XSS in Jupyterlab Jupyterlab-git

CVE-2026-54527

JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff.ts createHeader() method passes Git filenames directly to innerHTML when rendering renamed files in commit history, allowing a crafted filenam…

Vulnerability class: XSS (Cross-Site Scripting)

Affected products

Weakness classification (CWE)

References