Lua

by DEVCOMv5.4.6

Last updated Jun 8, 2026

Lua is a powerful, efficient, lightweight, embeddable scripting language. LuaRocks is the package manager for Lua modules.

Visit homepage

Install with winget

$ winget install --id DEVCOM.Lua --exact --version 5.4.6

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Silent install command for Lua

Lua uses MSI (WiX). The silent install switches are /quiet /norestart.

One-line silent install (x64)

msiexec.exe /i Lua-5.4.6-win64.msi /quiet /norestart

See the full silent install reference for Lua →

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

Installers · v5.4.6

Architecture	Type	Scope	Install	Download
x64	MSI WiX	-		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

13 known CVEs via NVD

high7.5Patched in wingetCVE-2021-45985affects before 5.4.4Apr 9, 2023
In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.
Patch Vendor advisory
high7.5Patched in wingetCVE-2022-33099affects >=5.4.2 and <=5.4.4Jul 1, 2022
An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.
Patch Vendor advisory
critical9.1Patched in wingetCVE-2022-28805affects before 5.4.5Apr 7, 2022
singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.
Patch
medium6.3Patched in wingetCVE-2021-44964affects >=5.4.0 and <=5.4.3Mar 14, 2022
Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.
Vendor advisory
medium5.5Patched in wingetCVE-2021-44647affects v5.4.3Jan 11, 2022
Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.
Patch Vendor advisory
medium5.5Patched in wingetCVE-2021-43519affects before 5.3.5, 5.4.4Nov 9, 2021
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
Patch Vendor advisory
medium5.3Patched in wingetCVE-2020-24371affects v5.4.0Aug 17, 2020
lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.
Patch Vendor advisory
medium5.3Patched in wingetCVE-2020-24370affects v5.3.0Aug 17, 2020
ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).
Patch Vendor advisory

Showing 8 of 13. Source: NVD, updated just now. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Related apps

J
JetBrainsMono Nerd FontDEVCOM
DEVCOM.JetBrainsMonoNerdFontv3.3.0
JetBrains Mono – the free and open-source typeface for developers
L
LuaJITDEVCOM
DEVCOM.LuaJITv2.1.19907
LuaJIT is a Just-In-Time (JIT) compiler for the Lua programming language.
Apache JMeterDEVCOM
DEVCOM.JMeterv5.6.3
The Apache JMeter application is open source software, a 100% pure Java application designed to load test functional behavior and measure performance.
Claude CodeAnthropic PBC
Anthropic.ClaudeCodev2.1.175
Unleash Claude’s raw power directly in your terminal. Search million-line codebases instantly. Turn hours-long workflows into a single command. Your tools. Your workflow. Your codebase, evolving at thought speed.
AntigravityGoogle
Google.Antigravityv2.0.11
Experience liftoffwith the next-gen agent platform
Python 3.12Python Software Foundation
Python.Python.3.12v3.12.10
Python is a programming language that lets you work more quickly and integrate your systems more effectively.

More from DEVCOM or browse language, programming, programming-language.

Frequently asked questions

How do I install Lua on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id DEVCOM.Lua --exact --version 5.4.6. winget downloads the installer from DEVCOM and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Lua silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id DEVCOM.Lua --exact 5.4.6 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

What are the silent install switches for Lua?

Lua uses MSI (WiX). Run the downloaded installer with: msiexec.exe /i Lua-5.4.6-win64.msi /quiet /norestart. The silent switches are /quiet /norestart.

How do I uninstall Lua via winget?

Run: winget uninstall --id DEVCOM.Lua --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Lua's Apps & Features entry.

Is Lua free?

Lua is distributed under MIT. Refer to the publisher (https://github.com/DevelopersCommunity/cmake-lua) for the full license terms - Wingetly itself does not charge for installation.

Does Lua work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Lua directly from the publisher.

How do I keep Lua up to date?

Run winget upgrade --id DEVCOM.Lua --exact, or winget upgrade --all to update everything winget tracks. We index 3 versions of Lua from microsoft/winget-pkgs.

Recent versions

5.4.6latest
5.4.5
5.4.4