Overview · lfnovo/open-notebook · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

Arbitrary file read via Local File Inclusion in source creation
GHSA-842v-h4cj-r646 published Apr 9, 2026 by lfnovo

High
Arbitrary file write via path traversal in file upload
GHSA-x4q2-89g5-594v published Apr 9, 2026 by lfnovo

High
Remote Code Execution via Jinja2 Server-Side Template Injection in transformations
GHSA-f35w-wx37-26q7 published Apr 9, 2026 by lfnovo

Critical
SurrealDB injection via unsanitized order_by parameter
GHSA-5wj9-f8q5-8f9c published Apr 7, 2026 by lfnovo

High

Learn more about advisories related to lfnovo/open-notebook in the GitHub Advisory Database