jupyter-server — CVE history (PyPI)
jupyter-server
13 CVEs affect the jupyter-server PyPI package (highest CVSS 8.8). Latest disclosed: 2026-06-02. Full CVE history sourced from NVD.
Summary
- Package
jupyter-server(PyPI)- Total CVEs
13- Actively exploited (CISA KEV)
- 0
- Highest CVSS
8.8- Latest disclosed
- 2026-06-02
Recent CVEs (top 13)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-5422 | High | 8.1 | — | 2026-06-02 | A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.py. |
CVE-2026-40934 | Medium | 6.8 | — | 2026-05-05 | Jupyter Server is the backend for Jupyter web applications. |
CVE-2026-40110 | High | 7.3 | — | 2026-05-05 | Jupyter Server is the backend for Jupyter web applications. |
CVE-2026-35397 | High | 8.8 | — | 2026-05-05 | Jupyter Server is the backend for Jupyter web applications. |
CVE-2025-61669 | Medium | 6.1 | — | 2026-05-05 | Jupyter Server is the backend for Jupyter web applications. |
CVE-2024-35178 | High | 7.5 | — | 2024-06-06 | The Jupyter Server provides the backend for Jupyter web applications. |
CVE-2023-49080 | Low | 3.5 | — | 2023-12-04 | The Jupyter Server provides the backend (i.e. |
CVE-2023-39968 | Medium | 4.3 | — | 2023-08-28 | jupyter-server is the backend for Jupyter web applications. |
CVE-2023-40170 | Medium | 4.6 | — | 2023-08-28 | jupyter-server is the backend for Jupyter web applications. |
CVE-2022-29241 | High | 7.1 | — | 2022-06-14 | Jupyter Server provides the backend (i.e. |
CVE-2022-24757 | High | 7.5 | — | 2022-03-23 | The Jupyter Server provides the backend (i.e. |
CVE-2020-26275 | Medium | 6.1 | — | 2020-12-21 | The Jupyter Server provides the backend (i.e. |
CVE-2020-26232 | Medium | 4.1 | — | 2020-11-24 | Jupyter Server before version 1.0.6 has an Open redirect vulnerability. |
All-time worst (top 10 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-35397 | High | 8.8 | — | 2026-05-05 | Jupyter Server is the backend for Jupyter web applications. |
CVE-2026-5422 | High | 8.1 | — | 2026-06-02 | A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.py. |
CVE-2024-35178 | High | 7.5 | — | 2024-06-06 | The Jupyter Server provides the backend for Jupyter web applications. |
CVE-2022-24757 | High | 7.5 | — | 2022-03-23 | The Jupyter Server provides the backend (i.e. |
CVE-2026-40110 | High | 7.3 | — | 2026-05-05 | Jupyter Server is the backend for Jupyter web applications. |
CVE-2022-29241 | High | 7.1 | — | 2022-06-14 | Jupyter Server provides the backend (i.e. |
CVE-2026-40934 | Medium | 6.8 | — | 2026-05-05 | Jupyter Server is the backend for Jupyter web applications. |
CVE-2025-61669 | Medium | 6.1 | — | 2026-05-05 | Jupyter Server is the backend for Jupyter web applications. |
CVE-2020-26275 | Medium | 6.1 | — | 2020-12-21 | The Jupyter Server provides the backend (i.e. |
CVE-2023-40170 | Medium | 4.6 | — | 2023-08-28 | jupyter-server is the backend for Jupyter web applications. |