浏览 28+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39378 | nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding | jupyter | nbconvert | Medium | 6.5 | 2026-04-21 00:17:01 | Deep Dive |
| CVE-2026-39377 | nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames | jupyter | nbconvert | Medium | 6.5 | 2026-04-21 00:15:00 | Deep Dive |
| CVE-2025-53000 | nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows | jupyter | nbconvert | - | - | 2025-12-17 20:28:00 | Deep Dive |
| CVE-2025-30167 | Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability | jupyter | jupyter_core | High | 7.3 | 2025-06-03 16:42:16 | Deep Dive |
| CVE-2025-32428 | Jupyter Remote Desktop Proxy makes TigerVNC accessible via the network and not just via a UNIX socket as intended | jupyterhub | jupyter-remote-desktop-proxy | - | - | 2025-04-14 23:29:40 | Deep Dive |
| CVE-2025-23205 | `frame-ancestors: self` grants all users access to formgrader in nbgrader | jupyter | nbgrader | 中危 | - | 2025-01-17 20:23:22 | Deep Dive |
| CVE-2024-35225 | Jupyter Server Proxy has a reflected XSS issue in host parameter | jupyterhub | jupyter-server-proxy | Critical | 9.6 | 2024-06-11 21:45:58 | Deep Dive |
| CVE-2024-35178 | Jupyter server on Windows discloses Windows user password hash | jupyter-server | jupyter_server | High | 7.5 | 2024-06-06 15:37:10 | Deep Dive |
| CVE-2024-28188 | jupyter-scheduler's endpoint is missing authentication | jupyter-server | jupyter-scheduler | Medium | 5.3 | 2024-05-23 11:54:54 | Deep Dive |
| CVE-2024-28179 | Jupyter Server Proxy's Websocket Proxying does not require authentication | jupyterhub | jupyter-server-proxy | Critical | 9.0 | 2024-03-20 19:54:38 | Deep Dive |
| CVE-2024-22415 | Unsecured endpoints in the jupyter-lsp server extension | jupyter-lsp | jupyterlab-lsp | High | 7.3 | 2024-01-18 20:27:39 | Deep Dive |
| CVE-2023-49080 | Jupyter Server errors include tracebacks with path information | jupyter-server | jupyter_server | Low | 3.5 | 2023-12-04 21:00:59 | Deep Dive |
| CVE-2023-36018 | Visual Studio Code Jupyter Extension Spoofing Vulnerability | Microsoft | Jupyter Extension for Visual Studio Code | High | 7.8 | 2023-11-14 17:57:41 | Deep Dive |
| CVE-2023-39968 | Open Redirect Vulnerability in jupyter-server | jupyter-server | jupyter_server | Medium | 4.3 | 2023-08-28 20:16:21 | Deep Dive |
| CVE-2023-40170 | cross-site inclusion (XSSI) of files in jupyter-server | jupyter-server | jupyter_server | Medium | 4.6 | 2023-08-28 20:01:57 | Deep Dive |
| CVE-2022-39286 | Execution with Unnecessary Privileges in JupyterApp | jupyter | jupyter_core | High | 8.8 | 2022-10-26 00:00:00 | Deep Dive |
| CVE-2022-41083 | Visual Studio Code Elevation of Privilege Vulnerability | Microsoft | Jupyter Extension for Visual Studio Code | High | 7.8 | 2022-10-11 00:00:00 | Deep Dive |
| CVE-2021-32862 | nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths | jupyter | nbconvert | High | 7.5 | 2022-08-18 00:00:00 | Deep Dive |
| CVE-2022-29241 | Known or guessable hidden files may be accessed in Jupyter Server | jupyter-server | jupyter_server | High | 7.1 | 2022-06-14 20:40:15 | Deep Dive |
| CVE-2022-29238 | Forced Browsing in Jupyter Notebook | jupyter | notebook | Medium | 4.3 | 2022-06-14 17:55:10 | Deep Dive |