pkg:PyPI/label-studio

共 19 筆 CVECRITICAL2HIGH5MEDIUM11

✅ 檢查你的版本

所有已知漏洞

  • CRITICAL9.8CVE-2023-43791Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
    from 0, < 3d06c5131c15600621e08b06f07d976887cde81b | from 0, < 1.8.2
  • CRITICAL9.8CVE-2023-43791Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
    from 0, < 1.8.2
  • HIGH8.6CVE-2025-25297Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint
    from 0, < 1.16.0
  • HIGH7.5CVE-2023-47117Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task
    from 0, < f931d9d129002f54a495995774ce7384174cef5c | from 0, < 1.9.2
  • HIGH7.5CVE-2023-47117Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task
    from 0, < 1.9.2.post0
  • HIGH7.1CVE-2023-47115Cross-site Scripting Vulnerability on Avatar Upload
    from 0, < 1.9.2
  • HIGH7.1CVE-2023-47115Cross-site Scripting Vulnerability on Avatar Upload
    from 0, < a7a71e594f32ec4af8f3f800d5ccb8662e275da3 | from 0, < 1.9.2
  • MEDIUM6.5CVE-2022-36551Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module
    from 0, < 1.5.0.post0
  • MEDIUM6.5CVE-2022-36551Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module
    from 0, < 1.6.0
  • MEDIUM6.1CVE-2025-47783label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter.
    from 0, < 1.18.0
  • MEDIUM6.1CVE-2025-47783label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter.
    from 0, < 1.18.0
  • MEDIUM6.1CVE-2025-25296Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint
    from 0, < 1.16.0
  • MEDIUM5.3CVE-2023-47116Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections
    from 0, < 1.11.0
  • MEDIUM5.3CVE-2023-47116Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections
    from 0, < 55dd6af4716b92f2bb213fe461d1ffbc380c6a64 | from 0, < 1.11.0
  • MEDIUM4.7CVE-2024-26152Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config
    from 0, < 1.11.0
  • MEDIUM4.7CVE-2024-26152Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config
    from 0, < 5df9ae3828b98652e9fa290a19f4deedf51ef6c8, < 5df9ae3828b98652e9fa290a19f4deedf51ef6c8 | from 0, < 1.11.0
  • MEDIUM4.7CVE-2024-23633Cross-site Scripting Vulnerability on Data Import
    from 0, < 1.10.1
  • MEDIUM4.7CVE-2024-23633Cross-site Scripting Vulnerability on Data Import
    from 0, < 1.10.1
  • CVE-2026-22033Label Studio is vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field
    from 0, <= 1.22.0