Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

cvat-ai — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting cvat-ai. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CVAT-AI is an open-source computer annotation tool primarily used for labeling visual data in machine learning pipelines. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting attacks, and privilege escalation flaws, with 15 CVEs documented to date. The platform's web interface and API have been frequent attack vectors due to insufficient input validation and authentication bypasses. While no major public security incidents have been reported, the consistent discovery of critical vulnerabilities suggests ongoing security challenges for organizations deploying this tool in production environments.

Top products by cvat-ai: cvat
CVE IDTitleCVSSSeverityPublished
CVE-2026-23526 CVAT vulnerable to privilege escalation of users with staff status — cvatCWE-267 6.5AIMediumAI2026-01-21
CVE-2026-23516 CVAT vulnerable to XSS via skeleton SVG images — cvatCWE-83 6.5AIMediumAI2026-01-21
CVE-2025-68430 CVAT vulnerable to directory traversal via mounted share listing — cvatCWE-24 4.3AIMediumAI2025-12-19
CVE-2025-64485 CVAT: Mounted share file overwrite via crafted request — cvatCWE-22 7.1 -2025-11-07
CVE-2025-54573 CVAT vulnerable to email verification bypass by use of basic authentication — cvatCWE-287 4.3 Medium2025-07-30
CVE-2025-49135 CVAT missing validation for in-progress backup upload names — cvatCWE-639 6.5AIMediumAI2025-06-25
CVE-2025-48381 CVAT has information disclosure via browsable API — cvatCWE-201 4.3AIMediumAI2025-05-30
CVE-2025-23045 CVAT allows remote code execution via tracker Nuclio functions — cvatCWE-502 8.8 -2025-01-28
CVE-2024-47172 Computer Vision Annotation Tool (CVAT) access control is broken in several PATCH endpoints — cvatCWE-863 5.4 Medium2024-09-30
CVE-2024-47064 Computer Vision Annotation Tool (CVAT) contains a reflected XSS via request endpoints — cvatCWE-79 6.5 -2024-09-30
CVE-2024-47063 Computer Vision Annotation Tool (CVAT) contains a stored XSS via the quality report data endpoint — cvatCWE-79 6.5 -2024-09-30
CVE-2024-45393 Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries — cvatCWE-862 6.4 Medium2024-09-10
CVE-2024-37306 CVAT's export and backup-related API endpoints are susceptible to CSRF — cvatCWE-352 7.1 High2024-06-13
CVE-2024-37164 CVAT SSRF via custom cloud storage endpoints — cvatCWE-918 7.1 High2024-06-13
CVE-2022-31188 Server-Side Request Forgery Vulnerability in Computer Vision Annotation Tool (CVAT) — cvatCWE-918 8.6 High2022-08-01

This page lists every published CVE security advisory associated with cvat-ai. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.