Aimhubio Aim vulnerabilities
3 known vulnerabilities affecting aimhubio/aim.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-5321P2CRITICALCVSS 9.9v3.29.0v3.29.12025-05-29
CVE-2025-5321 [CRITICAL] CWE-264 CVE-2025-5321: A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability af
A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object Handler. The manipulation of the argument Abfrage leads to erweiterte Rechte. The attack can be initiated remotely. The exploit has been disclo
nvd
CVE-2021-43775P3HIGHCVSS 8.6fixed in 3.1.02021-11-23
CVE-2021-43775 [HIGH] CWE-22 CVE-2021-43775: Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior
Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored
nvd
CVE-2024-8863P4MEDIUMCVSS 5.4v3.0v3.1+23 more2024-09-14
CVE-2024-8863 [MEDIUM] CWE-79 CVE-2024-8863: A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected
A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the pub
nvd