Jupyter Security Vulnerabilities (CVEs)

Track 19 security vulnerabilities affecting Jupyter products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

6 Critical

12 High

1 Medium

Sort by:

🔔 Get Alerts for Jupyter

CVE-2025-53000 7.8

This vulnerability allows arbitrary code execution when converting Jupyter notebooks containing SVG output to PDF on Windows systems. Attackers can cr...

Dec 17, 2025

CVE-2025-59842 4.3

This vulnerability in JupyterLab and Jupyter Notebook allows reverse tabnabbing attacks when users click on LaTeX-generated links in Markdown content....

Sep 26, 2025

CVE-2023-25574 10.0

CVE-2023-25574 is a critical authentication bypass vulnerability in jupyterhub-ltiauthenticator's LTI13Authenticator that fails to validate JWT signat...

Feb 25, 2025

CVE-2024-41942 7.2

In JupyterHub versions before 4.1.6 and 5.1.0, users granted the admin:users scope can escalate their privileges to become full administrators with un...

Aug 8, 2024

CVE-2024-39700 9.9

This CVE describes a remote code execution vulnerability in JupyterLab extension template's GitHub Actions workflow. Attackers can execute arbitrary c...

Jul 16, 2024

CVE-2024-35225 9.6

Jupyter Server Proxy versions 3.x before 3.2.4 and 4.x before 4.2.0 contain a reflected cross-site scripting (XSS) vulnerability in the /proxy endpoin...

Jun 11, 2024

CVE-2024-35178 7.5

CVE-2024-35178 allows unauthenticated attackers to leak NTLMv2 password hashes from Windows users running vulnerable Jupyter Server instances. This af...

Jun 6, 2024

CVE-2024-28233 8.1

CVE-2024-28233 is a cross-site scripting (XSS) vulnerability in JupyterHub that allows attackers to achieve full access to the JupyterHub API and user...

Mar 27, 2024

CVE-2024-29033 7.5

This vulnerability in OAuthenticator's GoogleOAuthenticator.hosted_domain feature allows unauthorized access to JupyterHub instances. Instead of restr...

Mar 20, 2024

CVE-2024-28179 9.0

Jupyter Server Proxy versions before 3.2.3 and 4.1.1 fail to properly authenticate websocket connections, allowing unauthenticated network access to p...

Mar 20, 2024

CVE-2024-22421 7.6

This CVE describes a redirect vulnerability in JupyterLab where clicking a malicious link can expose Authorization and XSRFToken tokens to third parti...

Jan 19, 2024

CVE-2024-22415 7.3

CVE-2024-22415 is a path traversal vulnerability in jupyter-lsp that allows attackers to access and modify files outside the Jupyter root directory wh...

Jan 18, 2024

CVE-2023-48311 8.0

This vulnerability in DockerSpawner allows JupyterHub users to launch any Docker image from public registries instead of being restricted to the confi...

Dec 8, 2023

CVE-2022-24758 7.5

This vulnerability in Jupyter Notebook allows unauthorized actors to access sensitive authentication cookies and header values from server logs when 5...

Mar 31, 2022

CVE-2022-24757 7.5

CVE-2022-24757 allows unauthorized actors to access sensitive authentication information from Jupyter Server logs when 5xx errors occur. This affects ...

Mar 23, 2022

CVE-2021-41134 8.7

CVE-2021-41134 is a stored cross-site scripting (XSS) vulnerability in nbdime, a tool for diffing and merging Jupyter Notebooks. Attackers can inject ...

Nov 3, 2021

CVE-2021-39159 9.6

CVE-2021-39159 is a critical remote code execution vulnerability in BinderHub that allows attackers to execute arbitrary code in the BinderHub context...

Aug 25, 2021

CVE-2021-32797 7.4

JupyterLab versions before 3.1.0 contain a cross-site scripting vulnerability where untrusted notebooks can execute arbitrary code when loaded. The vu...

Aug 9, 2021

CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files to execute arbitrary JavaScript code when opened. ...

Aug 9, 2021

Why Monitor Jupyter Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 19+ known vulnerabilities affecting Jupyter products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Jupyter packages in under 60 seconds. No agents required - completely agentless scanning that works across Jupyter deployments.

Free vulnerability database: Access detailed information about every Jupyter CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Jupyter CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Jupyter CVEs Free