Affected versions of the nbconvert package are vulnerable to Path Traversal due to insufficient sanitisation of image reference paths in the markdown renderer when HTMLExporter.embed_images is enabled. The HTMLExporter resolves relative image paths referenced in notebook markdown cells without restricting them to a permitted directory, allowing sequences that traverse outside the notebook's location to be read and embedded as base64 data URIs in the generated HTML output. An attacker who supplies a malicious notebook to a conversion host can exfiltrate arbitrary sensitive files readable by the converting process, resulting in unauthorised Information Disclosure.

Affected versions of the nbconvert package are vulnerable to Arbitrary File Write via Path Traversal due to unsanitized cell attachment filenames being passed directly to the filesystem. The ExtractAttachmentsPreprocessor writes notebook cell attachments using attacker-controlled filenames that may contain traversal sequences, allowing full control over the destination path, filename, and file extension when processing a crafted notebook. An attacker who convinces a user to convert a malicious notebook can write files with arbitrary content to arbitrary locations on the host filesystem, limited only by the privileges of the process running nbconvert.

The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting (XSS) vulnerabilities if these HTML notebooks are served by a web server (eg: nbviewer).
https://github.com/jupyter/nbconvert/security/advisories/GHSA-9jmq-rx5f-8jwq

Affected versions of the nbconvert package are vulnerable to Uncontrolled Search Path Element due to resolving the inkscape executable on Windows using a search order that includes the current working directory. In nbconvert/preprocessors/svg2pdf.py, the PDF conversion flow for notebooks with SVG outputs locates and executes inkscape without a fully qualified path, allowing a local inkscape.bat to be selected and run.