浏览 21+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-34052 | LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service) | jupyterhub | ltiauthenticator | Medium | 5.9 | 2026-04-03 22:04:11 | Deep Dive |
| CVE-2026-33709 | JupyterHub has an Open Redirect Vulnerability | jupyterhub | jupyterhub | - | - | 2026-04-03 22:00:47 | Deep Dive |
| CVE-2026-33175 | OAuthenticator: Authentication Bypass in Auth0OAuthenticator via Unverified Email Claims | jupyterhub | oauthenticator | High | 8.8 | 2026-04-03 21:56:27 | Deep Dive |
| CVE-2025-32428 | Jupyter Remote Desktop Proxy makes TigerVNC accessible via the network and not just via a UNIX socket as intended | jupyterhub | jupyter-remote-desktop-proxy | - | - | 2025-04-14 23:29:40 | Deep Dive |
| CVE-2023-25574 | JupyterHub's LTI13Authenticator: JWT signature not validated | jupyterhub | ltiauthenticator | Critical | 10.0 | 2025-02-25 14:42:33 | Deep Dive |
| CVE-2024-41942 | JupyterHub has a privilege escalation vulnerability with the `admin:users` scope | jupyterhub | jupyterhub | High | 7.2 | 2024-08-08 14:36:44 | Deep Dive |
| CVE-2024-37300 | Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0 | jupyterhub | oauthenticator | High | 8.1 | 2024-06-12 15:20:20 | Deep Dive |
| CVE-2024-35225 | Jupyter Server Proxy has a reflected XSS issue in host parameter | jupyterhub | jupyter-server-proxy | Critical | 9.6 | 2024-06-11 21:45:58 | Deep Dive |
| CVE-2024-28233 | XSS in JupyterHub via Self-XSS leveraged by Cookie Tossing | jupyterhub | jupyterhub | High | 8.1 | 2024-03-27 18:16:24 | Deep Dive |
| CVE-2024-29033 | GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace | jupyterhub | oauthenticator | High | 7.5 | 2024-03-20 20:36:14 | Deep Dive |
| CVE-2024-28179 | Jupyter Server Proxy's Websocket Proxying does not require authentication | jupyterhub | jupyter-server-proxy | Critical | 9.0 | 2024-03-20 19:54:38 | Deep Dive |
| CVE-2023-48311 | Any image allowed by default | jupyterhub | dockerspawner | High | 8.0 | 2023-12-08 20:08:32 | Deep Dive |
| CVE-2022-31027 | Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator in oauthenticator | jupyterhub | oauthenticator | Medium | 4.2 | 2022-06-06 21:15:12 | Deep Dive |
| CVE-2022-21697 | SSRF vulnerability (requires authentication) | jupyterhub | jupyter-server-proxy | Medium | 6.3 | 2022-01-25 13:55:12 | Deep Dive |
| CVE-2021-41247 | incomplete logout in JupyterHub | jupyterhub | jupyterhub | Low | 3.5 | 2021-11-04 17:15:11 | Deep Dive |
| CVE-2021-41194 | Improper Access Control in jupyterhub-firstuseauthenticator | jupyterhub | firstuseauthenticator | Critical | 9.1 | 2021-10-28 19:40:12 | Deep Dive |
| CVE-2021-39159 | Remote code execution in Binderhub | jupyterhub | binderhub | Critical | 9.6 | 2021-08-25 18:20:09 | Deep Dive |
| CVE-2021-39160 | Code injection in nbgitpuller | jupyterhub | nbgitpuller | Critical | 9.6 | 2021-08-25 18:10:11 | Deep Dive |
| CVE-2020-26261 | user-readable api tokens in systemd units | jupyterhub | systemdspawner | High | 7.9 | 2020-12-09 16:30:14 | Deep Dive |
| CVE-2020-26250 | Base class whitelist configuration ignored in OAuthenticator | jupyterhub | oauthenticator | Medium | 6.3 | 2020-12-01 20:30:16 | Deep Dive |