GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
5 advisories
Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint
Moderate
CVE-2025-25296
was published
for
label-studio
(pip)
Feb 14, 2025
Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint
High
CVE-2025-25297
was published
for
label-studio
(pip)
Feb 14, 2025
Label Studio has a Path Traversal Vulnerability via image Field
High
CVE-2025-25295
was published
for
label-studio-sdk
(pip)
Feb 14, 2025
Crayfish Allows Remote Code Execution via hypercube X-Islandora-Args Header
Critical
GHSA-c2p2-hgjg-9r3f
was published
for
islandora/crayfish
(Composer)
Feb 12, 2025
S3Proxy allows insecure path traversal in filesystem and filesystem-nio2 storage backends
Moderate
CVE-2025-24961
was published
for
org.gaul:s3proxy
(Maven)
Feb 3, 2025
ProTip!
Advisories are also available from the
GraphQL API