Humansignal Label Studio — known CVE vulnerabilities
Every CVE whose affected-product data names Humansignal Label Studio, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2023-43791 — CVSS 9.8 (critical): Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be…
CVE-2025-25297 — CVSS 8.6 (high): Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's S3 storage integration feature contains a…
CVE-2023-47117 — CVSS 7.5 (high): Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows…
CVE-2023-47115 — CVSS 7.1 (high): Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting (XSS) vulnerability that…
CVE-2025-25296 — CVSS 6.1 (medium): Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's `/projects/upload-example` endpoint allows…
CVE-2025-47783 — CVSS 6.1 (medium): Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a…
CVE-2026-22033 — CVSS 5.4 (medium): Label Studio is a multi-type data labeling and annotation tool. In 1.22.0 and earlier, a persistent stored cross-site scripting (XSS)…
CVE-2023-47116 — CVSS 5.3 (medium): Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was…
CVE-2024-26152 — CVSS 4.7 (medium): ### Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being…
CVE-2024-23633 — CVSS 4.7 (medium): Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was…