Browse all 4 CVE security advisories affecting nim-lang. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Nim is a compiled systems programming language used for performance-critical applications, game development, and scripting. Historically, vulnerabilities have included remote code execution due to unsafe deserialization, cross-site scripting from improper input handling, and privilege escalation through insecure default permissions. Nim's memory safety features help prevent certain classes of vulnerabilities, but improper use of unsafe Nim constructs can introduce memory corruption issues. While Nim has relatively few CVEs compared to larger ecosystems, developers must still follow secure coding practices, particularly when handling untrusted input or performing system-level operations.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-29495 | Nim stdlib httpClient does not validate peer certificates by default — securityCWE-295 | 5.9 | Medium | 2021-05-07 |
| CVE-2021-21373 | Nimble falls back to insecure http url when fetching packages — securityCWE-348 | 7.5 | High | 2021-03-26 |
| CVE-2021-21374 | Nimble fails to validate certificates due to insecure httpClient defaults — securityCWE-348 | 8.1 | High | 2021-03-26 |
| CVE-2021-21372 | Nimble arbitrary code execution for specially crafted package metadata — securityCWE-20 | 8.3 | High | 2021-03-26 |
This page lists every published CVE security advisory associated with nim-lang. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.