VYPR

Cvat

by Cvat AI

Source repositories

CVEs (17)

  • CVE-2026-44369HigMay 13, 2026
    risk 0.48cvss epss 0.00

    CVAT is an open source interactive video and image annotation tool for computer vision. From 2.5.0 to 2.63.0, an attacker who is able to create or edit an annotation guide on a task is able to add malicious JavaScript code, which will then run in the browser of anyone who opens…

  • CVE-2025-64485MedNov 8, 2025
    risk 0.34cvss epss 0.00

    CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.4.0 through 2.48.1, a malicious CVAT user with at least the User global role may create files in the root of the mounted file share, or overwrite existing files. If no file…

  • CVE-2026-23526Jan 21, 2026
    risk 0.00cvss epss 0.00

    CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.0.0 through 2.54.0, users that have the staff status may freely change their permissions, including giving themselves superuser status and joining the admin group, which gives…

  • CVE-2026-23516Jan 21, 2026
    risk 0.00cvss epss 0.00

    CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a maliciously crafted label in…

  • CVE-2025-68430Dec 19, 2025
    risk 0.00cvss epss 0.00

    CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed…

  • CVE-2025-54573Jul 30, 2025
    risk 0.00cvss epss 0.00

    CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email addresses and use the…

  • CVE-2025-49135Jun 25, 2025
    risk 0.00cvss epss 0.00

    CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 have no validation during the import process of a project or task backup to check that the filename specified in the query parameter refers to a TUS-uploaded…

  • CVE-2025-48381May 30, 2025
    risk 0.00cvss epss 0.00

    Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. In versions starting from 2.4.0 to before 2.38.0, an authenticated CVAT user may be able to retrieve the IDs and names of all tasks, projects, labels, and the IDs of all…

  • CVE-2025-23045Jan 28, 2025
    risk 0.00cvss epss 0.00

    Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with an account on an affected CVAT instance is able to run arbitrary code in the context of the Nuclio function container. This vulnerability affects CVAT…

  • CVE-2024-47172Sep 30, 2024
    risk 0.00cvss epss 0.00

    Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account may retrieve certain information about any project, task, job or membership resource on the CVAT instance. The information exposed in…

  • CVE-2024-47064Sep 30, 2024
    risk 0.00cvss epss 0.00

    Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the…

  • CVE-2024-47063Sep 30, 2024
    risk 0.00cvss epss 0.00

    Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing task can trick another logged-in user into visiting a maliciously-constructed URL,…

  • CVE-2024-45393Sep 10, 2024
    risk 0.00cvss epss 0.00

    Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each…

  • CVE-2024-37306Jun 13, 2024
    risk 0.00cvss epss 0.00

    Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export…

  • CVE-2024-37164Jun 13, 2024
    risk 0.00cvss epss 0.00

    Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an…

  • CVE-2022-27234Feb 16, 2023
    risk 0.00cvss epss 0.00

    Server-side request forgery in the CVAT software maintained by Intel(R) before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access.

  • CVE-2022-31188Aug 1, 2022
    risk 0.00cvss epss 0.48

    CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users…