Config is the same across clients β only the file and path differ.
{
"mcpServers": {
"jupyter": {
"env": {
"JUPYTER_URL": "http://localhost:8888",
"JUPYTER_TOKEN": "MY_TOKEN",
"ALLOW_IMG_OUTPUT": "true"
},
"args": [
"jupyter-mcp-server@latest"
],
"command": "uvx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
An MCP server developed for AI to connect and manage Jupyter Notebooks in real-time
This server supports HTTP transport. Be the first to test it β help the community know if it works.
Five weighted categories β click any category to see the underlying evidence.
JupyterLab: Stored XSS in extension manager through package metadata unsanitized URI protocol
A malicious PyPI package can place a `javascript:` URL in its `[project.urls]` metadata. JupyterLab's Extension Manager renders this as the extension's home-page link without validating the protocol, so a user who clicks the extension name executes attacker-controlled JavaScript in the JupyterLab origin. ### Details One of the PyPI package's URL (jupyterlab/extensions/pypi.py) is copied straight into the `homepage_url` rendered by the frontend in packages/extensionmanager/src/widget.tsx#L77-L8
PYSEC-2026-164
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions_uris) is not correctly enforced by JupyterLab. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This vulnerability is fixed in 4.5.7.
JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content
JupyterLab's HTML sanitizer allowlists `data-commandlinker-command` and `data-commandlinker-args` on `button` elements, while `CommandLinker` listens for all click events on `document.body` and executes the named command without checking whether the element came from trusted JupyterLab UI. A notebook with a pre-saved HTML cell output containing a deceptive button can trigger arbitrary JupyterLab commands - including arbitrary code execution - on a single user click, without any code being submit
Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS
### Impact A stored Cross-Site Scripting (XSS) vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls (single click interaction). The vulnerability enables complete account takeover through the Jupyter REST API, allowing the attacker to: 1. Read all files 2. Modify/create files 3. Access running kernels and execute arbitra
JupyterLab LaTeX typesetter links did not enforce `noopener` attribute
Links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the `noopener` attribute. This is deemed to have no impact on the default installations. Theoretically users of third-party LaTeX-rendering extensions could find themselves vulnerable to reverse tabnabbing attacks if: - links generated by those extensions included `target=_blank` (no such extensions are known at time of writing) and - they were to click on a link genera
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience β it helps other developers decide.
Sign in to write a review.
Others in developer-tools / data
XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.
Copy/paste detector for programming source code, supports 223 formats. AI-ready with token-efficient reporter, skill and MCP server.
Context7 Platform -- Up-to-date code documentation for LLMs and AI code editors
A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.
MCP Security Weekly
Get CVE alerts and security updates for Jupyter Mcp Server and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.