Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

jupyter-server — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting jupyter-server. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Jupyter-server enables interactive computing and data analysis through web-based notebooks, widely used in data science and research environments. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and authentication flaws. Notable security characteristics include its reliance on token-based authentication and potential exposure of sensitive data through kernel access. While no major public incidents have been widely documented, the 12 recorded CVEs highlight ongoing security concerns, particularly around RCE risks in multi-user deployments and insufficient access controls in shared environments.

Top products by jupyter-server: jupyter_server jupyter-scheduler
CVE IDTitleCVSSSeverityPublished
CVE-2026-40934 jupyter-server authentication cookies remain valid after password reset due to static cookie secret — jupyter_serverCWE-613 7.5 -2026-05-05
CVE-2026-40110 jupyter-server CORS origin validation bypass via unanchored regex in allow_origin_pat — jupyter_serverCWE-777 8.2 -2026-05-05
CVE-2026-35397 jupyter-server path traversal allows access to sibling directories sharing root_dir name prefix — jupyter_serverCWE-22 8.8 -2026-05-05
CVE-2025-61669 jupyter_server next parameter open redirect can redirect users to external domains — jupyter_serverCWE-601 6.1 -2026-05-05
CVE-2024-35178 Jupyter server on Windows discloses Windows user password hash — jupyter_serverCWE-200 7.5 High2024-06-06
CVE-2024-28188 jupyter-scheduler's endpoint is missing authentication — jupyter-schedulerCWE-200 5.3 Medium2024-05-23
CVE-2023-49080 Jupyter Server errors include tracebacks with path information — jupyter_serverCWE-209 3.5 Low2023-12-04
CVE-2023-39968 Open Redirect Vulnerability in jupyter-server — jupyter_serverCWE-601 4.3 Medium2023-08-28
CVE-2023-40170 cross-site inclusion (XSSI) of files in jupyter-server — jupyter_serverCWE-284 4.6 Medium2023-08-28
CVE-2022-29241 Known or guessable hidden files may be accessed in Jupyter Server — jupyter_serverCWE-200 7.1 High2022-06-14
CVE-2022-24757 Sensitive Auth & Cookie data stored in Jupyter server logs — jupyter_serverCWE-532 7.5 High2022-03-23
CVE-2020-26275 Open redirect vulnerability — jupyter_serverCWE-601 6.1 Medium2020-12-21

This page lists every published CVE security advisory associated with jupyter-server. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.