HIGH PyPI
GHSA-2mq9-hm29-8qch · CVE-2026-22033 Label Studio is vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field
수정: 2026. 2. 19.
package
PyPI / label-studio
pkg:pypi/label-studio
HIGH 7.5 PyPI
GHSA-6hjj-gq77-j4qw · CVE-2023-47117, PYSEC-2023-275 Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task
수정: 2024. 11. 22.
MEDIUM 4.7 PyPI
GHSA-6xv9-957j-qfhg · CVE-2024-26152, PYSEC-2024-249 Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config
수정: 2026. 6. 10.
HIGH PyPI
GHSA-8jhr-wpcm-hh4h · CVE-2025-47783, PYSEC-2025-124 label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter.
수정: 2026. 6. 6.
HIGH 7.5 PyPI
GHSA-cpmr-mw4j-99r7 Nginx alias path traversal allows unauthenticated attackers to read all files on /label_studio/core/
수정: 2024. 11. 29.
CRITICAL 9.8 PyPI
GHSA-f475-x83m-rx5m · CVE-2023-43791, PYSEC-2023-274 Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
수정: 2024. 11. 22.
MEDIUM 4.7 PyPI
GHSA-fq23-g58m-799r · CVE-2024-23633, PYSEC-2024-128 Cross-site Scripting Vulnerability on Data Import
수정: 2024. 11. 22.
HIGH 8.6 PyPI
GHSA-m238-fmcw-wh58 · CVE-2025-25297 Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint
수정: 2025. 2. 14.
MEDIUM 5.3 PyPI
GHSA-p59w-9gqw-wj8r · CVE-2023-47116, PYSEC-2024-127 Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections
수정: 2024. 11. 22.
MEDIUM 6.5 PyPI
GHSA-pc6f-259w-w3j6 · CVE-2022-36551, PYSEC-2022-300 Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module
수정: 2024. 9. 27.
HIGH 7.1 PyPI
GHSA-q68h-xwq5-mm7x · CVE-2023-47115, PYSEC-2024-126 Cross-site Scripting Vulnerability on Avatar Upload
수정: 2024. 11. 22.
MEDIUM 6.1 PyPI
GHSA-wpq5-3366-mqw4 · CVE-2025-25296 Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint
수정: 2025. 2. 14.
— PyPI
PYSEC-2022-300 · CVE-2022-36551, GHSA-pc6f-259w-w3j6 수정: 2026. 6. 10.
HIGH 8.8 PyPI
PYSEC-2023-274 · CVE-2023-43791, GHSA-f475-x83m-rx5m 수정: 2024. 11. 21.
HIGH 7.5 PyPI
PYSEC-2023-275 · CVE-2023-47117, GHSA-6hjj-gq77-j4qw 수정: 2024. 11. 21.
MEDIUM 5.4 PyPI
PYSEC-2024-126 · CVE-2023-47115, GHSA-q68h-xwq5-mm7x 수정: 2024. 11. 21.
MEDIUM 5.3 PyPI
PYSEC-2024-127 · CVE-2023-47116, GHSA-p59w-9gqw-wj8r 수정: 2024. 11. 21.
MEDIUM 6.1 PyPI
PYSEC-2024-128 · CVE-2024-23633, GHSA-fq23-g58m-799r 수정: 2024. 11. 21.
MEDIUM 6.1 PyPI
PYSEC-2024-249 · CVE-2024-26152, GHSA-6xv9-957j-qfhg 수정: 2026. 6. 10.
MEDIUM 6.1 PyPI
PYSEC-2025-124 · CVE-2025-47783, GHSA-8jhr-wpcm-hh4h 수정: 2026. 5. 20.