Security Overview · HumanSignal/label-studio · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

[XBOW-025-020] Path Traversal Vulnerability in Label Studio via image Field
GHSA-rgv9-w7jp-m23g published Feb 14, 2025 by jombooth

High
[XBOW-024-119] Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint
GHSA-wpq5-3366-mqw4 published Feb 14, 2025 by jombooth

Moderate
[XBOW-024-151] Server-Side Request Forgery in Label Studio S3 Storage Endpoint
GHSA-m238-fmcw-wh58 published Feb 14, 2025 by jombooth

High
XSS Vulnerability if `<Choices>` or `<Labels>` are used in labeling config
GHSA-6xv9-957j-qfhg published Feb 22, 2024 by jombooth

Moderate
XSS Vulnerability on Data Import
GHSA-fq23-g58m-799r published Jan 23, 2024 by jombooth

Moderate
Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
GHSA-f475-x83m-rx5m published Nov 8, 2023 by jombooth

Critical
XSS Vulnerability on Avatar Upload
GHSA-q68h-xwq5-mm7x published Jan 23, 2024 by jombooth

Moderate
Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections
GHSA-p59w-9gqw-wj8r published Jan 30, 2024 by jombooth

Moderate
Object Relational Mapper Leak Vulnerability in Filtering Task
GHSA-6hjj-gq77-j4qw published Nov 13, 2023 by jombooth

High
Nginx alias path traversal allows unauthenticated attackers to read all files on /label_studio/core/
GHSA-cpmr-mw4j-99r7 published Mar 24, 2023 by farioas

High

Learn more about advisories related to HumanSignal/label-studio in the GitHub Advisory Database