Vulnerabilities in jupyter-server
13 resultsCVE-2020-26275MEDIUMOpen redirect vulnerabilityEPSS 1.4%CVE-2022-24757HIGHSensitive Auth & Cookie data stored in Jupyter server logsEPSS 1.2%CVE-2023-49080LOWJupyter Server errors include tracebacks with path informationEPSS 0.8%CVE-2022-29241HIGHKnown or guessable hidden files may be accessed in Jupyter ServerEPSS 0.8%CVE-2024-35178HIGHJupyter server on Windows discloses Windows user password hashEPSS 0.7%CVE-2023-39968MEDIUMOpen Redirect Vulnerability in jupyter-serverEPSS 0.6%CVE-2023-40170MEDIUMcross-site inclusion (XSSI) of files in jupyter-serverEPSS 0.5%CVE-2026-35397HIGHjupyter-server path traversal allows access to sibling directories sharing root_dir name prefixEPSS 0.5%CVE-2026-40110HIGHjupyter-server CORS origin validation bypass via unanchored regex in allow_origin_patEPSS 0.4%CVE-2024-28188MEDIUMjupyter-scheduler's endpoint is missing authenticationEPSS 0.3%CVE-2026-40934HIGHjupyter-server authentication cookies remain valid after password reset due to static cookie secretEPSS 0.3%CVE-2025-61669MEDIUMjupyter_server next parameter open redirect can redirect users to external domainsEPSS 0.3%CVE-2026-44727CRITICALJupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSPEPSS 0.2%