The Jupyter Security Subproject exists to provide help and advice to Jupyter users, operators, and developers on security topics and to help coordinate handling of security issues.
Known vulnerabilities are tracked using the CVE vendor ID 15653 for Jupyter.
GitHub provides alerts about vulnerable dependencies. If your supply chain includes Jupyter projects, these alerts can help you respond to vulnerabilities quickly and easily.
Several Jupyter projects maintain security-related documentation regarding usage or deployment of Jupyter software.
We are working to identify and coordinate security efforts across the Jupyter community and within all the various subprojects. The Jupyter Security GitHub repo has information how to participate and contribute. For discussion, please use the special Discourse security topic on the Jupyter Discourse server.