Aimhubio/Aim
Approved changes feed: RSS · Atom
cpe:2.3:a:aimhubio:aimhubio/aim:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Aimhubio (9426dfad-e771-5a21-89e2-df29d78b9f28) |
|---|---|
| Product | Aimhubio/Aim (45a1a2d9-039c-50c4-9426-f421cf28d56e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-0190 |
vulnerable | 2026-06-08 07:00:29.896556 |
Denial of Service in aimhubio/aim
HIGH (7.5)
In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these objects. This vulnerability can be exploited repeatedly, leading to a complete denial of service.
Published: 2025-03-20T10:08:48.087Z
Updated: 2025-03-20T19:03:20.216Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0189 |
vulnerable | 2026-06-08 07:00:29.895039 |
Denial of Service in aimhubio/aim
HIGH (7.5)
In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be tracked. This causes the server to become unresponsive to other requests while processing the large image, leading to a denial of service condition.
Published: 2025-03-20T10:10:54.858Z
Updated: 2025-10-15T12:50:04.149Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8769 |
vulnerable | 2026-06-08 07:00:25.684901 |
Arbitrary File Deletion via Relative Path Traversal in aimhubio/aim
CRITICAL (9.1)
A vulnerability in the `LockManager.release_locks` function in aimhubio/aim (commit bb76afe) allows for arbitrary file deletion through relative path traversal. The `run_hash` parameter, which is user-controllable, is concatenated without normalization as part of a path used to specify file deletion. This vulnerability is exposed through the `Repo._close_run()` method, which is accessible via the tracking server instruction API. As a result, an attacker can exploit this to delete any arbitrary file on the machine running the tracking server.
Published: 2025-03-20T10:11:22.123Z
Updated: 2025-10-15T12:50:42.461Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8238 |
vulnerable | 2026-06-08 07:00:23.315766 |
Unrestricted Code Execution in aimhubio/aim
MEDIUM (5.9)
In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safer_getattr() function from RestrictedPython. This version does not protect against the str.format_map() method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution. The vulnerability arises because str.format_map() can read arbitrary attributes of Python objects, enabling attackers to access sensitive variables such as os.environ. If an attacker can write files to a known location on the Aim server, they can use str.format_map() to load a malicious .dll/.so file into the Python interpreter, leading to unrestricted code execution.
Published: 2025-03-20T10:11:09.622Z
Updated: 2025-10-15T12:49:56.303Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8101 |
vulnerable | 2026-06-08 07:00:21.534181 |
Stored XSS in aimhubio/aim
HIGH (7.2)
A stored cross-site scripting (XSS) vulnerability exists in the Text Explorer component of aimhubio/aim version 3.23.0. The vulnerability arises due to the use of `dangerouslySetInnerHTML` without proper sanitization, allowing arbitrary JavaScript execution when rendering tracked texts. This can be exploited by injecting malicious HTML content during the training process, which is then rendered unsanitized in the Text Explorer.
Published: 2025-03-20T10:11:29.974Z
Updated: 2025-03-20T13:01:37.992Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8061 |
vulnerable | 2026-06-08 07:00:21.304180 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-7760 |
vulnerable | 2026-06-08 06:58:23.384169 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-6851 |
vulnerable | 2026-06-08 06:58:20.599413 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-6829 |
vulnerable | 2026-06-08 06:58:20.551471 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-6578 |
vulnerable | 2026-06-08 06:58:19.928559 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-6483 |
vulnerable | 2026-06-08 06:58:19.569120 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-6396 |
vulnerable | 2026-06-08 06:58:19.333085 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-6227 |
vulnerable | 2026-06-08 06:58:18.295662 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2196 |
vulnerable | 2026-06-08 06:33:30.563740 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2195 |
vulnerable | 2026-06-08 06:33:30.561325 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-12778 |
vulnerable | 2026-06-08 06:25:36.072702 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-12777 |
vulnerable | 2026-06-08 06:25:36.071247 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10110 |
vulnerable | 2026-06-08 06:22:03.586101 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.