[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-9644":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":48,"downstream":49,"duplicates":58,"related":59,"reserved_at":9,"published_at":61,"modified_at":62,"state":63,"summary":64,"references_raw":73,"kevs":124,"epss":125,"epss_history":128,"metrics":392,"affected":408},"CVE-2019-9644","An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of error messages, though not reproduced with other browsers. This occurs because Internet Explorer's error messages can include the content of any invalid JavaScript that was encountered.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[46,47],"GHSA-hhx8-cr55-qcxx","PYSEC-2019-159",[],[50,52,54,56],{"_key":51},"UBUNTU-CVE-2019-9644",{"_key":53},"MGASA-2022-0323",{"_key":55},"USN-5585-1",{"_key":57},"DEBIAN-CVE-2019-9644",[],[60],{"_key":53},"2019-03-12T06:00:00.000Z","2024-08-04T21:54:45.055Z","Modified",{"cisa_kev":65,"cisa_ransomware":65,"cisa_vendor":9,"epss_severity":66,"epss_score":67,"severity":68,"severity_score":69,"severity_version":70,"severity_source":71,"severity_vector":72,"severity_status":63},false,"low",0.00519,"medium",5.4,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",[74,84,90,94,99,104,108,112,116,120],{"url":75,"sources":76,"tags":79},"https://github.com/jupyter/notebook/compare/f3f00df...05aa4b2",[77,71,78],"cve.org","osv_pypi",[80,81,82,83],"X Refsource MISC","Patch","Third Party Advisory","WEB",{"url":85,"sources":86,"tags":87},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UP5RLEES2JBBNSNLBR65XM6PCD4EMF7D/",[77,71],[88,89],"Vendor Advisory","X Refsource FEDORA",{"url":91,"sources":92,"tags":93},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMDPJBVXOVO6LYGAT46VZNHH6JKSCURO/",[77,71],[88,89],{"url":95,"sources":96,"tags":97},"https://nvd.nist.gov/vuln/detail/CVE-2019-9644",[78],[98],"Advisory",{"url":100,"sources":101,"tags":102},"https://github.com/jupyter/notebook",[78],[103],"PACKAGE",{"url":105,"sources":106,"tags":107},"https://github.com/pypa/advisory-database/tree/main/vulns/notebook/PYSEC-2019-159.yaml",[78],[83],{"url":109,"sources":110,"tags":111},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UP5RLEES2JBBNSNLBR65XM6PCD4EMF7D",[78],[83],{"url":113,"sources":114,"tags":115},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMDPJBVXOVO6LYGAT46VZNHH6JKSCURO",[78],[83],{"url":117,"sources":118,"tags":119},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UP5RLEES2JBBNSNLBR65XM6PCD4EMF7D/",[78],[83],{"url":121,"sources":122,"tags":123},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMDPJBVXOVO6LYGAT46VZNHH6JKSCURO/",[78],[83],[],{"date":126,"score":67,"percentile":127},"2026-06-04",0.67145,[129,133,136,139,142,145,148,151,153,156,159,162,165,168,171,175,178,181,184,187,190,193,196,199,201,204,207,210,213,215,218,221,225,228,231,234,237,240,243,246,249,252,255,258,261,264,267,270,272,275,278,280,283,287,291,294,297,300,303,306,308,311,314,317,319,322,325,328,330,333,336,338,341,344,347,349,352,355,357,360,363,366,369,372,375,377,380,383,386,389],{"date":130,"score":131,"percentile":132},"2025-11-04",0.01206,0.78308,{"date":134,"score":131,"percentile":135},"2025-11-05",0.78307,{"date":137,"score":131,"percentile":138},"2025-11-06",0.78303,{"date":140,"score":131,"percentile":141},"2025-11-07",0.78317,{"date":143,"score":131,"percentile":144},"2025-11-08",0.78322,{"date":146,"score":131,"percentile":147},"2025-11-09",0.78318,{"date":149,"score":131,"percentile":150},"2025-11-10",0.78305,{"date":152,"score":131,"percentile":135},"2025-11-11",{"date":154,"score":131,"percentile":155},"2025-11-12",0.78323,{"date":157,"score":131,"percentile":158},"2025-11-13",0.78332,{"date":160,"score":131,"percentile":161},"2025-11-14",0.78339,{"date":163,"score":131,"percentile":164},"2025-11-15",0.78338,{"date":166,"score":131,"percentile":167},"2025-11-16",0.78341,{"date":169,"score":131,"percentile":170},"2025-11-17",0.78335,{"date":172,"score":173,"percentile":174},"2025-11-18",0.00821,0.72311,{"date":176,"score":173,"percentile":177},"2025-11-19",0.7232,{"date":179,"score":173,"percentile":180},"2025-11-20",0.72328,{"date":182,"score":131,"percentile":183},"2025-11-21",0.78363,{"date":185,"score":131,"percentile":186},"2025-11-22",0.78364,{"date":188,"score":131,"percentile":189},"2025-11-23",0.78352,{"date":191,"score":131,"percentile":192},"2025-11-24",0.78351,{"date":194,"score":131,"percentile":195},"2025-11-25",0.78355,{"date":197,"score":131,"percentile":198},"2025-11-26",0.78359,{"date":200,"score":131,"percentile":186},"2025-11-27",{"date":202,"score":131,"percentile":203},"2025-11-28",0.78356,{"date":205,"score":131,"percentile":206},"2025-11-29",0.78361,{"date":208,"score":131,"percentile":209},"2025-11-30",0.78358,{"date":211,"score":131,"percentile":212},"2025-12-01",0.78451,{"date":214,"score":131,"percentile":212},"2025-12-02",{"date":216,"score":131,"percentile":217},"2025-12-03",0.78447,{"date":219,"score":131,"percentile":220},"2025-12-04",0.78347,{"date":222,"score":223,"percentile":224},"2025-12-05",0.01037,0.76737,{"date":226,"score":223,"percentile":227},"2025-12-06",0.7674,{"date":229,"score":223,"percentile":230},"2025-12-07",0.76736,{"date":232,"score":223,"percentile":233},"2025-12-08",0.76742,{"date":235,"score":223,"percentile":236},"2025-12-09",0.76767,{"date":238,"score":223,"percentile":239},"2025-12-10",0.76795,{"date":241,"score":223,"percentile":242},"2025-12-11",0.7681,{"date":244,"score":223,"percentile":245},"2025-12-12",0.7683,{"date":247,"score":223,"percentile":248},"2025-12-13",0.76829,{"date":250,"score":223,"percentile":251},"2025-12-14",0.76827,{"date":253,"score":223,"percentile":254},"2025-12-15",0.76821,{"date":256,"score":223,"percentile":257},"2025-12-16",0.76833,{"date":259,"score":223,"percentile":260},"2025-12-17",0.76844,{"date":262,"score":223,"percentile":263},"2025-12-18",0.76858,{"date":265,"score":223,"percentile":266},"2025-12-19",0.76872,{"date":268,"score":223,"percentile":269},"2025-12-20",0.76865,{"date":271,"score":223,"percentile":263},"2025-12-21",{"date":273,"score":223,"percentile":274},"2025-12-22",0.76854,{"date":276,"score":223,"percentile":277},"2025-12-23",0.76853,{"date":279,"score":223,"percentile":269},"2025-12-24",{"date":281,"score":223,"percentile":282},"2025-12-25",0.76884,{"date":284,"score":285,"percentile":286},"2025-12-26",0.01017,0.76655,{"date":288,"score":289,"percentile":290},"2025-12-27",0.00953,0.75904,{"date":292,"score":285,"percentile":293},"2025-12-28",0.76638,{"date":295,"score":285,"percentile":296},"2025-12-29",0.76633,{"date":298,"score":285,"percentile":299},"2025-12-30",0.76642,{"date":301,"score":285,"percentile":302},"2025-12-31",0.76663,{"date":304,"score":285,"percentile":305},"2026-01-01",0.76792,{"date":307,"score":285,"percentile":239},"2026-01-02",{"date":309,"score":285,"percentile":310},"2026-01-03",0.76794,{"date":312,"score":285,"percentile":313},"2026-01-04",0.76671,{"date":315,"score":285,"percentile":316},"2026-01-05",0.76662,{"date":318,"score":285,"percentile":313},"2026-01-06",{"date":320,"score":285,"percentile":321},"2026-01-07",0.76681,{"date":323,"score":285,"percentile":324},"2026-01-08",0.7669,{"date":326,"score":285,"percentile":327},"2026-01-09",0.76697,{"date":329,"score":285,"percentile":327},"2026-01-10",{"date":331,"score":285,"percentile":332},"2026-01-11",0.76691,{"date":334,"score":285,"percentile":335},"2026-01-12",0.76675,{"date":337,"score":285,"percentile":335},"2026-01-13",{"date":339,"score":285,"percentile":340},"2026-01-14",0.767,{"date":342,"score":285,"percentile":343},"2026-01-15",0.76706,{"date":345,"score":285,"percentile":346},"2026-01-16",0.76716,{"date":348,"score":285,"percentile":346},"2026-01-17",{"date":350,"score":285,"percentile":351},"2026-01-18",0.76708,{"date":353,"score":285,"percentile":354},"2026-01-19",0.76704,{"date":356,"score":285,"percentile":354},"2026-01-20",{"date":358,"score":285,"percentile":359},"2026-01-21",0.76712,{"date":361,"score":285,"percentile":362},"2026-01-22",0.76717,{"date":364,"score":285,"percentile":365},"2026-01-23",0.76748,{"date":367,"score":285,"percentile":368},"2026-01-24",0.76758,{"date":370,"score":285,"percentile":371},"2026-01-25",0.76747,{"date":373,"score":285,"percentile":374},"2026-01-26",0.76746,{"date":376,"score":285,"percentile":371},"2026-01-27",{"date":378,"score":285,"percentile":379},"2026-01-28",0.76756,{"date":381,"score":285,"percentile":382},"2026-01-29",0.7675,{"date":384,"score":285,"percentile":385},"2026-01-30",0.76754,{"date":387,"score":285,"percentile":388},"2026-01-31",0.76751,{"date":390,"score":285,"percentile":391},"2026-02-01",0.76867,[393,403],{"source":71,"cvss_v2_0":394,"cvss_v3_0":399,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":395,"baseSeverity":9,"vectorString":396,"impactScore":397,"exploitabilityScore":398},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":69,"baseSeverity":400,"vectorString":72,"impactScore":401,"exploitabilityScore":402},"MEDIUM",4.2,7.2,{"source":78,"cvss_v2_0":9,"cvss_v3_0":404,"cvss_v3_1":9,"cvss_v4_0":405},{"baseScore":69,"baseSeverity":9,"vectorString":72,"impactScore":401,"exploitabilityScore":402},{"baseScore":406,"baseSeverity":9,"vectorString":407,"impactScore":9,"exploitabilityScore":9},5.1,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",[409,420,428],{"ecosystem":9,"name":410,"vendor":411,"product":410,"cpe_part":412,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":413},"notebook","jupyter","a",[414],{"version":415,"is_range":416,"range_type":417,"version_start":9,"version_start_type":9,"version_end":418,"version_end_type":419,"fixed_in":9},"lt5.7.6",true,"cpe","5.7.6","excluding",{"ecosystem":421,"name":422,"vendor":421,"product":422,"cpe_part":9,"purl_type":423,"purl_namespace":9,"purl_name":422,"source":9,"versions":424},"PyPI","jupyter-notebook","pypi",[425],{"version":426,"is_range":416,"range_type":427,"version_start":9,"version_start_type":9,"version_end":418,"version_end_type":419,"fixed_in":9},"lt5_7_6","ecosystem",{"ecosystem":421,"name":410,"vendor":421,"product":410,"cpe_part":9,"purl_type":423,"purl_namespace":9,"purl_name":410,"source":9,"versions":429},[430],{"version":426,"is_range":416,"range_type":427,"version_start":9,"version_start_type":9,"version_end":418,"version_end_type":419,"fixed_in":9}]