Aimstack Aim vulnerabilities
23 known vulnerabilities affecting aimstack/aim.
Total CVEs
23
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL6HIGH12MEDIUM5
Vulnerabilities
Page 1 of 2
CVE-2024-6396P1CRITICALCVSS 9.8ExploitedPoCv3.19.32024-07-12
CVE-2024-6396 [CRITICAL] CWE-29 CVE-2024-6396: A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers
A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead
nvd
CVE-2024-2195P2CRITICALCVSS 9.8≥ 3.0.02024-04-10
CVE-2024-2195 [CRITICAL] CWE-94 CVE-2024-2195: A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, spe
A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the `/api/runs/search/run/` endpoint, affecting versions >= 3.0.0. The vulnerability resides in the `run_search_api` function of the `aim/web/api/runs/views.py` file, where improper restriction of user access to the `RunView` object al
ghsanvdosv
CVE-2025-5321P2CRITICALCVSS 9.9≤ 3.29.12025-05-29
CVE-2025-5321 [CRITICAL] CWE-264 CVE-2025-5321: A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability af
A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object Handler. The manipulation of the argument Abfrage leads to erweiterte Rechte. The attack can be initiated remotely. The exploit has been disclo
ghsanvdosv
CVE-2024-6829P2CRITICALCVSS 9.1v3.19.32025-03-20
CVE-2024-6829 [CRITICAL] CWE-73 CVE-2024-6829: A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the `tarfile.extractall
A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the `tarfile.extractall()` function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control `repo.path` and `run_hash` to bypass directory existence checks and extract files to unintended locations, potenti
ghsanvdosv
CVE-2024-8769P2CRITICALCVSS 9.1fixed in 3.24.02025-03-20
CVE-2024-8769 [CRITICAL] CWE-22 CVE-2024-8769: A vulnerability in the `LockManager.release_locks` function in aimhubio/aim (commit bb76afe) allows
A vulnerability in the `LockManager.release_locks` function in aimhubio/aim (commit bb76afe) allows for arbitrary file deletion through relative path traversal. The `run_hash` parameter, which is user-controllable, is concatenated without normalization as part of a path used to specify file deletion. This vulnerability is exposed through the `Repo._cl
ghsanvdosv
CVE-2021-43775P3HIGHCVSS 8.6fixed in 3.1.02021-11-23
CVE-2021-43775 [HIGH] CWE-22 CVE-2021-43775: Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior
Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored
ghsanvdosv
CVE-2024-7760P3CRITICALCVSS 9.6v3.22.02025-03-20
CVE-2024-7760 [CRITICAL] CWE-352 CVE-2024-7760: aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tracki
aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can be chained with other existing vulnerabilities such a
ghsanvdosv
CVE-2024-8238P3HIGHCVSS 8.1v3.22.02025-03-20
CVE-2024-8238 [HIGH] CWE-1336 CVE-2024-8238: In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safer_ge
In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safer_getattr() function from RestrictedPython. This version does not protect against the str.format_map() method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution. The vulnerability arises because str.format_map()
ghsanvdosv
CVE-2024-6851P3HIGHCVSS 7.5v3.22.02025-03-20
CVE-2024-6851 [HIGH] CWE-22 CVE-2024-6851: In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup function in the aim tracking server
In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted glob-pattern to lead to arbitrary file deletion.
ghsanvdosv
CVE-2025-51463P3HIGHCVSS 7.0v3.28.02025-07-22
CVE-2025-51463 [HIGH] CWE-22 CVE-2025-51463: Path Traversal in restore_run_backup() in AIM 3.28.0 allows remote attackers to write arbitrary file
Path Traversal in restore_run_backup() in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitted to the run_instruction API, which is extracted without path validation during restoration.
nvd
CVE-2024-2196P3HIGHCVSS 8.8v3.17.52024-04-10
CVE-2024-2196 [HIGH] CWE-352 CVE-2024-2196: aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actio
aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim dashboard. An attacker can exploit this by tricking a user into
ghsanvdosv
CVE-2025-51464P3HIGHCVSS 8.8v3.28.02025-07-22
CVE-2025-51464 [HIGH] CWE-79 CVE-2025-51464: Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaS
Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python code submitted to the /api/reports endpoint, which is interpreted and executed by Pyodide when the report is viewed. No sanitisation or sandbox restrictions prevent JavaScript execution via pyodide.code.run_
ghsanvdosv
CVE-2024-12778P3HIGHCVSS 7.5v3.25.02025-03-20
CVE-2024-12778 [HIGH] CWE-770 CVE-2024-12778: A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service (DoS) attack. The issu
A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service (DoS) attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root cause is the lack of a limit on the number of metrics that can be requested per call, combined wit
ghsanvdosv
CVE-2024-6227P3HIGHCVSS 7.5v3.19.32024-07-08
CVE-2024-6227 [HIGH] CWE-835 CVE-2024-6227: A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by confi
A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections.
ghsanvdosv
CVE-2025-0189P3HIGHCVSS 7.5v3.25.02025-03-20
CVE-2025-0189 [HIGH] CWE-770 CVE-2025-0189: In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack.
In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be tracked. This causes the server to become unresponsive to other requests while processing the large image, leading to a denial of service condition.
ghsanvdosv
CVE-2025-0190P3HIGHCVSS 7.5v3.25.02025-03-20
CVE-2025-0190 [HIGH] CWE-1049 CVE-2025-0190: In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large num
In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these objects. This vulnerability can be exploited repeatedly
ghsanvdosv
CVE-2024-8061P3HIGHCVSS 7.5v3.23.02025-03-20
CVE-2024-8061 [HIGH] CWE-1088 CVE-2024-8061: In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not ha
In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to other requests while waiting. The issue arises in the client used by the `aim` tracking server to co
ghsanvdosv
CVE-2024-10110P3HIGHCVSS 7.5v3.23.02025-03-20
CVE-2024-10110 [HIGH] CWE-400 CVE-2024-10110: In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on
In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests.
ghsanvdosv
CVE-2024-6483P4MEDIUMCVSS 5.3v3.19.32025-03-20
CVE-2024-6483 [MEDIUM] CWE-23 CVE-2024-6483: A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim version 3.19.3 allows for arbitr
A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which are used to specify log/metadata files for deletion. This can be exploited to delete arbitrary files or dir
ghsanvdosv
CVE-2024-8863P4MEDIUMCVSS 5.4≤ 3.24.02024-09-14
CVE-2024-8863 [MEDIUM] CWE-79 CVE-2024-8863: A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected
A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the pub
ghsanvdosv
1 / 2Next →