Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

nimiq — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting nimiq. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Nimiq is a blockchain platform focused on enabling peer-to-peer transactions without centralized infrastructure. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for its 16 recorded CVEs. The platform's security characteristics include its lightweight JavaScript-based implementation, though this has also introduced attack surfaces. Notable incidents include multiple RCE vulnerabilities in its node software that allowed attackers to execute arbitrary code, and XSS issues in its web wallet components. These vulnerabilities have primarily stemmed from input validation failures and insecure deserialization, highlighting ongoing challenges in securing decentralized applications.

Top products by nimiq: core-rs-albatross network-libp2p nimiq-transaction nimiq-block nimiq-primitives nimiq-account nimiq-blockchain
CVE IDTitleCVSSSeverityPublished
CVE-2026-34068 nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge — nimiq-transactionCWE-347 6.8 Medium2026-04-22
CVE-2026-34067 nimiq-transaction vulnerable to panic via `HistoryTreeProof` length mismatch — nimiq-transactionCWE-617 3.1 Low2026-04-22
CVE-2026-34066 nimiq-blockchain: Peer-triggerable panic during history sync — nimiq-blockchainCWE-20 5.3 Medium2026-04-22
CVE-2026-34065 nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals — nimiq-primitivesCWE-252 7.5 High2026-04-22
CVE-2026-34064 nimiq-account: Vesting insufficient funds error can panic — nimiq-accountCWE-191 5.3 Medium2026-04-22
CVE-2026-34063 network-libp2p: Peer can crash the node by opening discovery protocol substream twice — network-libp2pCWE-617 7.5 High2026-04-22
CVE-2026-34062 Nimiq has Allocation of Resources Without Limits or Throttling in its libp2p request/response — network-libp2pCWE-770 5.3 Medium2026-04-22
CVE-2026-33471 nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation — nimiq-blockCWE-20 9.6 Critical2026-04-22
CVE-2026-34069 nimiq-consensus panics via RequestMacroChain micro-block locator — core-rs-albatrossCWE-617 5.3 Medium2026-04-13
CVE-2026-32605 Nimiq: Remote crash via off-by-one signer bounds check in proposal buffer — core-rs-albatrossCWE-125 7.5 High2026-04-13
CVE-2026-40093 nimiq-blockchain is missing a wall-clock upper bound on block timestamps — core-rs-albatrossCWE-1284 8.1 High2026-04-09
CVE-2026-35468 nimiq/core-rs-albatross: Panic in history index request handlers when a full node runs without the history index — core-rs-albatrossCWE-252 5.3 Medium2026-04-03
CVE-2026-33184 nimiq/core-rs-albatross: Discovery handshake limit could underflow and later provoke a deterministic overflow panic — core-rs-albatrossCWE-191 7.5 High2026-04-03
CVE-2026-34061 nimiq/core-rs-albatross: Macro block proposal interlink bug — core-rs-albatrossCWE-345 4.9 Medium2026-04-03
CVE-2026-28402 nimiq/core-rs-albatross's nimiq-blockchain missing proposal body root verification — core-rs-albatrossCWE-354 7.1 High2026-02-27
CVE-2025-47270 nimiq-network-libp2p Uncontrolled Resource Consumption vulnerability — core-rs-albatrossCWE-400 7.5 High2025-05-12

This page lists every published CVE security advisory associated with nimiq. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.