pkg:PyPI/jupyterlab

All known vulnerabilities

• CRITICAL9.6CVE-2026-42557JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content
  from 0, < 4.5.7
• HIGH8.8CVE-2026-42266JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request
  >= 4.0.0, < 4.5.7
• HIGH8.8CVE-2026-42266JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request
  >= 4.0.0, < 4.5.7
• HIGH7.6HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering
  from 0, < 3.6.8
• HIGH7.6JupyterLab vulnerable to potential authentication and CSRF tokens leak
  >= 4.0.0, < 4.0.11
• HIGH7.4JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>
  from 0, < 1.2.21
• HIGH7.4JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>
  from 0, < 504825938c0abfa2fb8ff8d529308830a5ae42ed | from 0, < 1.2.21, >= 2, < 2.2.10, >= 2.3, < 2.3.2, >= 3, < 3.0.17, >= 3.1, < 3.1.4
• MEDIUM6.5JupyterLab vulnerable to SXSS in Markdown Preview
  >= 4.0.0, < 4.0.11
• MEDIUM4.3JupyterLab LaTeX typesetter links did not enforce `noopener` attribute
  from 0, < 4.4.8
• —Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS
  from 0, < 4.5.7