PT-2025-45606

Name of the Vulnerable Software and Affected Versions Looker Studio versions prior to 21 July 2025 Description A SQL injection issue exists in Looker Studio. A user with report view access can inject malicious SQL code that is executed with the permissions of the report owner. This affects report...

EUVD-2024-2158

Malicious code in bioql PyPI...

EUVD-2021-9708

Malicious code in bioql PyPI...

EUVD-2025-6876

Malicious code in bioql PyPI...

security-analytics

This repository is a community-driven set of security analytics for auditing cloud usage and detecting threats to data & workloads in Google Cloud. It provides a list of sample security analytics for auditing cloud usage and detecting threats, which may assist detection engineers, threat hunters,...

threat-detection-as-code

This repository is a community-driven set of security analytics for auditing cloud usage and detecting threats to data & workloads in Google Cloud. It provides a list of sample security analytics for auditing cloud usage and for detecting threats to your data & workloads in Google Cloud. The...

CVE-2024-35189

Fides is an open-source privacy engineering platform. The Fides webserver has a number of endpoints that retrieve ConnectionConfiguration records and their associated secrets which can contain sensitive data e.g. passwords, private keys, etc.. These secrets are stored encrypted at rest in the...

lunary authorization issue vulnerability (CNVD-2025-07598)

lunary is lunary open source a production toolkit for LLM . An authorization issue vulnerability exists in lunary that stems from /bigquery API routing without proper access control, no detailed vulnerability details are provided at this time...

CVE-2024-8999

lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to export the entire database data by creating a stream to Google BigQuery without proper authentication or authorization. Th...

CVE-2024-8999

lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to export the entire database data by creating a stream to Google BigQuery without proper authentication or authorization. Th...

CVE-2024-8999

lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to export the entire database data by creating a stream to Google BigQuery without proper authentication or authorization. Th...

CVE-2024-8999 Improper Access Control in lunary-ai/lunary

lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to export the entire database data by creating a stream to Google BigQuery without proper authentication or authorization. Th...

CVE-2024-8999

Lunary (lunary-ai/lunary) v1.4.25 contains an improper access control vulnerability in POST /api/v1/data-warehouse/bigquery, allowing unauthenticated/export of the entire database to Google BigQuery. Root cause: insufficient access checks on the data-warehouse/bigquery endpoint. Impact is high (c...

CVE-2024-9095

CVE-2024-9095 affects lunary-ai/lunary v1.4.28. The exposed /bigquery API route allows any logged-in user to create a Datastream to Google BigQuery and export the entire database, including sensitive data such as password hashes and secret API keys. The route is guarded by a config flag (config.D...

CVE-2024-9095 Improper Authorization in lunary-ai/lunary

In lunary-ai/lunary version v1.4.28, the /bigquery API route lacks proper access control, allowing any logged-in user to create a Datastream to Google BigQuery and export the entire database. This includes sensitive data such as password hashes and secret API keys. The route is protected by a...

Lunary 授权问题漏洞

lunary is lunary open source a production toolkit for LLM . An authorization issue vulnerability exists in lunary that stems from /bigquery API routing without proper access control, no detailed vulnerability details are provided at this time...

Lunary 访问控制错误漏洞

Lunary is Lunary open source a production toolkit for LLM . Lunary suffers from an Access Control Error vulnerability that originates from the POST /api/v1/data-warehouse/bigquery endpoint without proper access control, which can be exploited by an attacker to obtain sensitive information...

com.github.nbbrd.sdmx-dl:sdmx-dl-grpc (=3.0.0-beta.12), com.github.rebue.wheel:wheel-vertx (>=2.2.9 <=2.2.12) +173 more potentially affected by CVE-2024-8391 via io.vertx:vertx-grpc-server (>=4.3.0 <=4.5.1)

io.vertx:vertx-grpc-server MAVEN version =4.3.0, =2.2.9, =0.30.0, =0.21.0, =2.8.0, =0.2.0, =0.0.7, =0.0.7, =0.0.7, =2.7.0, =2.7.0, =2.7.0, =1.0.4, =1.0.4, =1.3.0, =2.7.0 and more Source cves: CVE-2024-8391 Source advisory: OSV:GHSA-G76F-GJFX-4RPRhttps://vulners.com/osv/OSV:GHSA-G...

Sensitive Information Disclosure

ethycafides is vulnerable to Information Disclosure. The vulnerability is due to improper masking of nested sensitive fields such as privatekey in the BigQuery connection configuration, which allows an attacker to expose the sensitive fields in plaintext via certain API endpoints...

GHSA-RCVG-JJ3G-RJ7C Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints

The Fides webserver has a number of endpoints that retrieve ConnectionConfiguration records and their associated secrets which can contain sensitive data e.g. passwords, private keys, etc.. These secrets are stored encrypted at rest in the application database, and the associated endpoints are no...