Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
Nothing found by this check. ✓
Packages you depend on that have known security holes (CVEs).
Nothing found by this check. ✓
Your dependencies cross-checked against the OSV vulnerability database.
GHSA-24qx-w28j-9m6p Jupyter Server has a CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat` (from huntr)GHSA-5789-5fc7-67v3 Jupyter Server: Path Traversal via incorrect startswith() root directory check allows access to sibling directoriesGHSA-5mrq-x3x5-8v8f Jupyter Server's Authentication Cookies Remain Valid After Password Reset and Server RestartGHSA-hrw6-wg82-cm62 Jupyter server on Windows discloses Windows user password hashGHSA-xm59-rqc7-hhvf nbconvert has an uncontrolled search path that leads to unauthorized code execution on WindowsGHSA-65pc-fj4g-8rjx Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fixPYSEC-2023-272 The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests cPYSEC-2024-165 The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows usePYSEC-2026-67 Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._rediPYSEC-2026-68 Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_diPYSEC-2026-69 Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runtiGHSA-h56g-gq9v-vc8r jupyter-server errors include tracebacks with path informationGHSA-qh7q-6qm3-653w Jupyter Server has an open redirection vulnerability in `next` query parameterGHSA-4c99-qj7h-p3vg nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment FilenamesGHSA-7jqv-fw35-gmx9 nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image EmbeddingCode that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
Nothing found by this check. ✓
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
scorecard-overall OpenSSF Scorecard overall: 3.5/10scorecard-CI-Tests CI-Tests scored 0: 0 out of 30 merged PRs checked by a CI test -- score normalized to 0scorecard-CII-Best-Practices CII-Best-Practices scored 0: no effort to earn an OpenSSF best practices badge detectedscorecard-Dependency-Update-Tool Dependency-Update-Tool scored 0: no update tool detectedscorecard-Fuzzing Fuzzing scored 0: project is not fuzzedscorecard-Maintained Maintained scored 0: 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0scorecard-SAST SAST scored 0: SAST tool is not run on all commits -- score normalized to 0scorecard-Security-Policy Security-Policy scored 0: security policy file not detected