Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nim-lang nim vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-46872
An issue exists in Nim prior to 1.6.2. The RST module of the Nim language stdlib, as used in NimForum and other products, permits the javascript: URI scheme and thus can lead to XSS in some applications. (Nim versions 1.6.2 and later are fixed; there may be backports of the fix t...
Nim-lang Nimforum
Nim-lang Nim
5.5
CVSSv2
CVE-2022-23602
Nimforum is a lightweight alternative to Discourse written in Nim. In versions before 2.2.0 any forum user can create a new thread/post with an include referencing a file local to the host operating system. Nimforum will render the file if able. This can also be done silently by ...
Nim-lang Docutils
Nim-lang Nimforum
4.3
CVSSv2
CVE-2020-23171
A vulnerability in all versions of Nim-lang allows unauthenticated malicious users to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file.
Nim-lang Nim-lang
6.8
CVSSv2
CVE-2021-21372
Nimble is a package manager for the Nim programming language. In Nim release version prior to 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list t...
Nim-lang Nim
4.3
CVSSv2
CVE-2021-21373
Nimble is a package manager for the Nim programming language. In Nim release versions prior to 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/package...
Nim-lang Nim
6.8
CVSSv2
CVE-2021-21374
Nimble is a package manager for the Nim programming language. In Nim release versions prior to 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. ...
Nim-lang Nim
7.5
CVSSv2
CVE-2020-15690
In Nim prior to 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.
Nim-lang Nim
5
CVSSv2
CVE-2020-15694
In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length.
Nim-lang Nim
10
CVSSv2
CVE-2020-15692
In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary regist...
Nim-lang Nim
6.4
CVSSv2
CVE-2020-15693
In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call (such as httpClient.get or httpClient.post), the User-Agent header value, or custom HTTP he...
Nim-lang Nim
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started