PyPi: Nbgrader

CVE-2025-23205

Safety vulnerability ID: 76357

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jan 17, 2025 Updated at Mar 29, 2025

Scan your Python projects for vulnerabilities →

Advisory

Enabling frame-ancestors: 'self' grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default JupyterHub configuration of enable_subdomains = False.

Affected package

nbgrader

Latest version: 0.9.5

A system for assigning and grading notebooks

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/advisories/GHSA-fcr8-4r9f-r66m
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23205

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application