EUVD-2024-32088

Malicious code in bioql PyPI...

PT-2025-12033 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version latest Description: The issue allows an attacker to view the content of any dataset without authorization by sending a GET request to the "/v1/datasets" endpoint without a valid authorization token. Recommendations: F...

PT-2024-26293 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions up to and including 1.2.5 Description: An information disclosure issue exists where account recovery hashes of users are inadvertently exposed to unauthorized actors. This occurs when authenticated users inspect...

GHSA-W73R-8MM4-CFVF Withdrawn Advisory: Lunary Improper Authentication vulnerability

Withdrawn Advisory This advisory was incorrectly linked the the npm package lunary. The advisory is valid, but not for that package. Original Advisory A broken access control vulnerability exists prior to commit 1f043d8798ad87346dfe378eea723bff78ad7433 of lunary-ai/lunary. The saml.ts file allows...

PT-2024-37377 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions prior to commit 844e8855c7a713dc7371766dba4125de4007b1cf Description: An improper access control issue exists, allowing attackers to use auth tokens from the 'invite user' functionality to obtain valid JWT tokens...

PT-2024-18266 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.0.1 Description: The issue allows removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform...