BSD-3-Clause
All Versions
Vulnerabilities (Public)
Known vulnerabilities and security issues detected in the extension's dependencies and code.
| Vulnerability ID | Advisory | Affected Versions | |||
|---|---|---|---|---|---|
| CVE-2021-32797 | Jupyterlab versions 3.1.4, 3.0.17, 2.3.2, 2.2.10 and 1.2.21 include a fix for CVE-2021-32797: In affected versions, an untrusted notebook can execute code on load. In particular, jupyterlab doesn’t sa… | Critical | – | – | >=3.1.0a0,<3.1.4 >=3.0.0a0,<3.0.17 >=2.3.0a0,<2.3.2 >=2.2.0a0,<2.2.10 <1.2.21 |
| CVE-2026-42557 | Affected versions of the jupyterlab package are vulnerable to Improper Neutralisation of Input During Web Page Generation due to the HTML sanitiser allowlisting the data-commandlinker-command and data… | High | – | – | <=4.5.6 |
| CVE-2026-42266 | Affected versions of the jupyterlab package are vulnerable to Improper Access Control because the PyPI Extension Manager fails to enforce the configured extension allow list. The allowed_extensions_ur… | High | – | – | >=4.0.0,<=4.5.6 |
| CVE-2026-40171 | @jupyter-notebook – Cross-site Scripting (XSS) | High | – | – | <= 4.5.6 |
| CVE-2021-21306 | Jupyterlab 3.0.8 updates its dependency 'marked' to v2.0.0 to address a vulnerability. See also <https://github.com/jupyterlab/jupyterlab/pull/9809>. | High | – | – | <3.0.8 |
| SFTY-20260619-94530 | jupyterlab – Improper Neutralization of Encoded URI Schemes in a Web Page | Medium | – | – | <= 4.5.8 |
| CVE-2024-43805 | JupyterLab is vulnerable to HTML injection, leading to DOM Clobbering, which allows attackers to access sensitive data and perform arbitrary actions as the compromised user. This vulnerability occurs … | Medium | – | – | <=3.6.7 >=4.0.0a0,<=4.2.4 |
| CVE-2024-22421 | CVE-2024-22421 is a vulnerability in Jupyter Notebook where clicking a malicious link could expose Authorization and XSRFToken tokens to third parties in older jupyter-server versions. Patched version… | Medium | – | – | >=4.0.0,<=4.0.10 <=3.6.6 |
| CVE-2024-22420 | CVE-2024-22420 describes a vulnerability in JupyterLab, where user interaction with a malicious notebook or Markdown file enables an attacker to access and act with the same permissions as the user. T… | Medium | – | – | >=4.0.0,<=4.0.10 |
| CVE-2025-59842 | Affected versions of the jupyterlab package are vulnerable to Reverse Tabnabbing due to LaTeX typesetter–generated links not enforcing the noopener attribute. Links produced by LaTeX typesetters in Ma… | Low | – | – | <4.4.8 |
Safety Discovered Vulnerabilities
Additional security issues found by Safety, exclusive to our platform.