Reporting security issues in Jupyter or JupyterHub

If you find a security vulnerability in Jupyter or JupyterHub, whether it is a failure of the security model described in Security Overview or a failure in implementation, please report it!

Please use GitHub’s “Report a Vulnerability” button under Security > Advisories on the appropriate repo, e.g. report here for JupyterHub.

You may also send an email to mailto:security@ipython.org, but the GitHub reporting system is preferred. If you prefer to encrypt your security reports, you can use this PGP public key.