Vulnerabilities > Lunary > Lunary > 1.4.13

DATE CVE VULNERABILITY TITLE RISK
2025-03-20 CVE-2024-11300 Unspecified vulnerability in Lunary
In lunary-ai/lunary before version 1.6.3, an improper access control vulnerability exists where a user can access prompt data of another user.
network
low complexity
lunary
6.5
2025-03-20 CVE-2024-8998 Unspecified vulnerability in Lunary
A Regular Expression Denial of Service (ReDoS) vulnerability exists in lunary-ai/lunary version git f07a845.
network
low complexity
lunary
7.5
2025-03-20 CVE-2024-8999 Improper Access Control vulnerability in Lunary
lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint.
network
low complexity
lunary CWE-284
7.5
2025-03-20 CVE-2024-9098 Improper Access Control vulnerability in Lunary
In lunary-ai/lunary before version 1.4.30, a privilege escalation vulnerability exists where admins can invite new members with billing permissions, thereby gaining unauthorized access to billing resources.
network
low complexity
lunary CWE-284
6.1
2025-03-20 CVE-2025-0281 Cross-site Scripting vulnerability in Lunary
A stored cross-site scripting (XSS) vulnerability exists in lunary-ai/lunary versions 1.6.7 and earlier.
network
low complexity
lunary CWE-79
5.4