CRITICAL9.6CVE-2026-42557JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content from 0
HIGH8.8CVE-2026-42266JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request from 0
HIGH8.8CVE-2026-26318Command Injection via Unsanitized `locate` Output in `versions()` — systeminformation from 0
HIGH8.4Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path
from 0
HIGH8.1systeminformation has a Command Injection vulnerability in fsSize() function on Windows
from 0
HIGH7.8Systeminformation vulnerable to Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name
from 0
HIGH7.8Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID)
from 0
HIGH7.6HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering
from 0, < 4.0.11+ds1+~cs11.25.27-3
HIGH7.6JupyterLab vulnerable to potential authentication and CSRF tokens leak
from 0, < 4.0.11+ds1-1
MEDIUM6.5JupyterLab vulnerable to SXSS in Markdown Preview
from 0, < 4.0.11+ds1-1
MEDIUM4.3JupyterLab LaTeX typesetter links did not enforce `noopener` attribute
from 0
—Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS
from 0