CVE-2025-51463

Path Traversal in restorerunbackup in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitted to the runinstruction API, which is extracted without path validation during restoration...

Aim Vulnerable to Sandbox Escape Leading to Remote Code Execution

A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component runview Object Handler. The manipulation of the argument Query leads to sandbox issue. The attack can be...

GHSA-GP5H-F9C5-8355 Aim Vulnerable to Sandbox Escape Leading to Remote Code Execution

A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component runview Object Handler. The manipulation of the argument Query leads to sandbox issue. The attack can be...

GHSA-6W7P-XRVP-P7XV Aim allows denial of service due to no timeouts for some tracking server endpoints

In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to other requests while waiting. The issue...

Aim 资源管理错误漏洞

Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. Aim version 3.23.0 suffers from a Resource Management Error vulnerability that originates when certain methods of requesting data from an external server do not have a timeout set, causing the serv...

Aim security breach

Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. Aim version 3.19.3 has a security vulnerability that stems from a flawed function in the remote tracking settings that allows backuprun to overwrite any file and steal arbitrary data...