CVE-2025-9803

CVE-2025-9803 affects lunary-ai/lunary version 1.9.34, where the Google OAuth integration fails to verify the aud (audience) field in the Google access token. This allows tokens issued to malicious apps to be accepted, potentially enabling account takeover. The vulnerability is mitigated in versi...

EUVD-2024-17365

Malicious code in bioql PyPI...

EUVD-2024-46554

Malicious code in bioql PyPI...

CVE-2025-4962

An Insecure Direct Object Reference IDOR vulnerability was identified in the POST /v1/templates endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by altering the projectId query parameter. The ro...

CVE-2024-5328

A Server-Side Request Forgery SSRF vulnerability exists in the lunary-ai/lunary application, specifically within the endpoint '/auth/saml/tto/download-idp-xml'. The vulnerability arises due to the application's failure to validate user-supplied URLs before using them in server-side requests. An...

CVE-2024-4148

A Regular Expression Denial of Service ReDoS vulnerability exists in the lunary-ai/lunary application, version 1.2.10. An attacker can exploit this vulnerability by maliciously manipulating regular expressions, which can significantly impact the response time of the application and potentially...