| CVE-2022-36551 |
unknown |
— |
1.0 |
|
|
|
4y ago |
A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the sys… |
| CVE-2026-22033 |
unknown |
— |
— |
|
|
|
5mo ago |
Label Studio is vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field |
| CVE-2025-47783 |
unknown |
— |
— |
|
|
|
1y ago |
Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can l… |
| CVE-2025-25297 |
unknown |
— |
— |
|
|
|
1y ago |
Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint |
| CVE-2025-25296 |
unknown |
— |
— |
|
|
|
1y ago |
Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint |
| CVE-2024-26152 |
unknown |
— |
— |
|
|
|
2y ago |
### Summary
On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a [`Choices`](https://labelstud.io/tags/choice… |
| CVE-2023-47116 |
unknown |
— |
— |
|
|
|
2y ago |
Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that … |
| CVE-2024-23633 |
unknown |
— |
— |
|
|
|
2y ago |
Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to ver… |
| CVE-2023-47115 |
unknown |
— |
— |
|
|
|
2y ago |
Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting (XSS) vulnerability that could be exploited when an authenticated user uploads a craft… |
| CVE-2023-47117 |
unknown |
— |
— |
|
|
|
3y ago |
Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker… |
| CVE-2023-43791 |
unknown |
— |
— |
|
|
|
3y ago |
Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any accou… |
