Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

nimiq — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting nimiq. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Nimiq is a blockchain platform focused on enabling peer-to-peer transactions without centralized infrastructure. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for its 16 recorded CVEs. The platform's security characteristics include its lightweight JavaScript-based implementation, though this has also introduced attack surfaces. Notable incidents include multiple RCE vulnerabilities in its node software that allowed attackers to execute arbitrary code, and XSS issues in its web wallet components. These vulnerabilities have primarily stemmed from input validation failures and insecure deserialization, highlighting ongoing challenges in securing decentralized applications.

Top products by nimiq: core-rs-albatross network-libp2p nimiq-transaction nimiq-block nimiq-primitives nimiq-account nimiq-blockchain
High2026-04-23
Fix crash on duplicate discovery substream · nimiq/core-rs-albatross@e0d4e01 · GitHub
High2026-04-23
Fix request/response codec reading entire stream before size validation · nimiq/core-rs-albatross@c021a53 · GitHub
High2026-04-23
Fix peer-triggerable panic during history sync · nimiq/core-rs-albatross@6f55113 · GitHub
High2026-04-23
Fix crash via invalid election macro block validators voting key · nimiq/core-rs-albatross@e10eaeb · GitHub
Critical2026-04-23
Fix underflow panic in vesting and HTLC insufficient funds error path · nimiq/core-rs-albatross@4d01946 · GitHub
High2026-04-23
Fix crash via invalid election macro block validators voting key by jsdanielh · Pull Request #3662 · nimiq/core-rs-albat
HighCVE-2025-340632026-04-23
Peer can crash the node by opening discovery protocol substream twice · Advisory · nimiq/core-rs-albatross · GitHub
Critical2026-04-23
Fix missing proof-of-knowledge validation on voting key update by jsdanielh · Pull Request #3654 · nimiq/core-rs-albatro
Medium2026-04-23
Fix panic on HistoryTreeProof length mismatch · nimiq/core-rs-albatross@6ff0800 · GitHub
Critical2026-04-23
Fix missing proof-of-knowledge validation on voting key update · nimiq/core-rs-albatross@e7f0ab7 · GitHub
MediumCVE-2020-140662026-04-23
Peer-triggerable panic during history sync · Advisory · nimiq/core-rs-albatross · GitHub
LowCVE-2026-345072026-04-23
Panic via `HistoryTreeProof` length mismatch · Advisory · nimiq/core-rs-albatross · GitHub
Critical2026-04-23
Fix quorum bypass via out-of-range BitSet signer indices · nimiq/core-rs-albatross@d020590 · GitHub
CriticalGHSA-6973-8887-87ff2026-04-23
skip block quorum bypass via out-of-range BitSet indices + u16 truncation · Advisory · nimiq/core-rs-albatross · GitHub
HighCVE-2024-108382026-04-18
Fix panic in RequestMacroChain with micro block locator · nimiq/core-rs-albatross@ae6c1e9 · GitHub
High2026-04-18
Fix off-by-one in proposal buffer signer bounds check · nimiq/core-rs-albatross@9199364 · GitHub
Unknown2026-04-04
Fix discovery handler underflow when peer sends limit=0 by jsdanielh · Pull Request #3664 · nimiq/core-rs-albatross · Gi
Unknown2026-04-04
Fix discovery handler underflow when peer sends limit=0 · nimiq/core-rs-albatross@8f60a2d · GitHub
HighCVE-2020-331842026-04-04
Discovery handshake limit could underflow and later provoke a deterministic overflow panic · Advisory · nimiq/core-rs-al

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with nimiq. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.