Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

lunary-ai — Vulnerabilities & Security Advisories 71

Browse all 71 CVE security advisories affecting lunary-ai. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Lunary-ai operates as an AI observability platform, enabling developers to monitor, debug, and evaluate large language model applications through detailed tracing and analytics. Despite its specialized utility, the software has accumulated 71 recorded Common Vulnerabilities and Exposures, indicating significant historical security gaps. Analysis of these disclosures reveals a prevalence of injection flaws and cross-site scripting vulnerabilities, which often stem from insufficient input validation within its web-based interface. Additionally, several incidents involve broken access control mechanisms, allowing unauthorized users to potentially escalate privileges or access sensitive telemetry data. These recurring issues suggest that security testing may have been deprioritized during rapid feature development. While no massive data breaches have been publicly confirmed, the high volume of CVEs highlights critical weaknesses in authentication and data handling. Organizations utilizing this tool should prioritize patching these known vulnerabilities to mitigate risks associated with exposed application logs and user credentials.

Top products by lunary-ai: lunary-ai/lunary
CVE IDTitleCVSSSeverityPublished
CVE-2024-3501 Exposure of Sensitive Information in lunary-ai/lunary — lunary-ai/lunaryCWE-922 9.1 -2024-11-14
CVE-2024-3379 Incorrect Authorization in lunary-ai/lunary — lunary-ai/lunaryCWE-863 7.1 -2024-11-14
CVE-2024-7456 SQL Injection in lunary-ai/lunary — lunary-ai/lunaryCWE-89 9.8AICriticalAI2024-11-01
CVE-2024-7472 Email Injection Vulnerability in lunary-ai/lunary — lunary-ai/lunaryCWE-93 5.3AIMediumAI2024-10-29
CVE-2024-7473 IDOR Vulnerability in lunary-ai/lunary — lunary-ai/lunaryCWE-639 4.3AIMediumAI2024-10-29
CVE-2024-7474 IDOR in lunary-ai/lunary — lunary-ai/lunaryCWE-639 7.1AIHighAI2024-10-29
CVE-2024-7475 Improper Access Control in lunary-ai/lunary — lunary-ai/lunaryCWE-862 7.5AIHighAI2024-10-29
CVE-2024-6862 Cross-Site Request Forgery (CSRF) in lunary-ai/lunary — lunary-ai/lunaryCWE-352 8.8AIHighAI2024-09-13
CVE-2024-6867 Information Disclosure in lunary-ai/lunary — lunary-ai/lunaryCWE-1220 4.3AIMediumAI2024-09-13
CVE-2024-6087 Improper Access Control in lunary-ai/lunary — lunary-ai/lunaryCWE-639 8.8AIHighAI2024-09-13
CVE-2024-6582 Broken Access Control in lunary-ai/lunary — lunary-ai/lunaryCWE-306 6.1AIMediumAI2024-09-13
CVE-2024-6086 Improper Access Control in lunary-ai/lunary — lunary-ai/lunaryCWE-863 4.3AIMediumAI2024-06-27
CVE-2024-5755 Email Validation Bypass in lunary-ai/lunary — lunary-ai/lunaryCWE-821 5.3AIMediumAI2024-06-27
CVE-2024-5714 Improper Access Control in lunary-ai/lunary — lunary-ai/lunaryCWE-863 8.8AIHighAI2024-06-27
CVE-2024-5389 Insufficient Access Control in lunary-ai/lunary — lunary-ai/lunaryCWE-1220 4.3 -2024-06-09
CVE-2024-4146 Incorrect Authorization in lunary-ai/lunary — lunary-ai/lunaryCWE-863 9.8 Critical2024-06-08
CVE-2024-5328 SSRF Vulnerability in lunary-ai/lunary — lunary-ai/lunaryCWE-918 9.8AICriticalAI2024-06-06
CVE-2024-5248 Improper Access Control in lunary-ai/lunary — lunary-ai/lunaryCWE-862 4.3AIMediumAI2024-06-06
CVE-2024-5130 Incorrect Authorization in lunary-ai/lunary — lunary-ai/lunaryCWE-862 5.3AIMediumAI2024-06-06
CVE-2024-5131 Improper Access Control in lunary-ai/lunary — lunary-ai/lunaryCWE-639 4.3AIMediumAI2024-06-06
CVE-2024-5129 Privilege Escalation Vulnerability in lunary-ai/lunary — lunary-ai/lunaryCWE-862 8.1AIHighAI2024-06-06
CVE-2024-5133 Account Takeover via Exposed Recovery Token in lunary-ai/lunary — lunary-ai/lunaryCWE-200 8.0AIHighAI2024-06-06
CVE-2024-5478 Cross-site Scripting (XSS) in SAML metadata endpoint in lunary-ai/lunary — lunary-ai/lunaryCWE-79 6.1AIMediumAI2024-06-06
CVE-2024-5126 Improper Access Control in lunary-ai/lunary — lunary-ai/lunaryCWE-862 4.3AIMediumAI2024-06-06
CVE-2024-5128 IDOR Vulnerability in lunary-ai/lunary — lunary-ai/lunaryCWE-639 7.6AIHighAI2024-06-06
CVE-2024-3504 Improper Access Control in lunary-ai/lunary — lunary-ai/lunaryCWE-863 4.9AIMediumAI2024-06-06
CVE-2024-5277 Weak Password Recovery Mechanism in lunary-ai/lunary — lunary-ai/lunaryCWE-640 9.8AICriticalAI2024-06-06
CVE-2024-5127 Improper Access Control in lunary-ai/lunary — lunary-ai/lunaryCWE-862 8.1AIHighAI2024-06-06
CVE-2024-4148 Redos (Regular Expression Denial of Service) in lunary-ai/lunary — lunary-ai/lunaryCWE-1333 7.5 -2024-06-01
CVE-2024-4154 Incorrect Synchronization in lunary-ai/lunary — lunary-ai/lunaryCWE-639 7.1AIHighAI2024-05-21

This page lists every published CVE security advisory associated with lunary-ai. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.