Vulnerabilidades em HumanSignal
12 resultadosCVE-2023-47117HIGHObject Relational Mapper Leak Vulnerability in Filtering Task in Label StudioEPSS 4.1%CVE-2024-26152MEDIUMLabel Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config EPSS 2.2%CVE-2025-25296MEDIUMLabel Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpointEPSS 1.8%CVE-2023-47115HIGHLabel Studio XSS Vulnerability on Avatar UploadEPSS 1.4%CVE-2023-43791CRITICALLabel Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session TokensEPSS 1.2%CVE-2023-47116MEDIUMLabel Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` ProtectionsEPSS 0.7%CVE-2025-25295HIGHLabel Studio has a Path Traversal Vulnerability via image FieldEPSS 0.7%CVE-2024-23633MEDIUM Label Studio XSS Vulnerability on Data ImportEPSS 0.6%CVE-2025-25297HIGHLabel Studio allows Server-Side Request Forgery in the S3 Storage EndpointEPSS 0.5%CVE-2025-47783HIGHlabel-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter.EPSS 0.5%CVE-2026-22033HIGHLabel Studio vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys fieldEPSS 0.2%CVE-2025-5173MEDIUMHumanSignal label-studio-ml-backend PT File neural_nets.py load deserializationEPSS 0.2%