Albumentations
General Information
| Field | Value |
|---|---|
| Package Name | albumentations |
| Manufacturer / Vendor | Vladimir Iglovikov / albumentations-team and contributors |
| Software Category | Library |
| Primary Documentation | Documentation, GitHub, PyPI |
| Programming Language(s) | Python |
| License | MIT License |
| Deployed Version(s) | >=1.4.0, >=2.0.0 (version-locked at 2.0.8) |
| Most Recent Available Version | 2.0.8 |
| Last Review Date | 2026-01-26 |
Overview
Albumentations is a fast and flexible image augmentation library for deep learning and computer vision applications. The library provides over 70 high-quality image transforms with a unified API supporting images, masks, bounding boxes, keypoints, and volumetric data. It is benchmarked as one of the fastest augmentation libraries available and is widely adopted in the computer vision community (15.3k+ GitHub stars).
Within the medical device software, albumentations serves as the standardized image preprocessing layer for AI inference pipelines. The library is integrated into the legithp-expert framework through the computer_vision and segmentation optional dependencies, enabling consistent preprocessing across all AI expert microservices. Specifically, albumentations is used for:
- Deterministic inference preprocessing: Building reproducible preprocessing pipelines that exactly match the data science team's training-time preprocessing, ensuring model inference accuracy
- Geometric normalization: Resizing images to fixed input dimensions using aspect-ratio-preserving transforms (
LongestMaxSize,SmallestMaxSize) combined with padding (PadIfNeeded) or cropping (CenterCrop) strategies - Intensity normalization: Standardizing pixel values using ImageNet-derived mean and standard deviation parameters via the
Normalizetransform - PyTorch tensor conversion: Converting preprocessed NumPy arrays to PyTorch tensors using the
ToTensorV2transform
The library was selected for its performance optimization (C-accelerated transforms), comprehensive transform coverage, consistent API across different preprocessing strategies, strong compatibility with PyTorch workflows, and permissive MIT licensing suitable for commercial medical device software.
Functional Requirements
The following functional capabilities of this SOUP are relied upon by the medical device software.
| Requirement ID | Description | Source / Reference |
|---|---|---|
| FR-001 | Compose multiple transforms into a sequential preprocessing pipeline | albumentations.Compose class |
| FR-002 | Resize images by longest edge while preserving aspect ratio | albumentations.LongestMaxSize transform |
| FR-003 | Resize images by shortest edge while preserving aspect ratio | albumentations.SmallestMaxSize transform |
| FR-004 | Pad images to minimum dimensions with configurable border mode and fill value | albumentations.PadIfNeeded transform |
| FR-005 | Center-crop images to specified dimensions | albumentations.CenterCrop transform |
| FR-006 | Normalize image pixel values using mean and standard deviation parameters | albumentations.Normalize transform |
| FR-007 | Convert NumPy arrays to PyTorch tensors with channel-first ordering (C, H, W) | albumentations.pytorch.ToTensorV2 transform |
| FR-008 | Support simultaneous transformation of images and segmentation masks with consistent geometry | fill_mask parameter in geometric transforms |
Performance Requirements
The following performance expectations are relevant to the medical device software.
| Requirement ID | Description | Acceptance Criteria |
|---|---|---|
| PR-001 | Image preprocessing shall complete within acceptable API latency bounds | Preprocessing completes within overall request timeout |
| PR-002 | Memory allocation shall be proportional to image dimensions | No memory leaks during repeated preprocessing operations |
| PR-003 | Transform pipeline execution shall be deterministic for inference use | Identical inputs produce identical outputs (p=1.0 default) |
Hardware Requirements
The following hardware dependencies or constraints are imposed by this SOUP component.
| Requirement ID | Description | Notes / Limitations |
|---|---|---|
| HR-001 | Sufficient system memory for image pixel data | Memory requirements scale with image resolution (width x height x channels) |
| HR-002 | x86-64 or ARM64 processor architecture | Pre-built wheels available for common platforms |
Software Requirements
The following software dependencies and environmental assumptions are required by this SOUP component.
| Requirement ID | Description | Dependency / Version Constraints |
|---|---|---|
| SR-001 | Python runtime environment | Python >=3.9 |
| SR-002 | NumPy for array operations and image representation | numpy (bundled dependency) |
| SR-003 | OpenCV for image processing operations | opencv-python-headless (bundled dependency) |
| SR-004 | albucore for core transform implementations | albucore >=0.0.24 (bundled dependency) |
| SR-005 | PyTorch for tensor conversion (optional pytorch extra) | torch (required for ToTensorV2) |
Known Anomalies Assessment
This section evaluates publicly reported issues, defects, or security vulnerabilities associated with this SOUP component and their relevance to the medical device software.
| Anomaly Reference | Status | Applicable | Rationale | Reviewed At |
|---|---|---|---|---|
| Repository archived (July 2025) | Archived | No | The library is feature-complete for the device's inference preprocessing needs. Version 2.0.8 is stable and locked. No training-time augmentation features requiring active updates are used | 2026-01-26 |
| NumPy CVE-2025-47273 (arbitrary code execution) | Fixed | No | Affects NumPy versions prior to security patches; the device uses version-constrained NumPy dependencies that include security fixes | 2026-01-26 |
As of the review date, no security vulnerabilities have been reported in the National Vulnerability Database (NVD) or GitHub Security Advisories specifically for the albumentations package. According to Snyk's security analysis, the package has been scanned and no known vulnerabilities have been identified (health score: 64/100). The primary maintenance concern is the archived repository status; however, this does not impact the device's use case.
The device's usage pattern minimizes risk exposure:
- Inference-only preprocessing: The device uses albumentations exclusively for deterministic inference preprocessing, not for training-time data augmentation. This means no stochastic transforms, random seeds, or augmentation variations are applied, eliminating potential sources of non-deterministic behavior
- Limited transform surface: Only six transforms are used:
Compose,LongestMaxSize,SmallestMaxSize,PadIfNeeded,CenterCrop,Normalize, andToTensorV2. No experimental, deprecated, or complex transforms are utilized - Version locking: Requirements lock files pin albumentations to version 2.0.8 with corresponding albucore 0.0.24, ensuring reproducible and auditable deployments
- No external data loading: All transforms operate on internally validated image data; no file paths, URLs, or external resources are passed to albumentations functions
- Deterministic execution: All transform probabilities are set to 1.0 (default), ensuring deterministic preprocessing behavior
Risk Control Measures
The following risk control measures are implemented to mitigate potential security and operational risks associated with this SOUP component:
- Version locking via requirements_lock.txt files ensures reproducible deployments
- Only deterministic preprocessing transforms are used (no stochastic augmentation)
- All image data is validated before preprocessing
- Underlying NumPy and OpenCV versions are maintained with security patches
Assessment Methodology
Known anomalies were identified and assessed using the following methodology:
-
Sources consulted:
- National Vulnerability Database (NVD) search for "albumentations"
- GitHub Security Advisories for the albumentations-team/albumentations repository
- Snyk vulnerability database for package security analysis
- PyPI package security reports
- Dependency vulnerability scanners (pip-audit, safety)
- NumPy and OpenCV security advisories (as primary dependencies)
-
Criteria for determining applicability:
- Vulnerability must affect deployed version (2.0.8)
- Vulnerability must be exploitable in the device's inference preprocessing context
- Vulnerability must impact the specific transforms used (
Compose,LongestMaxSize,SmallestMaxSize,PadIfNeeded,CenterCrop,Normalize,ToTensorV2)
Signature meaning
The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:
- Author: Team members involved
- Reviewer: JD-003, JD-004
- Approver: JD-001