GCVE - cpe:2.3:a:jupyter:jupyter_core:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:jupyter:jupyter_core:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Jupyter (`3170fc95-7dab-5fb9-942d-251eb444755d`)
Product	Jupyter Core (`0f1287c6-b08d-597f-ac40-d1135d29b814`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/jupyter-core`	purl2cpe	2026-06-01 10:17:17.367941
`pkg:deb/ubuntu/jupyter-core`	purl2cpe	2026-06-01 10:17:17.367945
`pkg:github/jupyter/jupyter_core`	purl2cpe	2026-06-01 10:17:17.367948
`pkg:pypi/jupyter-core`	purl2cpe	2026-06-01 10:17:17.367951
`pkg:rpm/fedora/python-jupyter-core`	purl2cpe	2026-06-01 10:17:17.367955
`pkg:rpm/opensuse/python-jupyter-core`	purl2cpe	2026-06-01 10:17:17.367958

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-30167`	vulnerable	2026-06-03 15:00:27.430819	Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability HIGH (7.3) Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected `%PROGRAMDATA%` are affected. Users should upgrade to Jupyter Core version 5.8.0 or later to receive a patch. Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA%\jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user). Published: 2025-06-03T16:42:16.357Z Updated: 2026-01-23T16:31:03.690Z Open on db.gcve.eu Reference links https://github.com/jupyter/jupyter_core/security/advisories/GHSA-33p9-3p43-82vq https://github.com/jupyter/jupyter_core/commit/5e8965600adda6b416692ce7e85ecb2bd814bd52	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-39286`	vulnerable	2026-06-03 14:47:51.397148	Execution with Unnecessary Privileges in JupyterApp HIGH (8.8) Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds. Published: 2022-10-26T00:00:00.000Z Updated: 2025-04-23T16:43:15.864Z Open on db.gcve.eu Reference links https://github.com/jupyter/jupyter_core/security/advisories/GHSA-m678-f26j-3hrp https://github.com/jupyter/jupyter_core/commit/1118c8ce01800cb689d51f655f5ccef19516e283 https://lists.debian.org/debian-lts-announce/2022/11/msg00022.html https://security.gentoo.org/glsa/202301-04 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YIDN7JMLK6AOMBQI4QPSW4MBQGWQ5NIN/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.