Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

jupyterhub — Vulnerabilities & Security Advisories 21

Browse all 21 CVE security advisories affecting jupyterhub. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by jupyterhub:oauthenticatorjupyterhubjupyter-server-proxyltiauthenticatorkubespawnersystemdspawnerbinderhubnbgitpullerfirstuseauthenticatordockerspawnerjupyter-remote-desktop-proxy
CVE IDTitleCVSSSeverityPublished
CVE-2026-34052 LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service) — ltiauthenticatorCWE-401 5.9 Medium2026-04-03
CVE-2026-33709 JupyterHub has an Open Redirect Vulnerability — jupyterhubCWE-601 6.1AIMediumAI2026-04-03
CVE-2026-33175 OAuthenticator: Authentication Bypass in Auth0OAuthenticator via Unverified Email Claims — oauthenticatorCWE-287 8.8 High2026-04-03
CVE-2025-32428 Jupyter Remote Desktop Proxy makes TigerVNC accessible via the network and not just via a UNIX socket as intended — jupyter-remote-desktop-proxyCWE-668 8.8AIHighAI2025-04-14
CVE-2023-25574 JupyterHub's LTI13Authenticator: JWT signature not validated — ltiauthenticatorCWE-347 10.0 Critical2025-02-25
CVE-2024-41942 JupyterHub has a privilege escalation vulnerability with the `admin:users` scope — jupyterhubCWE-274 7.2 High2024-08-08
CVE-2024-37300 Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0 — oauthenticatorCWE-863 8.1 High2024-06-12
CVE-2024-35225 Jupyter Server Proxy has a reflected XSS issue in host parameter — jupyter-server-proxyCWE-79 9.7 Critical2024-06-11
CVE-2024-28233 XSS in JupyterHub via Self-XSS leveraged by Cookie Tossing — jupyterhubCWE-79 8.1 High2024-03-27
CVE-2024-29033 GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace — oauthenticatorCWE-285 7.5 High2024-03-20
CVE-2024-28179 Jupyter Server Proxy's Websocket Proxying does not require authentication — jupyter-server-proxyCWE-306 9.1 Critical2024-03-20
CVE-2023-48311 Any image allowed by default — dockerspawnerCWE-20 8.0 High2023-12-08
CVE-2022-31027 Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator in oauthenticator — oauthenticatorCWE-639 4.2 Medium2022-06-06
CVE-2022-21697 SSRF vulnerability (requires authentication) — jupyter-server-proxyCWE-918 6.3 Medium2022-01-25
CVE-2021-41247 incomplete logout in JupyterHub — jupyterhubCWE-613 3.5 Low2021-11-04
CVE-2021-41194 Improper Access Control in jupyterhub-firstuseauthenticator — firstuseauthenticatorCWE-284 9.1 Critical2021-10-28
CVE-2021-39159 Remote code execution in Binderhub — binderhubCWE-94 9.6 Critical2021-08-25
CVE-2021-39160 Code injection in nbgitpuller — nbgitpullerCWE-94 9.6 Critical2021-08-25
CVE-2020-26261 user-readable api tokens in systemd units — systemdspawnerCWE-668 7.9 High2020-12-09
CVE-2020-26250 Base class whitelist configuration ignored in OAuthenticator — oauthenticatorCWE-863 6.3 Medium2020-12-01
CVE-2020-15110 Possible pod name collisions in jupyterhub-kubespawner — kubespawnerCWE-863 6.8 Medium2020-07-17

This page lists every published CVE security advisory associated with jupyterhub. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.