Vulnerabilities > NIM Lang
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-13 | CVE-2021-46872 | Cross-site Scripting vulnerability in Nim-Lang NIM and Nimforum An issue was discovered in Nim before 1.6.2. | 6.1 |
| 2022-02-01 | CVE-2022-23602 | Path Traversal vulnerability in Nim-Lang Docutils and Nimforum Nimforum is a lightweight alternative to Discourse written in Nim. | 8.1 |
| 2021-08-10 | CVE-2020-23171 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Nim-Lang A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file. | 4.3 |
| 2021-05-07 | CVE-2021-29495 | Improper Certificate Validation vulnerability in Nim-Lang NIM Nim is a statically typed compiled systems programming language. | 5.0 |
| 2021-03-26 | CVE-2021-21374 | Improper Certificate Validation vulnerability in Nim-Lang NIM Nimble is a package manager for the Nim programming language. | 6.8 |
| 2021-03-26 | CVE-2021-21373 | Improper Certificate Validation vulnerability in Nim-Lang NIM Nimble is a package manager for the Nim programming language. | 4.3 |
| 2021-03-26 | CVE-2021-21372 | OS Command Injection vulnerability in Nim-Lang NIM Nimble is a package manager for the Nim programming language. | 8.8 |
| 2021-01-30 | CVE-2020-15690 | Injection vulnerability in Nim-Lang NIM 1.2/1.2.2/1.2.4 In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character. | 7.5 |
| 2020-08-14 | CVE-2020-15694 | Improper Input Validation vulnerability in Nim-Lang NIM 1.2/1.2.2/1.2.4 In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. | 5.0 |
| 2020-08-14 | CVE-2020-15693 | Injection vulnerability in Nim-Lang NIM 1.2/1.2.2/1.2.4 In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. | 6.4 |