CRITICAL9.8CVE-2024-2195Aim Web API vulnerable to Remote Code Execution >= 3.0.0, <= 3.25.0
CRITICAL9.1CVE-2024-8769Aim path traversal in LockManager.release_locks >= 3.15.0, <= 3.27.0
CRITICAL9.1CVE-2024-6829Aim External Control of File Name or Path vulnerability from 0, <= 3.19.3
HIGH8.8Aim Cross-Site Request Forgery vulnerability allows user to delete runs and perform other operations
from 0, <= 3.17.5
HIGH8.6Arbitrary file reading vulnerability in Aim
from 0, < 3.1.0
HIGH8.6Arbitrary file reading vulnerability in Aim
from 0, < 3.1.0
HIGH7.5Aim Uncontrolled Resource Consumption vulnerability
from 0, <= 3.25.0
HIGH7.5Aim Excessive Data Query Operations in a Large Data Table vulnerability
from 0, <= 3.25.0
HIGH7.5Aim allows denial of service due to no timeouts for some tracking server endpoints
from 0, <= 3.23.0
HIGH7.5Aim Path Traversal vulnerability
from 0, <= 3.22.0
HIGH7.5Aim Uncontrolled Resource Consumption vulnerability
from 0, <= 3.25.0
HIGH7.5Aim Vulnerable to Denial of Service (DoS)
>= 3.15.0, <= 3.23.0
HIGH7.5Aim denial of service vulnerability
from 0, <= 3.19.3
HIGH7.4Aim vulnerable to Cross-Site Request Forgery
from 0, <= 3.22.0
MEDIUM6.3Aim Vulnerable to Sandbox Escape Leading to Remote Code Execution
from 0, <= 3.29.1
MEDIUM6.1Aim Stored Cross-site Scripting Vulnerability
from 0, <= 3.19.3
MEDIUM5.9Aim Improper Access Control
>= 3.0.0, <= 3.22.0
MEDIUM5.9Aim vulnerable to Synchronous Access of Remote Resource without Timeout
from 0, <= 3.25.0
MEDIUM5.3Aim Relative Path Traversal vulnerability
from 0, <= 3.19.3
LOW3.5Aim Stored XSS through TEXT EXPLORER
from 0, <= 3.24.0
—Aim vulnerable to Cross-site Scripting
from 0, <= 3.30.0.dev20250611