20 Total advisories
20 Vulnerabilities
0 Malware
Vulnerabilities
MEDIUM 6.1
CVE-2024-26152
CVE-2024-26152
MEDIUM 4.7
CVE-2024-26152
Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config
UNKNOWN
CVE-2022-36551
CVE-2022-36551
UNKNOWN
CVE-2025-47783
label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter.
MEDIUM 6.1
CVE-2025-47783
CVE-2025-47783
UNKNOWN
CVE-2026-22033
Label Studio is vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field
MEDIUM 6.1
CVE-2025-25296
Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint
HIGH 8.6
CVE-2025-25297
Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint
HIGH 7.5
GHSA-cpmr-mw4j-99r7
Nginx alias path traversal allows unauthenticated attackers to read all files on /label_studio/core/
MEDIUM 4.7
CVE-2024-23633
Cross-site Scripting Vulnerability on Data Import
HIGH 7.5
CVE-2023-47117
Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task
HIGH 7.1
CVE-2023-47115
Cross-site Scripting Vulnerability on Avatar Upload
CRITICAL 9.8
CVE-2023-43791
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
MEDIUM 5.3
CVE-2023-47116
Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections
MEDIUM 5.3
CVE-2023-47116
CVE-2023-47116
MEDIUM 6.1
CVE-2024-23633
CVE-2024-23633
MEDIUM 5.4
CVE-2023-47115
CVE-2023-47115
HIGH 8.8
CVE-2023-43791
CVE-2023-43791
HIGH 7.5
CVE-2023-47117
CVE-2023-47117
MEDIUM 6.5
CVE-2022-36551
Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module
Ready to move
Start Securing
Free, no credit card | First findings in minutes