Jupyter Jupyter_server
6 CVEs affecting Jupyter Jupyter_server. Latest disclosed: 2026-06-02. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-35397 | High | 8.8 | 2026-05-05 | Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authentica… |
CVE-2026-5422 | High | 8.1 | 2026-06-02 | A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within… |
CVE-2026-40110 | High | 7.3 | 2026-05-05 | Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check inco… |
CVE-2026-40934 | Medium | 6.8 | 2026-05-05 | Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a st… |
CVE-2025-61669 | Medium | 6.1 | 2026-05-05 | Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficie… |
CVE-2020-26232 | Medium | 4.1 | 2020-11-24 | Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a differen… |