EUVD-2025-7110

Malicious code in bioql PyPI...

CVE-2024-10330

In lunary-ai/lunary version 1.5.6, the /v1/evaluators/ endpoint lacks proper access control, allowing any user associated with a project to fetch all evaluator data regardless of their role. This vulnerability permits low-privilege users to access potentially sensitive evaluation data...

CVE-2024-10330

CVE-2024-10330 concerns lunary-ai/lunary v1.5.6 where the /v1/evaluators/ endpoint has improper access control. The documents state that any user associated with a project can fetch all evaluator data regardless of role, enabling low-privilege users to access potentially sensitive evaluation data...

CVE-2024-10330 Improper Access Control in lunary-ai/lunary

In lunary-ai/lunary version 1.5.6, the /v1/evaluators/ endpoint lacks proper access control, allowing any user associated with a project to fetch all evaluator data regardless of their role. This vulnerability permits low-privilege users to access potentially sensitive evaluation data...

Lunary 安全漏洞

Lunary is Lunary open source a production toolkit for LLM . A security vulnerability exists in Lunary versions prior to 1.5.9, which stems from a security issue in /v1/evaluators/endpoints, and can be exploited by an attacker to delete evaluator data, resulting in permanent data loss and potentia...

PT-2025-12064 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions prior to 1.5.9 Description: The issue concerns a lack of proper access control in the /v1/evaluators/ endpoint, allowing low-privilege users to delete evaluator data by sending a DELETE request. This can cause...

PT-2025-12036 · Unknown · Lunary-Ai/Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.5.6 Description: The issue concerns a lack of proper access control in the "/v1/evaluators/" endpoint, allowing any user associated with a project to fetch all evaluator data regardless of their role. This permits...