GHSA-fm93-g6xp-35xq

Source

https://github.com/advisories/GHSA-fm93-g6xp-35xq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-fm93-g6xp-35xq/GHSA-fm93-g6xp-35xq.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-fm93-g6xp-35xq

Aliases

CVE-2025-0190

Published

2025-03-20T12:32:52Z

Modified

2025-03-22T01:18:56.864063Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Aim Excessive Data Query Operations in a Large Data Table vulnerability

Details

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these objects. This vulnerability can be exploited repeatedly, leading to a complete denial of service.

Database specific

{
    "nvd_published_at": "2025-03-20T10:15:51Z",
    "cwe_ids": [
        "CWE-1049"
    ],
    "github_reviewed_at": "2025-03-22T00:34:31Z",
    "github_reviewed": true,
    "severity": "HIGH"
}

References

Affected packages

PyPI / aim

Package

Name: aim; View open source insights on deps.dev
Purl: pkg:pypi/aim

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.25.0

Affected versions

2.*

2.0.19

2.0.20

2.0.21

2.0.22

2.0.23

2.0.24

2.0.25

2.0.26

2.0.27

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.2.0

2.2.1

2.3.0

2.4.0

2.5.0

2.6.0

2.7.0

2.7.1

2.7.2

2.7.3

2.7.4

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.1.0

3.1.1

3.2.0

3.2.1

3.2.2

3.3.0

3.3.1

3.3.2

3.3.3

3.3.4

3.3.5

3.4.0

3.4.1

3.5.0

3.5.1

3.5.2

3.5.3

3.5.4

3.6.0

3.6.1

3.6.2

3.6.3

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.7.5

3.8.0

3.8.1

3.9.0a1

3.9.0a14

3.9.2

3.9.3

3.9.4

3.10.0.dev9

3.10.0

3.10.1

3.10.2

3.10.3

3.11.0.dev4

3.11.0

3.11.1.dev1

3.11.1

3.11.2

3.12.0.dev2

3.12.0

3.12.1

3.12.2

3.13.0

3.13.1

3.13.2

3.13.3

3.13.4

3.14.0

3.14.1

3.14.2

3.14.3

3.14.4

3.15.0

3.15.1

3.15.2

3.16.0

3.16.1

3.16.2

3.17.0

3.17.1

3.17.2

3.17.3

3.17.4

3.17.5rc1

3.17.5rc2

3.17.5rc3

3.17.5rc4

3.17.5

3.18.0.dev2

3.18.0.dev3

3.18.0.dev4

3.18.0.dev5

3.18.0

3.18.1

3.19.0

3.19.1

3.19.2

3.19.3

3.20.1

3.21.0

3.22.0

3.23.0

3.24.0

3.25.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-fm93-g6xp-35xq/GHSA-fm93-g6xp-35xq.json"