Jupyter Mcp Server

🪐 🔧 Model Context Protocol (MCP) Server for Jupyter.

CommunityActiveNot testedUpdated 4/3/2026

Design Developer Tools Productivity

★ 976PyPI

Edit this page

MCPpedia
Score

No CVEsActive17 toolsstdioremoteBSD-3-Clause

How we score →

Should you use this server?

🪐 🔧 Model Context Protocol (MCP) Server for Jupyter.

✓

Is it safe?

No known CVEs for jupyterlab. 5 previously resolved.

No authentication — any process on your machine can connect to this server.

BSD-3-Clause. View license →

Last scanned 0 days ago.

✓

Is it maintained?

Last commit 1 days ago. 976 GitHub stars.

Will it work with my client?

Transport: stdio, sse, http. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

How much context will it use?

17 tools. Estimated ~900 tokens of your context window (0.4% of 200K).

Tools (17)

list_files

List files and directories in the Jupyter server's file system.

list_kernels

List all available and running kernel sessions on the Jupyter server.

connect_to_jupyter

Connect to a Jupyter server dynamically without restarting the MCP server. Not available when running as Jupyter extension. Useful for switching servers dynamically or avoiding hardcoded configuration.

use_notebook

Connect to a notebook file, create a new one, or switch between notebooks.

list_notebooks

List all notebooks available on the Jupyter server and their status

restart_notebook

Restart the kernel for a specific managed notebook.

unuse_notebook

Disconnect from a specific notebook and release its resources.

read_notebook

Read notebook cells source content with brief or detailed format options.

read_cell

Read the full content (Metadata, Source and Outputs) of a single cell.

insert_cell

Insert a new code or markdown cell at a specified position.

Score Breakdown

MCPpedia Score

Click each category to see evidence

86A

Scored just now

How we score →

Security

30/30

Last scanned just now

No open vulnerabilities. 5 fixed CVEs.

✓

CVEs — 5 fixed CVEs — update to 4.4.8+check OSV.dev \u2192

○

Authentication — None required — easy to connect

✓

License — BSD-3-Clauseview license \u2192

✓

Repository — Activeview repo \u2192

✗

MCPpedia review — Not yet reviewed by MCPpedia

Advisories (0 open, 5 fixed)

mediumCVSS 4CVE-2025-59842Fixed

JupyterLab LaTeX typesetter links did not enforce `noopener` attribute

Embed this score in your READMEPreview badge

[![MCPpedia Score](https://mcppedia.org/api/badge/jupyter-mcp-server)](https://mcppedia.org/s/jupyter-mcp-server)

Links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the `noopener` attribute. This is deemed to have no impact on the default installations. Theoretically users of third-party LaTeX-rendering extensions could find themselves vulnerable to reverse tabnabbing attacks if: - links generated by those extensions included `target=_blank` (no such extensions are known at time of writing) and - they were to click on a link genera

lowCVSS 3.1CVE-2024-43805Fixed

HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering

### Impact The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. ### Patches JupyterLab v3.6.8, v4.2.5 and Jupyter Notebook v7.2.2 were patched. ### Workarounds There is no workaround for the underlying DOM Clobbering susceptibility. However, select plugins

Fixed in 3.6.8Published Aug 29, 2024source \u2192

lowCVSS 3.1CVE-2024-22421Fixed

JupyterLab vulnerable to potential authentication and CSRF tokens leak

### Impact Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken` tokens exposed to a third party when running an older `jupyter-server` version. ### Patches JupyterLab 4.1.0b2, 4.0.11, and 3.6.7 were patched. ### Workarounds No workaround has been identified, however users should ensure to upgrade `jupyter-server` to version 2.7.2 or newer which includes a redirect vulnerability fix. ### References Vulnerability reported by user @davwwwx via the [bug

Fixed in 4.0.11Published Jan 19, 2024source \u2192

lowCVSS 3.1CVE-2024-22420Fixed

JupyterLab vulnerable to SXSS in Markdown Preview

### Impact The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. ### Patches JupyterLab v4.0.11 was patched. ### Workarounds Users can either disable the table of contents extension by running: ```bash jupyter labextension disable @jupyterlab/toc-extension

Fixed in 4.0.11Published Jan 19, 2024source \u2192

infoCVE-2021-32797Fixed

PYSEC-2021-130

JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html `<form>`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook.

Fixed in 504825938c0abfa2fb8ff8d529308830a5ae42edPublished Aug 9, 2021source \u2192

Jupyter Mcp Server

Should you use this server?

Quick Install

Test This Server

Tools (17)

Score Breakdown

MCPpedia Score

Security

Advisories (0 open, 5 fixed)

Reviews

Discussion