Every CVE whose affected-product data names Aimstack Aim, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2024-2195 — CVSS 9.8 (critical): A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the…
CVE-2024-6396 — CVSS 9.8 (critical): A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host…
CVE-2024-7760 — CVSS 9.6 (critical): aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tracking server. The vulnerability is due to…
CVE-2024-8769 — CVSS 9.1 (critical): A vulnerability in the `LockManager.release_locks` function in aimhubio/aim (commit bb76afe) allows for arbitrary file deletion through…
CVE-2024-6829 — CVSS 9.1 (critical): A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the `tarfile.extractall()` function to extract the contents of…
CVE-2024-2196 — CVSS 8.8 (high): aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating…
CVE-2025-51464 — CVSS 8.8 (high): Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious…
CVE-2021-43775 — CVSS 8.6 (high): Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path…
CVE-2024-8238 — CVSS 8.1 (high): In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safer_getattr() function from RestrictedPython…
CVE-2024-6851 — CVSS 7.5 (high): In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup function in the aim tracking server accepts a user-specified glob-pattern…
CVE-2024-10110 — CVSS 7.5 (high): In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server…
CVE-2024-12778 — CVSS 7.5 (high): A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service (DoS) attack. The issue arises when a large number of tracked…
CVE-2024-6227 — CVSS 7.5 (high): A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking server to…
CVE-2024-8061 — CVSS 7.5 (high): In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to…
CVE-2025-0189 — CVSS 7.5 (high): In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size…
CVE-2025-0190 — CVSS 7.5 (high): In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` objects and then querying…
CVE-2025-51463 — CVSS 7.0 (high): Path Traversal in restore_run_backup() in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a…
CVE-2025-5321 — CVSS 6.3 (medium): A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function…
CVE-2024-8101 — CVSS 6.1 (medium): A stored cross-site scripting (XSS) vulnerability exists in the Text Explorer component of aimhubio/aim version 3.23.0. The vulnerability…
CVE-2024-12777 — CVSS 5.9 (medium): A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. The tracking server…
CVE-2024-6578 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper…
CVE-2024-6483 — CVSS 5.3 (medium): A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through…
CVE-2024-8863 — CVSS 3.5 (low): A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML…