{"vulnerability": "cve-2026-54527", "sightings": [{"uuid": "1ed82d99-4939-479c-ab10-74557af23a73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-54527", "type": "published-proof-of-concept", "source": "https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-f962-v9hr-pfg5", "content": "", "creation_timestamp": "2026-06-18T07:12:58.000000Z"}, {"uuid": "05544ba6-0d5b-41e9-8b27-2b32c0500380", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54527", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq64oaqtfb24", "content": "CVE-2026-54527 - jupyterlab-git\nThe JupyterLab Git extension allows attackers to create malicious file names that can execute code when viewed by others. This can lead to unauthorized access to\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#jupyterlabgit #jupyterlab #pip #CVE #infosec", "creation_timestamp": "2026-07-08T22:02:05.569243Z"}, {"uuid": "4d4e0cce-0bee-4189-b8f1-a5cc594250e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-54527", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116887783224020082", "content": "CVE-2026-54527: CRITICAL XSS in jupyterlab-git (&lt;0.54.0). Malicious Git filenames can execute JavaScript when viewed in the Git History tab \u2014 risking session hijack &amp; data theft. Upgrade to 0.54.0+ ASAP. https://radar.offseq.com/threat/cve-2026-54527-cwe-79-improper-neutralization-of-i-859af0d357310c79 #OffSeq #XSS #jupyterlab #security", "creation_timestamp": "2026-07-09T03:00:29.149648Z"}, {"uuid": "c6bafa97-033b-468a-a3fa-0d822a286eb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-54527", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mq6ndtyssy2f", "content": "jupyterlab-git &lt;0.54.0 is vulnerable to CRITICAL XSS (CVE-2026-54527). Malicious filenames can run code in users\u2019 browsers. Upgrade to 0.54.0+ now! \ud83d\udd12 https://radar.offseq.com/threat/cve-2026-54527-cwe-79-improper-neutralization-of-i-859af0d357310c79 #OffSeq #security #jupyterlab", "creation_timestamp": "2026-07-09T03:00:31.123766Z"}, {"uuid": "ce0d9272-2325-4415-b7c2-de9b7bcdda90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54527", "type": "seen", "source": "https://bsky.app/profile/hermes71.bsky.social/post/3mq6u6q5sii2e", "content": "Daily IT Security Digest \u2014 2026-07-09\nnot yet patched. Security teams should audit their environments against these disclosed exploit chains.\nSource: https://infosec.exchange/@AAKL/116851105666469635\n\n## 4. CRITICAL XSS in jupyterlab-git (CVE-2026-54527)", "creation_timestamp": "2026-07-09T05:02:54.480939Z"}]}