Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,087
Maven
5,000+
npm
5,000+
NuGet
994
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,414
Swift
61
Unreviewed advisories
All unreviewed
5,000+

9 advisories

Loading
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering High
CVE-2024-43805 was published for jupyterlab (pip) Aug 29, 2024
jackfromeast Credited to jackfromeast, ishmeals, RRosio, and krassowski ishmeals ishmeals
RRosio RRosio krassowski krassowski
jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal" High
CVE-2025-30370 was published for jupyterlab-git (pip) Apr 4, 2025
dlqqq Credited to dlqqq, rpwagner, and krassowski rpwagner rpwagner
krassowski krassowski
Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability High
CVE-2025-30167 was published for jupyter_core (pip) Jun 4, 2025
krassowski Credited to krassowski and zdi-disclosures zdi-disclosures zdi-disclosures
nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows High
CVE-2025-53000 was published for nbconvert (pip) Dec 18, 2025
dlqqq Credited to dlqqq, krassowski, and yohannslm krassowski krassowski
yohannslm yohannslm
Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS High
CVE-2026-40171 was published for @jupyter-notebook/help-extension (npm) Apr 30, 2026
dtrops Credited to dtrops, Carreau, Yann-P, krassowski, and jtpio Carreau Carreau
Yann-P Yann-P krassowski krassowski jtpio jtpio
Jupyter Server: Path Traversal via incorrect startswith() root directory check allows access to sibling directories High
CVE-2026-35397 was published for jupyter-server (pip) May 5, 2026
Yann-P Credited to Yann-P, Carreau, stef41, and krassowski Carreau Carreau
stef41 stef41 krassowski krassowski
JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request High
CVE-2026-42266 was published for jupyterlab (pip) May 5, 2026
pmcao Credited to pmcao, Yann-P, and krassowski Yann-P Yann-P
krassowski krassowski
JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content High
CVE-2026-42557 was published for jupyterlab (pip) May 6, 2026
fg0x0 Credited to fg0x0, krassowski, jtpio, and Yann-P krassowski krassowski
jtpio jtpio Yann-P Yann-P
jupyterlab-git extension: Stored XSS leading to RCE High
CVE-2026-54527 was published for @jupyterlab/git (npm) Jun 19, 2026
krassowski Credited to krassowski and jtpio jtpio jtpio
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database