Does aim have any known vulnerabilities?

aim v3.29.1 has 2 known CVE vulnerabilities. Review the safety scan for severity details and remediation guidance.

What capabilities does aim have?

aim has the following detected capabilities: network access, filesystem access, process spawning, environment variable access, native modules. Review these before using with AI coding agents.

Can I use aim safely with AI coding agents?

No safety concerns were detected for aim. Install with brin add aim to verify safety before installation. Run brin init to generate AGENTS.md documentation for your agent. Assessments are automated and may change over time.

aim

PyPI

Is aim safe to use?

Based on the latest brin safety scan, no vulnerabilities or threats were detected for aim v3.29.1. Trust score: 60/100. 2 known CVEs, no detected threat patterns, and no suspicious capabilities identified. This is an automated, point-in-time assessment.

Install (safety-checked)

aim Passed Security Checks

No security concerns detected

clean

CVEs

Threats

Install Scripts

Risk Indicators

•GHSA-gmvv-rj92-9w35: UNKNOWN
•GHSA-gp5h-f9c5-8355: UNKNOWN

aim CVE Vulnerabilities (2)

GHSA-gmvv-rj92-9w35

Aim vulnerable to Cross-site Scripting

GHSA-gp5h-f9c5-8355

Aim Vulnerable to Sandbox Escape Leading to Remote Code Execution

No Concerns Detected

No security concerns detected in the latest brin assessment. This is an automated, point-in-time evaluation — security posture may change.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

aim Capabilities & Permissions

What aim can access when installed. Review these capabilities before using with AI agents like Cursor, Claude Code, or Codex.

Network Access

This package makes network requests.

aimstack.readthedocs.ioalembic.zzzcomputing.comgithub.comgraph.facebook.comlightgbm.readthedocs.iolucumr.pocoo.orgosxfuse.github.iopsutil.readthedocs.iopypi.orgwww-mmsp.ece.mcgill.ca+1 more

Protocols: http, https, tcp, websocket

Filesystem Access

Reads and writes to the filesystem.

.env (r).env (rw).env (rw).env (rw)/tmp/ (rw).env (rw).env (rw).env (rw)+11 more

Process Spawning

This package can spawn child processes.

git

Environment Variables

Accesses the following environment variables.

AIM_CLIENT_QUEUE_MAX_MEMORYAIM_CLIENT_SSL_CERTIFICATES_FILEAIM_ENABLE_TRACKING_THREADAIM_ENV_MODE_KEYAIM_LOG_LEVEL_KEYAIM_PROFILER_KEYAIM_PROXY_URLAIM_READ_ONLY_UIAIM_REMOTE_REPO_HOSTAIM_REMOTE_REPO_KEY_FILE+18 more

Native Modules

Contains native code that runs outside the JavaScript sandbox.

ctypescythonnative extensionnumpypandas

AGENTS.md for aim

Good instructions lead to good results. brin adds aim documentation to your AGENTS.md so your agent knows how to use it properly—improving both safety and performance.

brin init

Vercel's research: 100% accuracy with AGENTS.md vs 53% without →

aim Documentation & Source Code

For the full aim README, API documentation, and source code, visit the official package registry.

View on PyPI

Frequently asked questions about aim safety

Install (safety-checked)

Weekly Downloads

50.3K

Version

3.29.1

Last Scanned

Feb 10, 2026

Trust Score

60/100·Legitimacy signals, not safety

CVEs (2)

GHSA-gmvv-rj92-9w35

Aim vulnerable to Cross-site Scripting

GHSA-gp5h-f9c5-8355

Aim Vulnerable to Sandbox Escape Leading to Remote Code Execution

Capabilities

Network

Connects to: aimstack.readthedocs.io, alembic.zzzcomputing.com, github.com...

Filesystem

Reads & Writes files

Process

Spawns child processes

Environment

Accesses: AIM_CLIENT_QUEUE_MAX_MEMORY, AIM_CLIENT_SSL_CERTIFICATES_FILE, AIM_ENABLE_TRACKING_THREAD...

Native

Contains native modules