Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HumanSignal — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting HumanSignal. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HumanSignal provides a data labeling platform for machine learning training, with 12 CVEs recorded historically. Common vulnerabilities include remote code execution, cross-site scripting, and privilege escalation, often stemming from input validation flaws and improper access controls. The platform's web interface and API have been repeatedly affected by issues allowing unauthorized access or code execution. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in web components suggests ongoing security challenges in maintaining secure access controls and input sanitization across their labeling infrastructure.

Top products by HumanSignal: label-studio label-studio-ml-backend
CVE IDTitleCVSSSeverityPublished
CVE-2026-22033 Label Studio vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field — label-studioCWE-79 5.4AIMediumAI2026-01-12
CVE-2025-5173 HumanSignal label-studio-ml-backend PT File neural_nets.py load deserialization — label-studio-ml-backendCWE-502 5.3 Medium2025-05-26
CVE-2025-47783 label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter. — label-studioCWE-79 8.2AIHighAI2025-05-14
CVE-2025-25297 Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint — label-studioCWE-918 8.6 High2025-02-14
CVE-2025-25296 Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint — label-studioCWE-79 6.1 Medium2025-02-14
CVE-2025-25295 Label Studio has a Path Traversal Vulnerability via image Field — label-studioCWE-22 7.5 -2025-02-14
CVE-2024-26152 Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config — label-studioCWE-79 4.7 Medium2024-02-22
CVE-2023-47116 Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections — label-studioCWE-918 5.3 Medium2024-01-31
CVE-2024-23633 Label Studio XSS Vulnerability on Data Import — label-studioCWE-79 4.7 Medium2024-01-23
CVE-2023-47115 Label Studio XSS Vulnerability on Avatar Upload — label-studioCWE-79 7.1 High2024-01-23
CVE-2023-47117 Object Relational Mapper Leak Vulnerability in Filtering Task in Label Studio — label-studioCWE-200 7.5 High2023-11-13
CVE-2023-43791 Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens — label-studioCWE-200 9.8 Critical2023-11-09

This page lists every published CVE security advisory associated with HumanSignal. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.