CVE-2026-39378
- EPSS 0.04%
- Veröffentlicht 21.04.2026 00:17:00
- Zuletzt bearbeitet 23.04.2026 17:50:56
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when `HTMLExporter.embed_images=True`, nbconvert's markdown renderer allows arbitrary file read via path t...
CVE-2026-39377
- EPSS 0.04%
- Veröffentlicht 21.04.2026 00:14:59
- Zuletzt bearbeitet 23.04.2026 17:51:26
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks conta...
CVE-2025-53000
- EPSS 0.01%
- Veröffentlicht 17.12.2025 20:27:59
- Zuletzt bearbeitet 18.02.2026 19:21:40
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a...
CVE-2021-32862
- EPSS 0.79%
- Veröffentlicht 18.08.2022 19:15:14
- Zuletzt bearbeitet 21.11.2024 06:07:54
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to ...