CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

178 matches found

Label Studio - Cross-Site Scripting

Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. id: CVE-2023-47115 info: name: Label Studio - Cross-Site Scripting author: isaca...

7.1CVSS6.4AI score0.01448EPSS

Exploits1References5

Nuclei•added 13 hours ago•50 views

Label Studio - Sensitive Information Exposure

An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper ORM. Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by...

7.5CVSS6.7AI score0.04055EPSS

Exploits3References3

Nuclei•added 13 hours ago•14 views

Label Studio < 1.16.0 - Cross-Site Scripting

Label Studio prior to version 1.16.0 contains a cross-site scripting caused by rendering unsanitized user-provided HTML in the /projects/upload-example endpoint, letting attackers execute arbitrary JavaScript via crafted labelconfig in a GET request, exploit requires victims to visit malicious UR...

6.1CVSS5.9AI score0.01778EPSS

Exploits2References2

Nuclei•added 2026/06/04 3:48 a.m.•11 views

Label Studio < 1.18.0 - Reflected XSS

Label Studio 1.18.0 contains a stored XSS caused by improper sanitization in POST /projects/upload-example/ endpoint, letting attackers inject malicious scripts to hijack sessions and perform unauthorized actions, exploit requires sending crafted requests. id: CVE-2025-47783 info: name: Label...

7.6CVSS5.8AI score0.0054EPSS

Exploits1References1

Chainguard•added 2026/05/18 7:17 p.m.•9 views

GHSA-C38F-WX89-P2XG vulnerabilities

Vulnerabilities for packages: label-studio...

5.8AI score

Exploits0

Chainguard•added 2026/05/18 7:17 p.m.•11 views

CVE-2026-44660 vulnerabilities

Vulnerabilities for packages: label-studio...

8.7CVSS5.8AI score0.00421EPSS

Exploits1

Chainguard•added 2026/03/16 7:17 p.m.•3 views

GHSA-752W-5FWX-JX9F vulnerabilities

Vulnerabilities for packages: ggshield, keep-fips, vllm-openai-cuda-12.9, datadog-agent-fips, litellm, az, superset, kserve, awx, open-webui, airflow-core, airflow, metaflow-service-fips, authentik, py3-cassandra-medusa, semgrep, authentik-fips, opal, request-1276, datadog-agent, keep,...

5.8AI score

Exploits0

Chainguard•added 2026/03/16 7:17 p.m.•3 views

CVE-2026-32597 vulnerabilities

7.5CVSS6.7AI score0.00198EPSS

Exploits1

Chainguard•added 2026/03/16 7:17 p.m.•10 views

CVE-2026-32274 vulnerabilities

Vulnerabilities for packages: kserve, open-webui, nemo, label-studio...

8.7CVSS7.3AI score0.00424EPSS

Exploits0

Chainguard•added 2026/03/16 7:17 p.m.•5 views

GHSA-3936-CMFR-PM3M vulnerabilities

Vulnerabilities for packages: kserve, open-webui, nemo, label-studio...

5.8AI score

Exploits0

Chainguard•added 2026/03/10 7:18 p.m.•2 views

GHSA-XVP8-3MHV-424C vulnerabilities

Vulnerabilities for packages: label-studio...

5.8AI score

Exploits0

Chainguard•added 2026/03/10 7:18 p.m.•1 views

GHSA-HW26-MMPG-FQFG vulnerabilities

Vulnerabilities for packages: label-studio...

5.8AI score

Exploits0

Chainguard•added 2026/03/10 7:18 p.m.•5 views

CVE-2026-28348 vulnerabilities

Vulnerabilities for packages: label-studio...

6.1CVSS5.8AI score0.00228EPSS

Exploits1

Chainguard•added 2026/03/10 7:18 p.m.•3 views

CVE-2026-28350 vulnerabilities

Vulnerabilities for packages: label-studio...

6.1CVSS5.8AI score0.00254EPSS

Exploits1

Chainguard•added 2026/01/29 1:27 p.m.•8 views

CVE-2026-22033 vulnerabilities

Vulnerabilities for packages: label-studio...

8.6CVSS5.9AI score0.00207EPSS

Exploits1

Chainguard•added 2026/01/29 1:27 p.m.•1 views

GHSA-2MQ9-HM29-8QCH vulnerabilities

Vulnerabilities for packages: label-studio...

5.9AI score

Exploits0

Veracode•added 2026/01/22 9:42 a.m.•5 views

Stored Cross-Site Scripting (XSS)

labelstudio is vulnerable to stored cross-site scripting XSS.The vulnerability is due to insufficient sanitization of user-controlled input in the customhotkeys functionality, which allows an authenticated attacker or one who tricks a user/admin to inject malicious JavaScript that executes in oth...

8.6CVSS5.8AI score0.00207EPSS

Exploits1References5Affected Software1

RedhatCVE•added 2026/01/13 10:52 p.m.•3 views

CVE-2026-22033

Label Studio is a multi-type data labeling and annotation tool. In 1.22.0 and earlier, a persistent stored cross-site scripting XSS vulnerability exists in the customhotkeys functionality of the application. An authenticated attacker or one who can trick a user/administrator into updating their...

8.6CVSS5.7AI score0.00207EPSS

Exploits1References1