jupyter-server vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-44727Criticaljupyter-server: Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP CVE-2026-5422Mediumjupyter-server: Jupyter Server vulnerable to Path Traversal via incorrect root directory boundary check in _get_os_path() CVE-2026-40934Highjupyter-server: Jupyter Server's Authentication Cookies Remain Valid After Password Reset and Server RestartCVE-2026-40110Highjupyter-server: Jupyter Server has a CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat` (from huntr)CVE-2026-35397Highjupyter-server: Jupyter Server: Path Traversal via incorrect startswith() root directory check allows access to sibling directoriesCVE-2025-61669Mediumjupyter-server: Jupyter Server has an open redirection vulnerability in `next` query parameterCVE-2023-49080Mediumjupyter-server: jupyter-server errors include tracebacks with path informationCVE-2023-39968Mediumjupyter-server: Open Redirect Vulnerability in jupyter-serverCVE-2023-40170Mediumjupyter-server: cross-site inclusion (XSSI) of files in jupyter-serverCVE-2022-29241Highjupyter-server: Jupyter server Token bruteforcingCVE-2022-24757Highjupyter-server: Insertion of Sensitive Information into Log File in Jupyter notebookCVE-2020-26275Mediumjupyter-server: Jupyter Server open redirect vulnerabilityCVE-2020-26232Mediumjupyter-server: Open redirect in Jupyter Server

Stop the waste.
Protect your environment with Kodem.