OSV - Open Source Vulnerabilities

GHSA-2mq9-hm29-8qch

PyPI/label-studio

Label Studio is vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field

12 Jan

No fix available
Severity - 8.6 (High)

GHSA-55g9-6c2x-gf8q

PyPI/label-studio-ml

HumanSignal label-studio-ml-backend Deserialization of Untrusted Data vulnerability

26 May 2025

No fix available
Severity - 4.8 (Medium)

GHSA-8jhr-wpcm-hh4h

PyPI/label-studio

label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter.

15 May 2025

Fix available
Severity - 7.6 (High)

PYSEC-2025-124

PyPI/label-studio

See record for full details

14 May 2025

Fix available
Severity - 6.1 (Medium)

GHSA-m238-fmcw-wh58

PyPI/label-studio

Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint

14 Feb 2025

Fix available
Severity - 8.6 (High)

GHSA-wpq5-3366-mqw4

PyPI/label-studio

Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint

14 Feb 2025

Fix available
Severity - 6.1 (Medium)

GHSA-rgv9-w7jp-m23g

PyPI/label-studio-sdk

Label Studio has a Path Traversal Vulnerability via image Field

14 Feb 2025

Fix available
Severity - 8.7 (High)

PYSEC-2024-249

PyPI/label-studio
github.com/humansignal/label-studio

See record for full details

22 Feb 2024

Fix available
Severity - 6.1 (Medium)

GHSA-6xv9-957j-qfhg

PyPI/label-studio

Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config

22 Feb 2024

Fix available
Severity - 4.7 (Medium)

GHSA-p59w-9gqw-wj8r

PyPI/label-studio

Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections

31 Jan 2024

Fix available
Severity - 5.3 (Medium)

PYSEC-2024-127

PyPI/label-studio
github.com/HumanSignal/label-studio

See record for full details

31 Jan 2024

Fix available
Severity - 5.3 (Medium)

GHSA-fq23-g58m-799r

PyPI/label-studio

Cross-site Scripting Vulnerability on Data Import

24 Jan 2024

Fix available
Severity - 4.7 (Medium)

GHSA-q68h-xwq5-mm7x

PyPI/label-studio

Cross-site Scripting Vulnerability on Avatar Upload

24 Jan 2024

Fix available
Severity - 7.1 (High)

PYSEC-2024-128

PyPI/label-studio

See record for full details

24 Jan 2024

Fix available
Severity - 6.1 (Medium)

PYSEC-2024-126

PyPI/label-studio
github.com/HumanSignal/label-studio

See record for full details

23 Jan 2024

Fix available
Severity - 5.4 (Medium)

GHSA-6hjj-gq77-j4qw

PyPI/label-studio

Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task

14 Nov 2023

Fix available
Severity - 7.5 (High)

Load more...(1 page left)