Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

lunary-ai — Vulnerabilities & Security Advisories 71

Browse all 71 CVE security advisories affecting lunary-ai. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Lunary-ai operates as an AI observability platform, enabling developers to monitor, debug, and evaluate large language model applications through detailed tracing and analytics. Despite its specialized utility, the software has accumulated 71 recorded Common Vulnerabilities and Exposures, indicating significant historical security gaps. Analysis of these disclosures reveals a prevalence of injection flaws and cross-site scripting vulnerabilities, which often stem from insufficient input validation within its web-based interface. Additionally, several incidents involve broken access control mechanisms, allowing unauthorized users to potentially escalate privileges or access sensitive telemetry data. These recurring issues suggest that security testing may have been deprioritized during rapid feature development. While no massive data breaches have been publicly confirmed, the high volume of CVEs highlights critical weaknesses in authentication and data handling. Organizations utilizing this tool should prioritize patching these known vulnerabilities to mitigate risks associated with exposed application logs and user credentials.

Top products by lunary-ai: lunary-ai/lunary
CVE IDTitleCVSSSeverityPublished
CVE-2024-5386 Account Hijacking via Password Reset Token Leak in lunary-ai/lunary — lunary-ai/lunaryCWE-1125 8.1AIHighAI2026-02-02
CVE-2024-4147 Insufficient Access Control in lunary-ai/lunary — lunary-ai/lunaryCWE-1220 4.3AIMediumAI2026-02-02
CVE-2025-9803 Improper Authentication in lunary-ai/lunary — lunary-ai/lunaryCWE-287 9.8AICriticalAI2025-11-25
CVE-2025-5352 Environment Variable XSS in Analytics Component in lunary-ai/lunary — lunary-ai/lunaryCWE-79 5.4 -2025-08-23
CVE-2025-4962 IDOR Vulnerability in Template Creation via `projectId` Manipulation in lunary-ai/lunary — lunary-ai/lunaryCWE-284 4.3AIMediumAI2025-08-18
CVE-2025-4779 Stored Cross-site Scripting (XSS) in lunary-ai/lunary — lunary-ai/lunaryCWE-79 6.1AIMediumAI2025-07-07
CVE-2024-11300 Improper Access Control in lunary-ai/lunary — lunary-ai/lunaryCWE-639 6.5 -2025-03-20
CVE-2024-10272 Broken Access Control in lunary-ai/lunary — lunary-ai/lunaryCWE-862 7.5 -2025-03-20
CVE-2024-8998 Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary — lunary-ai/lunaryCWE-1333 7.5 -2025-03-20
CVE-2025-0281 Stored Cross-Site Scripting (XSS) in lunary-ai/lunary — lunary-ai/lunaryCWE-79 5.4 -2025-03-20
CVE-2024-9099 Exposure of Private API Keys in lunary-ai/lunary — lunary-ai/lunaryCWE-1230 8.8 -2025-03-20
CVE-2024-8765 Improper Path Equivalence Resolution in lunary-ai/lunary — lunary-ai/lunaryCWE-41 9.4 -2025-03-20
CVE-2024-10330 Improper Access Control in lunary-ai/lunary — lunary-ai/lunaryCWE-862 4.3 -2025-03-20
CVE-2024-8789 Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary — lunary-ai/lunaryCWE-1333 7.5 -2025-03-20
CVE-2024-11301 Improper Enforcement of Unique Constraint in lunary-ai/lunary — lunary-ai/lunaryCWE-837 8.2 -2025-03-20
CVE-2024-7476 Broken Access Control in lunary-ai/lunary — lunary-ai/lunaryCWE-639 6.5 -2025-03-20
CVE-2024-9096 Improper Authorization in lunary-ai/lunary — lunary-ai/lunaryCWE-862 4.3 -2025-03-20
CVE-2024-9098 Privilege Escalation in lunary-ai/lunary — lunary-ai/lunaryCWE-863 8.1 -2025-03-20
CVE-2024-8764 Improper Authorization in lunary-ai/lunary — lunary-ai/lunaryCWE-1333 7.5 -2025-03-20
CVE-2024-10762 Missing Authorization in lunary-ai/lunary — lunary-ai/lunaryCWE-862 5.4 -2025-03-20
CVE-2024-9000 Improper Authorization and Duplicate Slug Vulnerability in lunary-ai/lunary — lunary-ai/lunaryCWE-862 6.5 -2025-03-20
CVE-2024-10275 Improper Role Modification by Admins for Billing Permissions in lunary-ai/lunary — lunary-ai/lunaryCWE-863 8.8 -2025-03-20
CVE-2024-10274 Improper Authorization in lunary-ai/lunary — lunary-ai/lunaryCWE-862 4.3 -2025-03-20
CVE-2024-11137 IDOR Vulnerability in PATCH `/v1/runs/:id/score` Endpoint in lunary-ai/lunary — lunary-ai/lunaryCWE-639 4.3 -2025-03-20
CVE-2024-8763 Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary — lunary-ai/lunaryCWE-1333 7.5 -2025-03-20
CVE-2024-8999 Improper Access Control in lunary-ai/lunary — lunary-ai/lunaryCWE-862 5.3 -2025-03-20
CVE-2024-10273 Improper Privilege Management in lunary-ai/lunary — lunary-ai/lunaryCWE-863 6.1 -2025-03-20
CVE-2024-9095 Improper Authorization in lunary-ai/lunary — lunary-ai/lunaryCWE-862 8.1 -2025-03-20
CVE-2024-3760 Email Bombing Vulnerability in lunary-ai/lunary — lunary-ai/lunaryCWE-770 7.5 -2024-11-14
CVE-2024-3502 Exposure of Sensitive Information in lunary-ai/lunary — lunary-ai/lunaryCWE-201 6.5 -2024-11-14

This page lists every published CVE security advisory associated with lunary-ai. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.