Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Fedora 44 python-jupytext Important Denial of Service 2026-301cbbe347

fedora
Calendar Grey May 17, 2026
Dist Fedora Esm H88
Critical updates for python-jupytext on Fedora, addressing multiple npm security issues including denial of service.
This update contains upgrades to various npm packages used during the build to address CVEs, namely: CVE-2025-69873 (ajv) CVE-2026-0540 (DOMPurify) CVE-2026-3449 (@tootallnate/once...

Summary

Have you always wished Jupyter notebooks were plain text documents? Wished

you could edit them in your favorite IDE? And get clear and meaningful diffs

when doing version control? Then... Jupytext may well be the tool you're

looking for!

Jupytext is a plugin for Jupyter that can save Jupyter notebooks as

- Markdown files (or MyST Markdown files, or R Markdown or Quarto text

notebooks)

- Scripts in many languages.

Common use cases for Jupytext are:

- Doing version control on Jupyter Notebooks

- Editing, merging or refactoring notebooks in your favorite text editor

- Applying Q&A checks on notebooks.

Update Information:

This update contains upgrades to various npm packages used during the build to address CVEs, namely: CVE-2025-69873 (ajv) CVE-2026-0540 (DOMPurify) CVE-2026-3449 (@tootallnate/once) CVE-2026-4800 (lodash) CVE-2026-6321 (fast-uri) CVE-2026-41240 (DOMPurify) This is probably unimportant since these packages are used at build-time only. They are not shipped with python3-jupytext and therefore do not affect runtime.

Topics%20covered

Topics Covered

security advisory denial of service fedora Javascript important npm

Change Log

* Thu May 7 2026 Jerry James - 1.19.1-4 - Update various npm components used in the build - Fix CVE-2025-69873: update ajv to 6.15.0/8.20.0 - Fix CVE-2026-0540 and CVE-2026-41240: update DOMPurify to 3.4.2 - Fix CVE-2026-3449: update @tootallnate/once to 3.0.1 - Fix CVE-2026-4800: update lodash to 4.18.1 - Fix CVE-2026-6321: update fast-uri to 3.1.2

References


[ 1 ] Bug #2444210 - CVE-2026-3449 python-jupytext: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2444210 [ 2 ] Bug #2444288 - CVE-2026-0540 python-jupytext: DOMPurify: Cross-site scripting vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2444288 [ 3 ] Bug #2454050 - CVE-2026-4800 python-jupytext: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454050 [ 4 ] Bug #2463432 - CVE-2026-41240 python-jupytext: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2463432 [ 5 ] Bug #2466943 - CVE-2026-6321 python-jupytext: fast-uri: Path traversal vulnerability allows bypass of security policies [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=246...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-301cbbe347' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: python-jupytext
Product: Fedora 44
Version: 1.19.1
Release: 4.fc44
URL: https://jupytext.readthedocs.io/
Summary: Save Jupyter notebooks as text documents or scripts

Topics%20covered

Topics Covered

security advisory denial of service fedora Javascript important npm

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here