lfnovo/open-notebook

lfnovo/open-notebook

www.open-notebook.ai

Releases39

Frequency2 weeks 1 day

Last Release 1 day ago

Stars24.3K

An Open Source implementation of Notebook LM with more flexibility and features

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-33588 ↗	May 7, 2026Thursday, 7 May 2026, 11:16	8.1 HIGH	—
Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal.
CVE-2026-33589 ↗	May 7, 2026Thursday, 7 May 2026, 11:16	6.5 MEDIUM	—
Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal.
CVE-2026-28201 ↗	May 7, 2026Thursday, 7 May 2026, 11:16	7.8 HIGH	—
An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration is also possible.
CVE-2026-33587 ↗	May 7, 2026Thursday, 7 May 2026, 11:16	10 CRITICAL	—
Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations.