Jupyter Notebook Vulnerabilities

pip AI Tools

AI Threat Alert tracks 18 known vulnerabilities in Jupyter Notebook, 3 rated critical — an AI/ML ai tools in the pip ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
32
Risk Score
18
Total CVEs
3
Critical
pip
Ecosystem
Jun 22, 2026
Last CVE
60%
Patch Rate
345d
Avg Time to Patch
13,223 stars 5,678 forks 1,901 issues 2,954 dependents Last push Jun 19, 2026
View on GitHub
OpenSSF Scorecard 5.8/10

Known Vulnerabilities (17 total, page 1 of 1)

Severity CVE ID Summary CVSS Published
HIGH CVE-2026-52798 Gogs: Stored XSS via .ipynb Markdown re-render bypass 8.9 Jun 22, 2026 HIGH GHSA-6vxv-wg6j-5qwp Gogs: XSS via outdated Jupyter renderer, account takeover -- Jun 19, 2026 CRITICAL CVE-2026-44727 jupyter-server: stored XSS yields kernel RCE 9.0 Jun 18, 2026 MEDIUM CVE-2026-54386 marimo: reflected XSS enables JS injection in notebooks 6.1 Jun 17, 2026 HIGH CVE-2026-54293 NLTK: path traversal leaks arbitrary local files 7.5 Jun 16, 2026 MEDIUM CVE-2024-11831 serialize-javascript: XSS via regex in AI/ML dashboards 5.4 Feb 10, 2025 HIGH CVE-2026-5422 jupyter-server: path traversal exposes sibling dir files 8.1 Jun 2, 2026 HIGH CVE-2026-42557 JupyterLab: one-click RCE via notebook HTML cell output 8.8 May 6, 2026 HIGH CVE-2026-42266 JupyterLab: Extension allow-list bypass enables privesc 8.8 May 5, 2026 MEDIUM CVE-2025-61669 jupyter-server: Open redirect enables credential phishing -- May 5, 2026 HIGH CVE-2026-35397 Jupyter Server: path traversal leaks sibling directories 7.1 May 5, 2026 HIGH CVE-2026-40171 Jupyter Notebook: stored XSS enables full account takeover -- Apr 30, 2026 MEDIUM CVE-2026-39377 nbconvert: path traversal enables arbitrary file write 6.5 Apr 21, 2026 MEDIUM CVE-2026-39378 nbconvert: path traversal exfiltrates files via HTML export 6.5 Apr 21, 2026 CRITICAL GHSA-2679-6mx9-h9xc Marimo: pre-auth RCE via terminal WebSocket -- Apr 8, 2026 HIGH CVE-2018-8768 Jupyter Notebook: XSS via malicious .ipynb file 7.8 Jul 12, 2018 MEDIUM CVE-2018-21030 Jupyter Notebook: XSS via missing CSP on served files 5.3 Nov 8, 2019

Frequently asked questions

What is Jupyter Notebook?

Jupyter Notebook is an AI/ML ai tools tracked by AI Threat Alert for security vulnerabilities in the pip ecosystem.

How many known vulnerabilities does Jupyter Notebook have?

Jupyter Notebook has 18 known CVEs, 3 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is Jupyter Notebook distributed in?

Jupyter Notebook is distributed via the pip ecosystem and categorized as ai tools.

Where does the Jupyter Notebook vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of Jupyter Notebook?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor Jupyter Notebook in your stack

Get instant alerts when new vulnerabilities affect Jupyter Notebook. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring