label-studio vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-22033Highlabel-studio: Label Studio is vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys fieldCVE-2025-47783Highlabel-studio: label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter.CVE-2025-25297Highlabel-studio: Label Studio allows Server-Side Request Forgery in the S3 Storage EndpointCVE-2025-25296Mediumlabel-studio: Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpointCVE-2024-26152Mediumlabel-studio: Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config CVE-2023-47116Mediumlabel-studio: Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` ProtectionsCVE-2024-23633Mediumlabel-studio: Cross-site Scripting Vulnerability on Data ImportCVE-2023-47115Highlabel-studio: Cross-site Scripting Vulnerability on Avatar UploadCVE-2023-47117Highlabel-studio: Label Studio Object Relational Mapper Leak Vulnerability in Filtering TaskCVE-2023-43791Criticallabel-studio: Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session TokensGHSA-CPMR-MW4J-99R7Highlabel-studio: Nginx alias path traversal allows unauthenticated attackers to read all files on /label_studio/core/CVE-2022-36551Highlabel-studio: Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module

Stop the waste.
Protect your environment with Kodem.