Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

7 advisories

Loading
JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content High
CVE-2026-42557 was published for jupyterlab (pip) May 6, 2026
fg0x0 Credited to fg0x0, krassowski, jtpio, and Yann-P krassowski krassowski
jtpio jtpio Yann-P Yann-P
JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request High
CVE-2026-42266 was published for jupyterlab (pip) May 5, 2026
pmcao Credited to pmcao, Yann-P, and krassowski Yann-P Yann-P
krassowski krassowski
Jupyter Server's Authentication Cookies Remain Valid After Password Reset and Server Restart High
CVE-2026-40934 was published for jupyter-server (pip) May 5, 2026
emin63 Credited to emin63 and Yann-P Yann-P Yann-P
Jupyter Server has a CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat` (from huntr) High
CVE-2026-40110 was published for jupyter-server (pip) May 5, 2026
vnykmshr Credited to vnykmshr and Yann-P Yann-P Yann-P
Jupyter Server: Path Traversal via incorrect startswith() root directory check allows access to sibling directories High
CVE-2026-35397 was published for jupyter-server (pip) May 5, 2026
Yann-P Credited to Yann-P, Carreau, stef41, and krassowski Carreau Carreau
stef41 stef41 krassowski krassowski
Jupyter Server has an open redirection vulnerability in `next` query parameter Moderate
CVE-2025-61669 was published for jupyter-server (pip) May 5, 2026
dlqqq Credited to dlqqq, niwasak1, Yann-P, and Carreau niwasak1 niwasak1
Yann-P Yann-P Carreau Carreau
Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS High
CVE-2026-40171 was published for @jupyter-notebook/help-extension (npm) Apr 30, 2026
dtrops Credited to dtrops, Carreau, Yann-P, krassowski, and jtpio Carreau Carreau
Yann-P Yann-P krassowski krassowski jtpio jtpio
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database