Vulnerability in Jupyter Nbconvert

CVE-2025-53000

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG…

EPSS: 0.000 (2.8th percentile) — read the EPSS interpretation.

Affected products

Jupyter Nbconvert — versions < 7.17.0

Weakness classification (CWE)

CWE-427 — Uncontrolled Search Path Element

References

https://github.com/jupyter/nbconvert/security/advisories/GHSA-xm59-rqc7-hhvf (x_refsource_CONFIRM)
https://github.com/jupyter/nbconvert/issues/2258 (x_refsource_MISC)
https://github.com/jupyter/nbconvert/commit/c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71 (x_refsource_MISC)
https://github.com/jupyter/nbconvert/blob/4f61702f5c7524d8a3c4ac0d5fc33a6ac2fa36a7/nbconvert/preprocessors/svg2pdf.py#L104 (x_refsource_MISC)
https://github.com/jupyter/nbconvert/releases/tag/v7.17.0 (x_refsource_MISC)
https://www.imperva.com/blog/code-execution-in-jupyter-notebook-exports (x_refsource_MISC)