545 matches found
EUVD-2025-6926
Malicious code in bioql PyPI...
EUVD-2024-41597
Malicious code in bioql PyPI...
EUVD-2024-1169
Malicious code in bioql PyPI...
Malicious code in @zalastax/nolb-aim (npm)
The package @zalastax/nolb-aim was found to contain malicious code...
MAL-2025-43111 Malicious code in @zalastax/nolb-aim (npm)
The package @zalastax/nolb-aim was found to contain malicious code...
MAL-2025-9740 Malicious code in @zalastax/nolb-_aim (npm)
The package @zalastax/nolb-aim was found to contain malicious code...
CVE-2025-51463
Path Traversal in restorerunbackup in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitted to the runinstruction API, which is extracted without path validation during restoration...
dsipts (>=1.1.5 <=1.1.39), kedro-aim (>=0.1.1 <=0.1.3) +7 more potentially affected by CVE-2025-51464 via aim (>=3.17.4 <=3.29.1)
aim PYPI version =3.17.4, =1.1.5, =0.1.1, =0.0.1, =0.0.1, =0.0.20, =0.1.0, =0.5.6 Source cves: CVE-2025-51464 Source advisory: OSV:GHSA-GMVV-RJ92-9W35...
GHSA-GMVV-RJ92-9W35 Aim vulnerable to Cross-site Scripting
Cross-site Scripting XSS in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python code submitted to the /api/reports endpoint, which is interpreted and executed by Pyodide when the report is viewed. No sanitisation or sandbox...
CVE-2025-51464
Cross-site Scripting XSS in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python code submitted to the /api/reports endpoint, which is interpreted and executed by Pyodide when the report is viewed. No sanitisation or sandbox...
ado-sfttrainer (>=1.0.1 <=1.8.0), aim-mlflow (>=0.1.0 <=0.2.1) +27 more potentially affected by CVE-2025-51464 via aim (>=3.17.4 <=4.0.3)
aim PYPI version =3.17.4, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =4.46.1, =0.0.1, =0.0.3, =0.0.1, =1.1.5, =0.1.1, =0.22.0, =0.0.1, =0.0.1, =2.0.1, =2.0.7 and more Source cves: CVE-2025-51464 Source advisory: SNYK:PYTHON-AIM-10878170...
Cross-site Scripting (XSS)
Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the /api/reports endpoint, which processes user-submitted Python code that is interpreted and executed by the function pyodide.code.runjs...
CVE-2025-51463
Path Traversal in restorerunbackup in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitted to the runinstruction API, which is extracted without path validation during restoration...
CVE-2025-51463
Path Traversal in restorerunbackup in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitted to the runinstruction API, which is extracted without path validation during restoration...
ado-sfttrainer (>=1.0.1 <=1.8.0), aim-mlflow (>=0.1.0 <=0.2.1) +27 more potentially affected by CVE-2025-51463 via aim (>=3.17.4 <=4.0.3)
aim PYPI version =3.17.4, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =4.46.1, =0.0.1, =0.0.3, =0.0.1, =1.1.5, =0.1.1, =0.22.0, =0.0.1, =0.0.1, =2.0.1, =2.0.7 and more Source cves: CVE-2025-51463 Source advisory: SNYK:PYTHON-AIM-10875510...
CVE-2025-51463
Path Traversal in restorerunbackup in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitted to the runinstruction API, which is extracted without path validation during restoration...
CVE-2025-51464
Cross-site Scripting XSS in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python code submitted to the /api/reports endpoint, which is interpreted and executed by Pyodide when the report is viewed. No sanitisation or sandbox...
PT-2025-30426 · Aim · Aim
Name of the Vulnerable Software and Affected Versions: AIM version 3.28.0 Description: A path traversal issue exists in the restore run backup function. This allows remote attackers to write arbitrary files to the server's filesystem by submitting a crafted backup tar file to the run instruction...
CVE-2025-51463
Path Traversal in restorerunbackup in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitted to the runinstruction API, which is extracted without path validation during restoration...
Aim 路径遍历漏洞
Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. A path traversal vulnerability exists in AIM version 3.28.0, which stems from a path traversal vulnerability in restorerunbackup that could result in writing arbitrary files to the server file syst...