apk package
chainguard/label-studio
pkg:apk/chainguard/label-studio
Vulnerabilities (36)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-44660 | Hig | 7.5 | < 1.23.0-r5 | 1.23.0-r5 | May 27, 2026 | UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump() writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each fa | |
| CVE-2026-44432 | Hig | 7.5 | < 1.23.0-r5 | 1.23.0-r5 | May 13, 2026 | urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) w | |
| CVE-2026-44431 | Med | 5.3 | < 1.23.0-r5 | 1.23.0-r5 | May 13, 2026 | urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0. | |
| CVE-2026-41066 | Hig | 7.5 | < 1.23.0-r4 | 1.23.0-r4 | Apr 24, 2026 | lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_entities option explicitly to resolv | |
| CVE-2026-39892 | Cri | 9.8 | < 1.23.0-r3 | 1.23.0-r3 | Apr 8, 2026 | cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulner | |
| CVE-2026-4292 | Low | 2.7 | < 1.23.0-r3 | 1.23.0-r3 | Apr 7, 2026 | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using `ModelAdmin.list_editable` incorrectly allowed new instances to be created via forged `POST` data. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3. | |
| CVE-2026-4277 | Cri | 9.8 | < 1.23.0-r3 | 1.23.0-r3 | Apr 7, 2026 | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged `POST` data in `GenericInlineModelAdmin`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2 | |
| CVE-2026-3902 | Hig | 7.5 | < 1.23.0-r3 | 1.23.0-r3 | Apr 7, 2026 | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `ASGIRequest` allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants (with hyphens or with underscores) to a single version with underscores. Earlie | |
| CVE-2026-33034 | Hig | 7.5 | < 1.23.0-r3 | 1.23.0-r3 | Apr 7, 2026 | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated `Content-Length` header could bypass the `DATA_UPLOAD_MAX_MEMORY_SIZE` limit when reading `HttpRequest.body`, allowing remote attackers to load an | |
| CVE-2026-33033 | Med | 6.5 | < 1.23.0-r3 | 1.23.0-r3 | Apr 7, 2026 | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `MultiPartParser` allows remote attackers to degrade performance by submitting multipart uploads with `Content-Transfer-Encoding: base64` including excessive whitespace. Earlier, unsupported Dj | |
| CVE-2026-25645 | — | < 1.23.0-r1 | 1.23.0-r1 | Mar 25, 2026 | Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without valid | ||
| CVE-2026-4539 | Low | 3.3 | < 1.23.0-r2 | 1.23.0-r2 | Mar 22, 2026 | A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit | |
| CVE-2026-33231 | — | < 1.23.0-r1 | 1.23.0-r1 | Mar 20, 2026 | NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` allows unauthenticated remote shutdown of the local WordNet B | ||
| CVE-2026-33230 | — | < 1.23.0-r1 | 1.23.0-r1 | Mar 20, 2026 | NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` contains a reflected cross-site scripting issue in the `looku | ||
| CVE-2026-30922 | Hig | 7.5 | < 1.23.0-r1 | 1.23.0-r1 | Mar 18, 2026 | pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousa | |
| CVE-2026-32597 | Hig | 7.5 | < 1.23.0-r0 | 1.23.0-r0 | Mar 13, 2026 | PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token i | |
| CVE-2026-32274 | — | < 1.23.0-r0 | 1.23.0-r0 | Mar 12, 2026 | Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker wh | ||
| CVE-2026-28350 | — | < 1.22.0-r7 | 1.22.0-r7 | Mar 5, 2026 | lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While page_structure=True removes html, head, and title tags, there is no specific handling for < | ||
| CVE-2026-28348 | — | < 1.22.0-r7 | 1.22.0-r7 | Mar 5, 2026 | lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the _has_sneaky_javascript() method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import | ||
| CVE-2026-25674 | — | < 1.22.0-r7 | 1.22.0-r7 | Mar 3, 2026 | An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, w |
- affected < 1.23.0-r5fixed 1.23.0-r5
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump() writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each fa
- affected < 1.23.0-r5fixed 1.23.0-r5
urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) w
- affected < 1.23.0-r5fixed 1.23.0-r5
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.
- affected < 1.23.0-r4fixed 1.23.0-r4
lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_entities option explicitly to resolv
- affected < 1.23.0-r3fixed 1.23.0-r3
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulner
- affected < 1.23.0-r3fixed 1.23.0-r3
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using `ModelAdmin.list_editable` incorrectly allowed new instances to be created via forged `POST` data. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.
- affected < 1.23.0-r3fixed 1.23.0-r3
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged `POST` data in `GenericInlineModelAdmin`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2
- affected < 1.23.0-r3fixed 1.23.0-r3
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `ASGIRequest` allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants (with hyphens or with underscores) to a single version with underscores. Earlie
- affected < 1.23.0-r3fixed 1.23.0-r3
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated `Content-Length` header could bypass the `DATA_UPLOAD_MAX_MEMORY_SIZE` limit when reading `HttpRequest.body`, allowing remote attackers to load an
- affected < 1.23.0-r3fixed 1.23.0-r3
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `MultiPartParser` allows remote attackers to degrade performance by submitting multipart uploads with `Content-Transfer-Encoding: base64` including excessive whitespace. Earlier, unsupported Dj
- CVE-2026-25645Mar 25, 2026affected < 1.23.0-r1fixed 1.23.0-r1
Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without valid
- affected < 1.23.0-r2fixed 1.23.0-r2
A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit
- CVE-2026-33231Mar 20, 2026affected < 1.23.0-r1fixed 1.23.0-r1
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` allows unauthenticated remote shutdown of the local WordNet B
- CVE-2026-33230Mar 20, 2026affected < 1.23.0-r1fixed 1.23.0-r1
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` contains a reflected cross-site scripting issue in the `looku
- affected < 1.23.0-r1fixed 1.23.0-r1
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousa
- affected < 1.23.0-r0fixed 1.23.0-r0
PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token i
- CVE-2026-32274Mar 12, 2026affected < 1.23.0-r0fixed 1.23.0-r0
Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker wh
- CVE-2026-28350Mar 5, 2026affected < 1.22.0-r7fixed 1.22.0-r7
lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While page_structure=True removes html, head, and title tags, there is no specific handling for <
- CVE-2026-28348Mar 5, 2026affected < 1.22.0-r7fixed 1.22.0-r7
lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the _has_sneaky_javascript() method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import
- CVE-2026-25674Mar 3, 2026affected < 1.22.0-r7fixed 1.22.0-r7
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, w
Page 1 of 2