CRITICAL9.8CVE-2024-39700Remote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action from 0, < 4.3.0
CRITICAL9.6CVE-2026-42557JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content from 0, < 4.5.7
HIGH8.8CVE-2026-42266JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request >= 4.0.0, < 4.5.7
HIGH7.6HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering
from 0, < 4.2.5
HIGH7.6JupyterLab vulnerable to potential authentication and CSRF tokens leak
from 0, < 3.6.7, >= 4.0.0, < 4.0.11
HIGH7.4JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>
from 0, < 1.2.21, >= 2.0.0, < 2.2.10, >= 2.3.0, < 2.3.2, >= 3.0.0, < 3.0.17, >= 3.1.0, < 3.1.4
MEDIUM6.5JupyterLab vulnerable to SXSS in Markdown Preview
>= 4.0.0, < 4.2.4
MEDIUM4.3JupyterLab LaTeX typesetter links did not enforce `noopener` attribute
from 0, < 4.4.8
—Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS
from 0, < 4.5.7