label-studio Security Advisories - Pypi

label-studio

pypi · Label Studio annotation tool · Repository · Package

Security Advisories for label-studio in pypi

High

5 months ago

label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter. GSA_kwCzR0hTQS04amhyLXdwY20taGg0aM4ABH5I

pypi label-studio

High

8 months ago

Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint GSA_kwCzR0hTQS1tMjM4LWZtY3ctd2g1OM4ABEei

pypi label-studio

Moderate

8 months ago

Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint GSA_kwCzR0hTQS13cHE1LTMzNjYtbXF3NM4ABEeh

pypi label-studio

Moderate

over 1 year ago

Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config GSA_kwCzR0hTQS02eHY5LTk1N2otcWZoZ84AA5dt

pypi label-studio

Moderate

over 1 year ago

Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections GSA_kwCzR0hTQS1wNTl3LTlncXctd2o4cs4AA497

pypi label-studio

Moderate

over 1 year ago

Cross-site Scripting Vulnerability on Data Import GSA_kwCzR0hTQS1mcTIzLWc1OG0tNzk5cs4AA4qW

pypi label-studio

High

over 1 year ago

Cross-site Scripting Vulnerability on Avatar Upload GSA_kwCzR0hTQS1xNjhoLXh3cTUtbW03eM4AA4qV

pypi label-studio

High

almost 2 years ago

Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task GSA_kwCzR0hTQS02aGpqLWdxNzctajRxd84AA3GL

pypi label-studio

Critical

almost 2 years ago

Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens GSA_kwCzR0hTQS1mNDc1LXg4M20tcng1bc4AA3Ax

pypi label-studio

High

over 2 years ago

Nginx alias path traversal allows unauthenticated attackers to read all files on /label_studio/core/ GSA_kwCzR0hTQS1jcG1yLW13NGotOTlyN84AAyUM

pypi label-studio

High

almost 3 years ago

Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module GSA_kwCzR0hTQS1wYzZmLTI1OXctdzNqNs4AAvKN

pypi label-studio

Filter by Severity

High 6 Moderate 4 Critical 1

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

label-studio

label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter. GSA_kwCzR0hTQS04amhyLXdwY20taGg0aM4ABH5I

Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint GSA_kwCzR0hTQS1tMjM4LWZtY3ctd2g1OM4ABEei

Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint GSA_kwCzR0hTQS13cHE1LTMzNjYtbXF3NM4ABEeh

Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config GSA_kwCzR0hTQS02eHY5LTk1N2otcWZoZ84AA5dt

Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections GSA_kwCzR0hTQS1wNTl3LTlncXctd2o4cs4AA497

Cross-site Scripting Vulnerability on Data Import GSA_kwCzR0hTQS1mcTIzLWc1OG0tNzk5cs4AA4qW

Cross-site Scripting Vulnerability on Avatar Upload GSA_kwCzR0hTQS1xNjhoLXh3cTUtbW03eM4AA4qV

Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task GSA_kwCzR0hTQS02aGpqLWdxNzctajRxd84AA3GL

Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens GSA_kwCzR0hTQS1mNDc1LXg4M20tcng1bc4AA3Ax

Nginx alias path traversal allows unauthenticated attackers to read all files on /label_studio/core/ GSA_kwCzR0hTQS1jcG1yLW13NGotOTlyN84AAyUM

Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module GSA_kwCzR0hTQS1wYzZmLTI1OXctdzNqNs4AAvKN

Filter by Severity