Humansignal Label-studio
11 CVEs affecting Humansignal Label-studio. Latest disclosed: 2026-01-12. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-43791 | Critical | 9.8 | 2023-11-09 | Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Lea… |
CVE-2025-25297 | High | 8.6 | 2025-02-14 | Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's S3 storage integration feature contains a Server-Side Request Forger… |
CVE-2023-47117 | High | 7.5 | 2023-11-13 | Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set… |
CVE-2023-47115 | High | 7.1 | 2024-01-23 | Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting (XSS) vulnerability that could be exploited wh… |
CVE-2025-25296 | Medium | 6.1 | 2025-02-14 | Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's `/projects/upload-example` endpoint allows injection of arbitrary HT… |
CVE-2023-47116 | Medium | 5.3 | 2024-01-31 | Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8… |
CVE-2024-26152 | Medium | 4.7 | 2024-02-22 | ### Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a [`Ch… |
CVE-2024-23633 | Medium | 4.7 | 2024-01-23 | Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and coul… |
CVE-2026-22033 | | 2026-01-12 | Label Studio is a multi-type data labeling and annotation tool. In 1.22.0 and earlier, a persistent stored cross-site scripting (XSS) vulnerability exists in t… | |
CVE-2025-47783 | | 2025-05-14 | Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script int… | |
CVE-2025-25295 | | 2025-02-14 | Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access… |