Security Advisories for label-studio in pypi
High
5 months ago
label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter.
pypi
label-studio
High
8 months ago
Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint
pypi
label-studio
Moderate
8 months ago
Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint
pypi
label-studio
Moderate
over 1 year ago
Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config
pypi
label-studio
Moderate
over 1 year ago
Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections
pypi
label-studio
High
almost 2 years ago
Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task
pypi
label-studio
Critical
almost 2 years ago
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
pypi
label-studio
High
over 2 years ago
Nginx alias path traversal allows unauthenticated attackers to read all files on /label_studio/core/
pypi
label-studio
High
about 3 years ago
Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module
pypi
label-studio