Vulnerabilities > Lunary > Lunary > 1.3.0

DATE CVE VULNERABILITY TITLE RISK
2025-03-20 CVE-2024-11300 Unspecified vulnerability in Lunary
In lunary-ai/lunary before version 1.6.3, an improper access control vulnerability exists where a user can access prompt data of another user.
network
low complexity
lunary
6.5
6.5
2025-03-20 CVE-2024-8998 Unspecified vulnerability in Lunary
A Regular Expression Denial of Service (ReDoS) vulnerability exists in lunary-ai/lunary version git f07a845.
network
low complexity
lunary
7.5
7.5
2025-03-20 CVE-2024-8999 Improper Access Control vulnerability in Lunary
lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint.
network
low complexity
lunary CWE-284
7.5
7.5
2025-03-20 CVE-2024-9098 Improper Access Control vulnerability in Lunary
In lunary-ai/lunary before version 1.4.30, a privilege escalation vulnerability exists where admins can invite new members with billing permissions, thereby gaining unauthorized access to billing resources.
network
low complexity
lunary CWE-284
6.1
6.1
2025-03-20 CVE-2025-0281 Cross-site Scripting vulnerability in Lunary
A stored cross-site scripting (XSS) vulnerability exists in lunary-ai/lunary versions 1.6.7 and earlier.
network
low complexity
lunary CWE-79
5.4
5.4
2024-10-29 CVE-2024-7474 Unspecified vulnerability in Lunary
In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability exists.
network
low complexity
lunary
8.1
8.1
2024-10-29 CVE-2024-7475 Unspecified vulnerability in Lunary
An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization.
network
low complexity
lunary
critical
 9.1
9.1
2024-09-13 CVE-2024-6087 Unspecified vulnerability in Lunary
An improper access control vulnerability exists in lunary-ai/lunary at the latest commit (a761d83) on the main branch.
network
low complexity
lunary
6.5
6.5
2024-09-13 CVE-2024-6582 Missing Authentication for Critical Function vulnerability in Lunary
A broken access control vulnerability exists in the latest version of lunary-ai/lunary.
network
low complexity
lunary CWE-306
4.3
4.3
2024-06-06 CVE-2024-5248 Unspecified vulnerability in Lunary
In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the `GET /v1/users/me/org` endpoint.
network
low complexity
lunary
6.5
6.5