Home/Product/aimstack aim
Product

aimstack aim

26 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-51464
all versions
Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via
8.8HIGH
 CVE-2025-51463
all versions
Path Traversal in restore_run_backup() in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem v
7.0HIGH
 CVE-2025-5321
<= 3.29.1
A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedP
6.3MEDIUM
 CVE-2025-0190
all versions
In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then
7.5HIGH
 CVE-2025-0189
all versions
In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maxim
7.5HIGH
 CVE-2024-8769
< 3.24.0
A vulnerability in the LockManager.release_locks function in aimhubio/aim (commit bb76afe) allows for arbitrary file deletion th
9.1CRITICAL
 CVE-2024-8238
all versions
In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safer_getattr() function from Restrict
8.1HIGH
 CVE-2024-8101
all versions
A stored cross-site scripting (XSS) vulnerability exists in the Text Explorer component of aimhubio/aim version 3.23.0. The vulner
6.1MEDIUM
 CVE-2024-8061
all versions
In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the s
7.5HIGH
 CVE-2024-7760
all versions
aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tracking server. The vulnerability i
9.6CRITICAL
 CVE-2024-6851
all versions
In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup function in the aim tracking server accepts a user-specified glob
7.5HIGH
 CVE-2024-6829
all versions
A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall() function to extract the co
9.1CRITICAL
 CVE-2024-6483
all versions
A vulnerability in the runs/delete-batch endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion
5.3MEDIUM
 CVE-2024-12778
all versions
A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service (DoS) attack. The issue arises when a large number o
7.5HIGH
 CVE-2024-12777
all versions
A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. The tracking
5.9MEDIUM
 CVE-2024-10110
all versions
In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the trackin
7.5HIGH
 CVE-2024-8863
<= 3.24.0
A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySe
3.5LOW
 CVE-2024-6578
all versions
A stored cross-site scripting (XSS) vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the imprope
5.4MEDIUM
 CVE-2024-6396
all versions
A vulnerability in the _backup_run function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the
9.8CRITICAL
 CVE-2024-6227
all versions
A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking ser
7.5HIGH
 CVE-2024-2196
all versions
aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, upda
8.8HIGH
 CVE-2024-2195
>= 3.0.0
A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the `/api/run
9.8CRITICAL
 CVE-2021-43775
< 3.1.0
Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a p
8.6HIGH
 CVE-2012-5816
all versions
AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server hostname matches a domain name in the subject's Common Name (C
 CVE-2005-1891
<= 5.9.3797
The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 and earlier allows remote attackers to cause a denial of se
7.5HIGH
 CVE-2000-1094
< 4.3.2229
Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyi
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin