Is Mcp Server Jupyter safe to use?

Mcp Server Jupyter has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Mcp Server Jupyter?

Mcp Server Jupyter supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can Mcp Server Jupyter do?

Mcp Server Jupyter provides 6 tools: read_notebook_with_outputs, read_notebook_source_only, read_output_of_cell, add_cell, edit_cell and 1 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Mcp Server Jupyter?

Mcp Server Jupyter is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.

Is Mcp Server Jupyter actively maintained?

Mcp Server Jupyter is not actively maintained — last commit was 471 days ago. It has 31 GitHub stars.

Mcp Server Jupyter

Name: Mcp Server Jupyter
Author: ihrpr

jupyterlab · by ihrpr

MCP server for Jupyter Notebooks and JupyterLab

31 6 tools GitHub PyPI

No known CVEs

MIT license

Stale

Last commit 471d ago

Works with most clients

Transport: stdio, http

6 tools · ~579 tok

Grade B · 0.3% of 200K ctx

Edit this pageView history

Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "mcp-server-jupyter": {
      "args": [
        "jupyterlab"
      ],
      "command": "uvx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-server-jupyter)](https://mcppedia.org/s/mcp-server-jupyter)

Read me

What Mcp Server Jupyter does

An MCP server for managing and interacting with Jupyter notebooks programmatically.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'jupyterlab' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

72/100across 5 weighted dimensions

How we score →

0255075100

−28

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

8 fixed

CVE-2026-42557medium · fixedCVSS 4

JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content

JupyterLab's HTML sanitizer allowlists `data-commandlinker-command` and `data-commandlinker-args` on `button` elements, while `CommandLinker` listens for all click events on `document.body` and executes the named command without checking whether the element came from trusted JupyterLab UI. A notebook with a pre-saved HTML cell output containing a deceptive button can trigger arbitrary JupyterLab commands - including arbitrary code execution - on a single user click, without any code being submit

Affected: >= 0Fixed in 4.5.7source →

CVE-2026-42266low · fixedCVSS 3.1

JupyterHub has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request

The allow-list of extensions that can be installed from PyPI Extension Manager (`allowed_extensions_uris`) is not correctly enforced by JupyterLab prior to 4.5.X. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This has security implications for deployments that: - have allow-listed specific extensions with aim to prevent users from installing packages - have the kernel and terminals disabled or delegated to remote hosts (thus no access to install pack

Affected: >= 4.0.0Fixed in 4.5.7source →

CVE-2026-40171medium · fixedCVSS 4

Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS

### Impact A stored Cross-Site Scripting (XSS) vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls (single click interaction). The vulnerability enables complete account takeover through the Jupyter REST API, allowing the attacker to: 1. Read all files 2. Modify/create files 3. Access running kernels and execute arbitra

Affected: >= 7.0.0Fixed in 7.5.6source →

CVE-2025-59842medium · fixedCVSS 4

JupyterLab LaTeX typesetter links did not enforce `noopener` attribute

Links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the `noopener` attribute. This is deemed to have no impact on the default installations. Theoretically users of third-party LaTeX-rendering extensions could find themselves vulnerable to reverse tabnabbing attacks if: - links generated by those extensions included `target=_blank` (no such extensions are known at time of writing) and - they were to click on a link genera

Affected: >= 0Fixed in 4.4.8source →

CVE-2024-43805low · fixedCVSS 3.1

HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering

### Impact The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. ### Patches JupyterLab v3.6.8, v4.2.5 and Jupyter Notebook v7.2.2 were patched. ### Workarounds There is no workaround for the underlying DOM Clobbering susceptibility. However, select plugins

Affected: >= 0Fixed in 3.6.8source →

Inventory

Tools (6)

Click any tool to inspect its schema.

~579 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp Server Jupyter safe to use?: Mcp Server Jupyter has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Mcp Server Jupyter?: Mcp Server Jupyter supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Mcp Server Jupyter do?: Mcp Server Jupyter provides 6 tools: read_notebook_with_outputs, read_notebook_source_only, read_output_of_cell, add_cell, edit_cell and 1 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Mcp Server Jupyter?: Mcp Server Jupyter is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.
Is Mcp Server Jupyter actively maintained?: Mcp Server Jupyter is not actively maintained — last commit was 471 days ago. It has 31 GitHub stars.

Similar servers

Others in developer-tools

View all →

XcodeBuildMCP97

XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.

5.6k 1

Supabase MCP Server97

Manage Supabase projects — databases, auth, storage, and edge functions

2.7k 4

XcodeBuildMCP97

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

5.6k 2

Mcp Gitlab96

MCP server for using the GitLab API

1.5k 12

MCP Security Weekly

Get CVE alerts and security updates for Mcp Server Jupyter and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "mcp-server-jupyter": {
      "args": [
        "jupyterlab"
      ],
      "command": "uvx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-server-jupyter)](https://mcppedia.org/s/mcp-server-jupyter)

Read me

What Mcp Server Jupyter does

An MCP server for managing and interacting with Jupyter notebooks programmatically.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'jupyterlab' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

mcp-server-jupyter

An MCP server for managing and interacting with Jupyter notebooks programmatically.

Components

Tools

The server provides six tools for notebook manipulation:

read_notebook_with_outputs: Read a notebook's content including cell outputs
- Required: notebook_path (string)
read_notebook_source_only: Read notebook content without outputs
- Required: notebook_path (string)
- Use when size limitations prevent reading full notebook with outputs
read_output_of_cell: Read output of a specific cell
- Required:
  - notebook_path (string)
  - cell_id (string)
add_cell: Add new cell to notebook
- Required:
  - notebook_path (string)
  - source (string)
- Optional:
  - cell_type (string): "code" or "markdown"
  - position (integer): insertion index (-1 to append)
edit_cell: Modify existing cell content
- Required:
  - notebook_path (string)
  - cell_id (string): Unique ID of the cell to edit
  - source (string)
execute_cell: Execute a specific cell and return its output
- Required:
  - notebook_path (string)
  - cell_id (string)
- Useful for verifying cell execution and output

Usage with Claude Desktop

Step1: Start JupyterLab or Jupyter Notebook

By using uv to run Jupyter notebooks it's much easier to manage venv and package installations.

Follow uv jupyter docummentation for more details.

uv venv --seed
source .venv/bin/activate
uv pip install jupyterlab
.venv/bin/jupyter lab

NOTE: this environment should be used as UV_PROJECT_ENVIRONMENT env variable in MCP server (next step). Run in the same folder where Jupyter started.

echo $(pwd)/.venv

Step2: Configure Claude Desctop Add this configuration to your Claude Desktop config file:

PyPi package:

// ~/Library/Application Support/Claude/claude_desktop_config.json
{
  "mcpServers": {
    "Jupyter-notebook-manager": {
      "command": "uv",
      "args": ["run", "--with", "mcp-server-jupyter", "mcp-server-jupyter"],
      "env": {
        "UV_PROJECT_ENVIRONMENT": "/path/to/venv_for_jupyter/.venv"
      }
    }
  }
}

Git repo fork

// ~/Library/Application Support/Claude/claude_desktop_config.json
{
  "mcpServers": {
    "Jupyter-notebook-manager": {
      "command": "uv",
      "args": [
        "run",
        "--directory",
        "/Users/inna/mcp-server-jupyter/src/mcp_server_jupyter",
        "mcp-server-jupyter"
      ],
      "env": {
        "UV_PROJECT_ENVIRONMENT": "/path/to/venv_for_jupyter/.venv"
      }
    }
  }
}

Step 3: Open Notebook & Claude Chat

Open or create a notebook in JupyterLab/Jupyter Notebook

Get the full path to your notebook:

In JupyterLab: Right-click on the notebook in the file browser → "Copy Path"
In Jupyter Notebook: Copy the path from the URL (modify to full system path)

In Claude Desktop chat:

Always use the full path to the notebook when calling tools
Example: /Users/username/projects/my_notebook.ipynb

Important Notes:

After any modifications through Claude (add_cell, edit_cell):
- Reload the notebook page in JupyterLab/Jupyter Notebook
- Current version does not support automatic reload
Keep JupyterLab/Jupyter Notebook instance running while working with Claude

License

This project is licensed under the MIT License. See the LICENSE file for details.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

72/100across 5 weighted dimensions

How we score →

0255075100

−28

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

8 fixed

CVE-2026-42557medium · fixedCVSS 4

JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content

Affected: >= 0Fixed in 4.5.7source →

CVE-2026-42266low · fixedCVSS 3.1

JupyterHub has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request

Affected: >= 4.0.0Fixed in 4.5.7source →

CVE-2026-40171medium · fixedCVSS 4

Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS

Affected: >= 7.0.0Fixed in 7.5.6source →

CVE-2025-59842medium · fixedCVSS 4

JupyterLab LaTeX typesetter links did not enforce `noopener` attribute

Affected: >= 0Fixed in 4.4.8source →

CVE-2024-43805low · fixedCVSS 3.1

HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering

Affected: >= 0Fixed in 3.6.8source →

Inventory

Tools (6)

Click any tool to inspect its schema.

~579 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp Server Jupyter safe to use?: Mcp Server Jupyter has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Mcp Server Jupyter?: Mcp Server Jupyter supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Mcp Server Jupyter do?: Mcp Server Jupyter provides 6 tools: read_notebook_with_outputs, read_notebook_source_only, read_output_of_cell, add_cell, edit_cell and 1 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Mcp Server Jupyter?: Mcp Server Jupyter is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.
Is Mcp Server Jupyter actively maintained?: Mcp Server Jupyter is not actively maintained — last commit was 471 days ago. It has 31 GitHub stars.