Latest version: v1.16.0
| CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
|---|---|---|---|---|---|
| CVE-2023-47117 | 62286 |
Label-studio 1.9.2.post0 includes a fix for CVE-2023-47117: In all cu… |
|
HIGH | 7.5 |
| CVE-2023-47115 | 64636 |
The vulnerability identified in Label Studio, a popular open-source d… |
|
MEDIUM | 5.4 |
| CVE-2023-43791 | 62254 |
Label-studio 1.8.2 includes a fix for CVE-2023-43791: There is a vuln… |
|
HIGH | 8.8 |
| PVE-2024-64704 | 64704 |
Label Studio version 1.8.0 introduces an extension check during file … |
|
- | - |
| PVE-2023-99958 | 60895 |
Label-studio throughout 1.7.1 are vulnerable to path traversal via Ng… |
|
- | - |
| PVE-2024-64714 | 64714 |
Label-studio 1.5.0 includes a fix from OWASP security check. https:/… |
|
- | - |
| CVE-2025-25297 | 76335 |
Label Studio allows Server-Side Request Forgery in the S3 Storage End… |
|
- | - |
| CVE-2025-25296 | 76336 |
Label Studio allows Cross-Site Scripting (XSS) via GET request to `/p… |
|
- | - |
| PVE-2024-71100 | 71100 |
Label-studio version 1.12.1 addresses a security issue involving inco… |
|
- | - |
| CVE-2023-47116 | 64822 |
Label-studio 1.11.0 addresses the CVE-2023-47116 by introducing more … |
|
MEDIUM | 5.3 |
| CVE-2024-26152 | 66696 |
Label Studio before 1.11.0 is vulnerable to cross-site scripting (XSS… |
|
- | - |
| CVE-2024-23633 | 64643 |
Label Studio before 1.10.1 fixes a remote import feature that allows … |
|
MEDIUM | 6.1 |
| PVE-2024-64709 | 64709 |
Label Studio 1.10.1 addresses the CVE-2024-2363. It could allow an at… |
|
- | - |
| CVE-2022-36551 | 54502 |
A Server Side Request Forgery (SSRF) in the Data Import module in Hea… |
|
MEDIUM | 6.5 |
| PVE-2024-99780 | 66057 |
Label Studio before 0.9.1 is susceptible to an arbitrary code executi… |
|
- | - |
| CVE-2021-34552 | 64706 |
Label-studio version 0.0.45 has updated its Pillow library dependency… |
|
CRITICAL | 9.8 |