execute arbitrary code, and creating terminals for shell access. This issue has been fixed in Notebook 7.5.6, JupyterLab 4.5.7, @jupyter-notebook/help-extension 7.5.6, and @jupyterlab/help-extension 4.5.7. As a workaround, disable the affected help extensions or set allowCommandLinker to false in the sanitizer configuration.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-40171

reference_id

reference_type

scores

value	0.00054
scoring_system	epss
scoring_elements	0.17171
published_at	2026-06-06T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17176
published_at	2026-06-05T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18599
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-40171

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40171
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40171

reference_url

https://github.com/jupyter/notebook

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jupyter/notebook

reference_url

https://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9

reference_id

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T12:24:07Z/

url

https://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9

reference_url

https://jupyterlab.readthedocs.io/en/latest/user/commands.html#commands-in-markdown-output-and-files

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://jupyterlab.readthedocs.io/en/latest/user/commands.html#commands-in-markdown-output-and-files

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-40171

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-40171

reference_url

https://github.com/advisories/GHSA-rch3-82jr-f9w9

reference_id

GHSA-rch3-82jr-f9w9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rch3-82jr-f9w9

fixed_packages

url	pkg:pypi/notebook@7.5.6
purl	pkg:pypi/notebook@7.5.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/notebook@7.5.6

url	pkg:pypi/notebook@7.6.0a0
purl	pkg:pypi/notebook@7.6.0a0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/notebook@7.6.0a0

aliases CVE-2026-40171, GHSA-rch3-82jr-f9w9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kfax-86fe-pkfw

url VCID-s9yf-vew9-skcj

vulnerability_id VCID-s9yf-vew9-skcj

summary

Relative Path Traversal
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken` tokens exposed to a third party when running an older `jupyter-server` version. JupyterLab versions 4.1.0b2, 4.0.11, and 3.6.7 are patched. No workaround has been identified, however users should ensure to upgrade `jupyter-server` to version 2.7.2 or newer which includes a redirect vulnerability fix.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-22421

reference_id

reference_type

scores

value	0.00138
scoring_system	epss
scoring_elements	0.33583
published_at	2026-06-07T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33618
published_at	2026-06-06T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33605
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-22421

reference_url

https://github.com/jupyterlab/jupyterlab

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jupyterlab/jupyterlab

reference_url

https://github.com/jupyterlab/jupyterlab/commit/19bd9b96cb2e77170a67e43121637d0b5619e8c6

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-20T22:36:50Z/

url

https://github.com/jupyterlab/jupyterlab/commit/19bd9b96cb2e77170a67e43121637d0b5619e8c6

reference_url

https://github.com/jupyterlab/jupyterlab/commit/1ef7a4fa0202ebdf663e1cc0b45c8813a34a0b96

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jupyterlab/jupyterlab/commit/1ef7a4fa0202ebdf663e1cc0b45c8813a34a0b96

reference_url

https://github.com/jupyterlab/jupyterlab/commit/fccd83dc4441da0384ee3fd1322c3b2d9ad4caaa

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jupyterlab/jupyterlab/commit/fccd83dc4441da0384ee3fd1322c3b2d9ad4caaa

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJKNRDRFMKGVRIYNNN6CKMNJDNYWO2H

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJKNRDRFMKGVRIYNNN6CKMNJDNYWO2H

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-22421

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-22421

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061221
reference_id	1061221
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061221

reference_url

https://github.com/advisories/GHSA-44cc-43rp-5947

reference_id

GHSA-44cc-43rp-5947

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-44cc-43rp-5947

reference_url

https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-44cc-43rp-5947

reference_id

GHSA-44cc-43rp-5947

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-20T22:36:50Z/

url

https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-44cc-43rp-5947

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJKNRDRFMKGVRIYNNN6CKMNJDNYWO2H/

reference_id

UQJKNRDRFMKGVRIYNNN6CKMNJDNYWO2H

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-20T22:36:50Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJKNRDRFMKGVRIYNNN6CKMNJDNYWO2H/

fixed_packages

url pkg:pypi/notebook@7.0.7

purl pkg:pypi/notebook@7.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6ru3-na8t-nuab

vulnerability	VCID-kfax-86fe-pkfw

vulnerability	VCID-x1da-f4dw-tua8

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/notebook@7.0.7

url pkg:pypi/notebook@7.1.0a0

purl pkg:pypi/notebook@7.1.0a0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6ru3-na8t-nuab

vulnerability	VCID-kfax-86fe-pkfw

vulnerability	VCID-x1da-f4dw-tua8

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/notebook@7.1.0a0

aliases CVE-2024-22421, GHSA-44cc-43rp-5947

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s9yf-vew9-skcj

url VCID-x1da-f4dw-tua8

vulnerability_id VCID-x1da-f4dw-tua8

summary jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all click events on document.body and executes the named command without checking whether the element came from trusted JupyterLab UI. A notebook with a pre-saved HTML cell output containing a deceptive button can trigger arbitrary JupyterLab commands - including arbitrary code execution - on a single user click, without any code being submitted for execution by the user. This vulnerability is fixed in 4.5.7.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-42557

reference_id

reference_type

scores

value	0.00061
scoring_system	epss
scoring_elements	0.19353
published_at	2026-06-06T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19357
published_at	2026-06-05T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23466
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-42557

reference_url

https://github.com/jupyterlab/jupyterlab

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jupyterlab/jupyterlab

reference_url

https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-mqcg-5x36-vfcg

reference_id

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-14T17:57:35Z/

url

https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-mqcg-5x36-vfcg

reference_url

https://jupyterlab.readthedocs.io/en/latest/user/commands.html#commands-in-markdown-files

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://jupyterlab.readthedocs.io/en/latest/user/commands.html#commands-in-markdown-files

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-42557

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-42557

reference_url

https://github.com/advisories/GHSA-mqcg-5x36-vfcg

reference_id

GHSA-mqcg-5x36-vfcg

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mqcg-5x36-vfcg

fixed_packages

url	pkg:pypi/notebook@7.5.6
purl	pkg:pypi/notebook@7.5.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/notebook@7.5.6

aliases CVE-2026-42557, GHSA-mqcg-5x36-vfcg

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x1da-f4dw-tua8

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/notebook@7.0.3

Package Instance