nbconvert

PyPI3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting nbconvertpage 1 of 1

CVE-2021-32862HIGHCVSS 7.5EG 7.5✓ Fixed in 6.3.0a0
2022-08-18
vulnerable: 0.0.0 ... 6.2.0rc2 (42 versions)
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which m…
CVE-2026-39377MEDIUMCVSS 6.5EG 6.5✓ Fixed in 7.17.1
2026-04-21
vulnerable: 6.5.0 ... 7.9.2 (53 versions)
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing note…
CVE-2026-39378MEDIUMCVSS 6.5EG 6.5✓ Fixed in 7.17.1
2026-04-21
vulnerable: 6.5.0 ... 7.9.2 (53 versions)
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when `HTMLExporter.embed_images=True`, nbconvert's markdown renderer allows arbitrary file read…

Check whether nbconvert is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for nbconvert CVEs against the assets you own.

Start Free Scan →