[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-19351":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":48,"downstream":49,"duplicates":60,"related":61,"reserved_at":9,"published_at":63,"modified_at":64,"state":65,"summary":66,"references_raw":75,"kevs":128,"epss":129,"epss_history":132,"metrics":389,"affected":405},"CVE-2018-19351","Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHandler and NbconvertPostHandler do not set a Content Security Policy to prevent this.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[46,47],"GHSA-49qr-xh3w-h436","PYSEC-2018-17",[],[50,52,54,56,58],{"_key":51},"UBUNTU-CVE-2018-19351",{"_key":53},"DLA-2432-1",{"_key":55},"MGASA-2022-0323",{"_key":57},"USN-5585-1",{"_key":59},"DEBIAN-CVE-2018-19351",[],[62],{"_key":55},"2018-11-18T17:00:00.000Z","2024-08-05T11:37:10.582Z","Modified",{"cisa_kev":67,"cisa_ransomware":67,"cisa_vendor":9,"epss_severity":68,"epss_score":69,"severity":70,"severity_score":71,"severity_version":72,"severity_source":73,"severity_vector":74,"severity_status":65},false,"low",0.00307,"medium",6.1,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[76,82,90,95,101,107,112,116,120,124],{"url":77,"sources":78,"tags":80},"https://groups.google.com/forum/#%21topic/jupyter/hWzu2BSsplY",[79,73],"cve.org",[81],"X Refsource MISC",{"url":83,"sources":84,"tags":86},"https://pypi.org/project/notebook/#history",[79,73,85],"osv_pypi",[81,87,88,89],"Third Party Advisory","WEB","PACKAGE",{"url":91,"sources":92,"tags":93},"https://github.com/jupyter/notebook/blob/master/docs/source/changelog.rst",[79,73,85],[81,94,88],"Release Notes",{"url":96,"sources":97,"tags":98},"https://github.com/jupyter/notebook/commit/107a89fce5f413fb5728c1c5d2c7788e1fb17491",[79,73,85],[81,99,87,88,100],"Patch","FIX",{"url":102,"sources":103,"tags":104},"https://lists.debian.org/debian-lts-announce/2020/11/msg00033.html",[79,73,85],[105,106,88],"Mailing List","X Refsource MLIST",{"url":108,"sources":109,"tags":110},"https://nvd.nist.gov/vuln/detail/CVE-2018-19351",[85],[111],"Advisory",{"url":113,"sources":114,"tags":115},"https://github.com/jupyter/notebook",[85],[89],{"url":117,"sources":118,"tags":119},"https://github.com/pypa/advisory-database/tree/main/vulns/notebook/PYSEC-2018-17.yaml",[85],[88],{"url":121,"sources":122,"tags":123},"https://groups.google.com/forum/#!topic/jupyter/hWzu2BSsplY",[85],[88],{"url":125,"sources":126,"tags":127},"https://github.com/advisories/GHSA-49qr-xh3w-h436",[85],[111],[],{"date":130,"score":69,"percentile":131},"2026-06-04",0.54165,[133,136,139,142,145,147,150,153,156,159,162,165,168,171,174,178,181,184,186,188,190,193,196,198,201,204,207,210,213,216,219,222,225,227,230,232,234,237,240,243,246,249,252,255,258,261,264,267,270,273,275,278,281,284,288,291,294,297,300,303,306,309,312,314,317,319,322,325,328,331,334,337,340,342,345,347,350,353,356,358,361,363,366,369,372,374,377,380,383,386],{"date":134,"score":69,"percentile":135},"2025-11-04",0.53405,{"date":137,"score":69,"percentile":138},"2025-11-05",0.53365,{"date":140,"score":69,"percentile":141},"2025-11-06",0.53381,{"date":143,"score":69,"percentile":144},"2025-11-07",0.53404,{"date":146,"score":69,"percentile":144},"2025-11-08",{"date":148,"score":69,"percentile":149},"2025-11-09",0.53401,{"date":151,"score":69,"percentile":152},"2025-11-10",0.53377,{"date":154,"score":69,"percentile":155},"2025-11-11",0.53392,{"date":157,"score":69,"percentile":158},"2025-11-12",0.53419,{"date":160,"score":69,"percentile":161},"2025-11-13",0.53426,{"date":163,"score":69,"percentile":164},"2025-11-14",0.53427,{"date":166,"score":69,"percentile":167},"2025-11-15",0.53423,{"date":169,"score":69,"percentile":170},"2025-11-16",0.53406,{"date":172,"score":69,"percentile":173},"2025-11-17",0.53389,{"date":175,"score":176,"percentile":177},"2025-11-18",0.00395,0.5762,{"date":179,"score":176,"percentile":180},"2025-11-19",0.57637,{"date":182,"score":176,"percentile":183},"2025-11-20",0.57629,{"date":185,"score":69,"percentile":135},"2025-11-21",{"date":187,"score":69,"percentile":135},"2025-11-22",{"date":189,"score":69,"percentile":138},"2025-11-23",{"date":191,"score":69,"percentile":192},"2025-11-24",0.53355,{"date":194,"score":69,"percentile":195},"2025-11-25",0.53363,{"date":197,"score":69,"percentile":138},"2025-11-26",{"date":199,"score":69,"percentile":200},"2025-11-27",0.53369,{"date":202,"score":69,"percentile":203},"2025-11-28",0.53342,{"date":205,"score":69,"percentile":206},"2025-11-29",0.53321,{"date":208,"score":69,"percentile":209},"2025-11-30",0.53316,{"date":211,"score":69,"percentile":212},"2025-12-01",0.53464,{"date":214,"score":69,"percentile":215},"2025-12-02",0.53484,{"date":217,"score":69,"percentile":218},"2025-12-03",0.5348,{"date":220,"score":69,"percentile":221},"2025-12-04",0.53329,{"date":223,"score":69,"percentile":224},"2025-12-05",0.53348,{"date":226,"score":69,"percentile":224},"2025-12-06",{"date":228,"score":69,"percentile":229},"2025-12-07",0.53337,{"date":231,"score":69,"percentile":229},"2025-12-08",{"date":233,"score":69,"percentile":192},"2025-12-09",{"date":235,"score":69,"percentile":236},"2025-12-10",0.53414,{"date":238,"score":69,"percentile":239},"2025-12-11",0.53435,{"date":241,"score":69,"percentile":242},"2025-12-12",0.53461,{"date":244,"score":69,"percentile":245},"2025-12-13",0.53457,{"date":247,"score":69,"percentile":248},"2025-12-14",0.53445,{"date":250,"score":69,"percentile":251},"2025-12-15",0.53434,{"date":253,"score":69,"percentile":254},"2025-12-16",0.53446,{"date":256,"score":69,"percentile":257},"2025-12-17",0.53466,{"date":259,"score":69,"percentile":260},"2025-12-18",0.53505,{"date":262,"score":69,"percentile":263},"2025-12-19",0.53508,{"date":265,"score":69,"percentile":266},"2025-12-20",0.53495,{"date":268,"score":69,"percentile":269},"2025-12-21",0.53475,{"date":271,"score":69,"percentile":272},"2025-12-22",0.53453,{"date":274,"score":69,"percentile":245},"2025-12-23",{"date":276,"score":69,"percentile":277},"2025-12-24",0.53467,{"date":279,"score":69,"percentile":280},"2025-12-25",0.53514,{"date":282,"score":69,"percentile":283},"2025-12-26",0.53507,{"date":285,"score":286,"percentile":287},"2025-12-27",0.00329,0.55473,{"date":289,"score":69,"percentile":290},"2025-12-28",0.53487,{"date":292,"score":69,"percentile":293},"2025-12-29",0.53469,{"date":295,"score":69,"percentile":296},"2025-12-30",0.53462,{"date":298,"score":69,"percentile":299},"2025-12-31",0.53478,{"date":301,"score":69,"percentile":302},"2026-01-01",0.53645,{"date":304,"score":69,"percentile":305},"2026-01-02",0.53622,{"date":307,"score":69,"percentile":308},"2026-01-03",0.53615,{"date":310,"score":69,"percentile":311},"2026-01-04",0.53449,{"date":313,"score":69,"percentile":239},"2026-01-05",{"date":315,"score":69,"percentile":316},"2026-01-06",0.53442,{"date":318,"score":69,"percentile":257},"2026-01-07",{"date":320,"score":69,"percentile":321},"2026-01-08",0.53486,{"date":323,"score":69,"percentile":324},"2026-01-09",0.53479,{"date":326,"score":69,"percentile":327},"2026-01-10",0.53477,{"date":329,"score":69,"percentile":330},"2026-01-11",0.53458,{"date":332,"score":69,"percentile":333},"2026-01-12",0.5341,{"date":335,"score":69,"percentile":336},"2026-01-13",0.53388,{"date":338,"score":69,"percentile":339},"2026-01-14",0.53431,{"date":341,"score":69,"percentile":239},"2026-01-15",{"date":343,"score":69,"percentile":344},"2026-01-16",0.53456,{"date":346,"score":69,"percentile":248},"2026-01-17",{"date":348,"score":69,"percentile":349},"2026-01-18",0.53433,{"date":351,"score":69,"percentile":352},"2026-01-19",0.53424,{"date":354,"score":69,"percentile":355},"2026-01-20",0.53425,{"date":357,"score":69,"percentile":339},"2026-01-21",{"date":359,"score":69,"percentile":360},"2026-01-22",0.53436,{"date":362,"score":69,"percentile":299},"2026-01-23",{"date":364,"score":69,"percentile":365},"2026-01-24",0.53481,{"date":367,"score":69,"percentile":368},"2026-01-25",0.53438,{"date":370,"score":69,"percentile":371},"2026-01-26",0.5342,{"date":373,"score":69,"percentile":339},"2026-01-27",{"date":375,"score":69,"percentile":376},"2026-01-28",0.53448,{"date":378,"score":69,"percentile":379},"2026-01-29",0.53444,{"date":381,"score":69,"percentile":382},"2026-01-30",0.53447,{"date":384,"score":69,"percentile":385},"2026-01-31",0.53455,{"date":387,"score":69,"percentile":388},"2026-02-01",0.53591,[390,400],{"source":73,"cvss_v2_0":391,"cvss_v3_0":396,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":392,"baseSeverity":9,"vectorString":393,"impactScore":394,"exploitabilityScore":395},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":71,"baseSeverity":397,"vectorString":74,"impactScore":398,"exploitabilityScore":399},"MEDIUM",4.5,7.2,{"source":85,"cvss_v2_0":9,"cvss_v3_0":401,"cvss_v3_1":9,"cvss_v4_0":402},{"baseScore":71,"baseSeverity":9,"vectorString":74,"impactScore":398,"exploitabilityScore":399},{"baseScore":403,"baseSeverity":9,"vectorString":404,"impactScore":9,"exploitabilityScore":9},5.1,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",[406,417],{"ecosystem":9,"name":407,"vendor":408,"product":407,"cpe_part":409,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":410},"notebook","jupyter","a",[411],{"version":412,"is_range":413,"range_type":414,"version_start":9,"version_start_type":9,"version_end":415,"version_end_type":416,"fixed_in":9},"lt5.7.1",true,"cpe","5.7.1","excluding",{"ecosystem":418,"name":407,"vendor":418,"product":407,"cpe_part":9,"purl_type":419,"purl_namespace":9,"purl_name":407,"source":9,"versions":420},"PyPI","pypi",[421,425],{"version":422,"is_range":413,"range_type":423,"version_start":9,"version_start_type":9,"version_end":424,"version_end_type":416,"fixed_in":9},"lt107a89fce5f413fb5728c1c5d2c7788e1fb17491","ecosystem","107a89fce5f413fb5728c1c5d2c7788e1fb17491",{"version":426,"is_range":413,"range_type":423,"version_start":9,"version_start_type":9,"version_end":415,"version_end_type":416,"fixed_in":9},"lt5_7_1"]