cvat

Top products

The 15 most recently published vulnerabilities affecting cvat.

• CVE-2026-23526CVAT vulnerable to privilege escalation of users with staff status8.8Jan 21, 2026
• CVE-2026-23516CVAT vulnerable to XSS via skeleton SVG images5.4Jan 21, 2026
• CVE-2025-68430CVAT vulnerable to directory traversal via mounted share listing4.3Dec 19, 2025
• CVE-2025-54573CVAT vulnerable to email verification bypass by use of basic authentication4.3Jul 30, 2025
• CVE-2025-49135CVAT missing validation for in-progress backup upload names6.5Jun 25, 2025
• CVE-2025-48381CVAT has information disclosure via browsable API4.3May 30, 2025
• CVE-2025-23045CVAT allows remote code execution via tracker Nuclio functions9.8Jan 28, 2025
• CVE-2024-47172Computer Vision Annotation Tool (CVAT) access control is broken in several PATCH endpoints5.4Sep 30, 2024
• CVE-2024-47064Computer Vision Annotation Tool (CVAT) contains a reflected XSS via request endpoints6.1Sep 30, 2024
• CVE-2024-47063Computer Vision Annotation Tool (CVAT) contains a stored XSS via the quality report data endpoint6.1Sep 30, 2024
• CVE-2024-45393Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries6.4Sep 10, 2024
• CVE-2024-37306CVAT's export and backup-related API endpoints are susceptible to CSRF7.1Jun 13, 2024
• CVE-2024-37164CVAT SSRF via custom cloud storage endpoints7.1Jun 13, 2024
• CVE-2022-31188Server-Side Request Forgery Vulnerability in Computer Vision Annotation Tool (CVAT)8.6Aug 1, 2022
• CVE-2021-45046Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attackKEV9.0Dec 14, 2021