pkg:PyPI/jupyterlab

All known vulnerabilities

• HIGH8.8CVE-2026-42266JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request
  >= 4.0.0, < 4.5.7
• HIGH8.8CVE-2026-42266JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request
  >= 4.0.0, < 4.5.7
• HIGH7.6CVE-2024-43805HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering
  from 0, < 3.6.8
• HIGH7.6CVE-2024-22421Potential authentication and CSRF tokens leak in JupyterLab
  >= 4.0.0, < 4.0.11
• HIGH7.4CVE-2021-32797JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>
  from 0, < 504825938c0abfa2fb8ff8d529308830a5ae42ed | from 0, < 1.2.21, >= 2, < 2.2.10, >= 2.3, < 2.3.2, >= 3, < 3.0.17, >= 3.1, < 3.1.4
• HIGH7.4CVE-2021-32797JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>
  from 0, < 1.2.21
• MEDIUM6.5CVE-2024-22420Stored cross site scripting in Markdown Preview in JupyterLab
  >= 4.0.0, < 4.0.11
• MEDIUM4.3CVE-2025-59842JupyterLab LaTeX typesetter links did not enforce `noopener` attribute
  from 0, < 4.4.8
• —CVE-2026-42557jupyterlab: Command linker attributes in HTML enable one-click command execution from untrusted content
  from 0, < 4.5.7
• —CVE-2026-40171Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS
  from 0, < 4.5.7