Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

cvat-ai — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting cvat-ai. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by cvat-ai:cvat
CVE IDTitleCVSSSeverityPublished
CVE-2026-23526 CVAT vulnerable to privilege escalation of users with staff status — cvatCWE-267 6.5AIMediumAI2026-01-21
CVE-2026-23516 CVAT vulnerable to XSS via skeleton SVG images — cvatCWE-83 6.5AIMediumAI2026-01-21
CVE-2025-68430 CVAT vulnerable to directory traversal via mounted share listing — cvatCWE-24 4.3AIMediumAI2025-12-19
CVE-2025-64485 CVAT: Mounted share file overwrite via crafted request — cvatCWE-22 7.1 -2025-11-07
CVE-2025-54573 CVAT vulnerable to email verification bypass by use of basic authentication — cvatCWE-287 4.3 Medium2025-07-30
CVE-2025-49135 CVAT missing validation for in-progress backup upload names — cvatCWE-639 6.5AIMediumAI2025-06-25
CVE-2025-48381 CVAT has information disclosure via browsable API — cvatCWE-201 4.3AIMediumAI2025-05-30
CVE-2025-23045 CVAT allows remote code execution via tracker Nuclio functions — cvatCWE-502 8.8 -2025-01-28
CVE-2024-47172 Computer Vision Annotation Tool (CVAT) access control is broken in several PATCH endpoints — cvatCWE-863 5.4 Medium2024-09-30
CVE-2024-47064 Computer Vision Annotation Tool (CVAT) contains a reflected XSS via request endpoints — cvatCWE-79 6.5 -2024-09-30
CVE-2024-47063 Computer Vision Annotation Tool (CVAT) contains a stored XSS via the quality report data endpoint — cvatCWE-79 6.5 -2024-09-30
CVE-2024-45393 Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries — cvatCWE-862 6.4 Medium2024-09-10
CVE-2024-37306 CVAT's export and backup-related API endpoints are susceptible to CSRF — cvatCWE-352 7.1 High2024-06-13
CVE-2024-37164 CVAT SSRF via custom cloud storage endpoints — cvatCWE-918 7.1 High2024-06-13
CVE-2022-31188 Server-Side Request Forgery Vulnerability in Computer Vision Annotation Tool (CVAT) — cvatCWE-918 8.6 High2022-08-01

This page lists every published CVE security advisory associated with cvat-ai. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.