brin
brin

label-studio

PyPI

Is label-studio safe to use?

Based on the latest brin safety scan, no vulnerabilities or threats were detected for label-studio v1.22.0. Trust score: 80/100. 1 known CVE, no detected threat patterns, and no suspicious capabilities identified. This is an automated, point-in-time assessment.

Install (safety-checked)

label-studio Passed Security Checks

No security concerns detected

clean
CVEs

1

Threats

0

Install Scripts

0

Risk Indicators

  • GHSA-2mq9-hm29-8qch: UNKNOWN

label-studio CVE Vulnerabilities (1)

GHSA-2mq9-hm29-8qch

Label Studio is vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field

No Concerns Detected

No security concerns detected in the latest brin assessment. This is an automated, point-in-time evaluation — security posture may change.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

label-studio Capabilities & Permissions

What label-studio can access when installed. Review these capabilities before using with AI agents like Cursor, Claude Code, or Codex.

Network Access

This package makes network requests.

*.analytics.google.com*.g.double*.google-analytics.com*.google.com*.googletagmanager.com*.ingest.sentry.io0.0.0.010.0.0.010.255.255.255127.0.0.0+49 more
Protocols: http, https, tcp

Filesystem Access

Reads and writes to the filesystem.

/etc/ (rw).env (rw).env (rw).env (rw).env (rw).env (rw)/etc/ (rw).env (rw)+7 more

Process Spawning

This package can spawn child processes.

Environment Variables

Accesses the following environment variables.

AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEYAWS_SECURITY_TOKENAWS_SESSION_TOKENAZURE_BLOB_ACCOUNT_KEYAZURE_BLOB_ACCOUNT_NAMEBRANCH_OVERRIDECONTENT_LENGTHDJANGO_ALLOW_ASYNC_UNSAFEHOSTNAME+8 more

Native Modules

Contains native code that runs outside the JavaScript sandbox.

numpypandas

AGENTS.md for label-studio

Good instructions lead to good results. brin adds label-studio documentation to your AGENTS.md so your agent knows how to use it properly—improving both safety and performance.

brin init

Vercel's research: 100% accuracy with AGENTS.md vs 53% without →

label-studio Documentation & Source Code

For the full label-studio README, API documentation, and source code, visit the official package registry.

View on PyPIView SourceHomepage

Frequently asked questions about label-studio safety

Weekly Downloads

N/A

Version

1.22.0

License

Apache-2.0

Last Scanned

Feb 12, 2026

Trust Score

80/100·Legitimacy signals, not safety

CVEs (1)

GHSA-2mq9-hm29-8qch

Label Studio is vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field

Capabilities

Network

Connects to: *.analytics.google.com, *.g.double, *.google-analytics.com...

Filesystem

Reads & Writes files

Process

Spawns child processes

Environment

Accesses: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SECURITY_TOKEN...

Native

Contains native modules

Is label-studio Safe? | PyPI Safety Scan - brin