Browse all 7 CVE security advisories affecting jupyterlab. AI-powered Chinese analysis, POCs, and references for each vulnerability.
JupyterLab serves as an interactive development environment for data science and computational research, enabling code execution, visualization, and collaboration. Historically, it has been susceptible to remote code execution (RCE) through crafted notebook files, cross-site scripting (XSS) via malicious inputs, and privilege escalation in multi-user deployments. Security incidents often stem from improper input validation and insufficient sandboxing of executed code. With seven CVEs documented, common vulnerabilities include path traversal attacks and authentication bypasses. While JupyterLab remains widely adopted, users must implement strict access controls and input sanitization to mitigate risks, particularly in shared or internet-facing deployments where untrusted notebooks pose significant threats.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-59842 | JupyterLab LaTeX typesetter links did not enforce `noopener` attribute — jupyterlabCWE-1022 | 6.5 | - | 2025-09-26 |
| CVE-2025-30370 | jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal" — jupyterlab-gitCWE-78 | 7.4 | High | 2025-04-03 |
| CVE-2024-43805 | HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering — jupyterlabCWE-79 | 7.6 | High | 2024-08-28 |
| CVE-2024-39700 | Remote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action — extension-templateCWE-94 | 10.0 | Critical | 2024-07-16 |
| CVE-2024-22420 | Stored cross site scripting in Markdown Preview in JupyterLab — jupyterlabCWE-79 | 6.5 | Medium | 2024-01-19 |
| CVE-2024-22421 | Potential authentication and CSRF tokens leak in JupyterLab — jupyterlabCWE-200 | 7.6 | High | 2024-01-19 |
| CVE-2021-32797 | JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form> — jupyterlabCWE-79 | 7.4 | High | 2021-08-09 |
This page lists every published CVE security advisory associated with jupyterlab. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.