Every CVE whose affected-product data names Nim-lang Nim, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2020-15690 — CVSS 9.8 (critical): In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.
CVE-2020-15692 — CVSS 9.8 (critical): In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file…
CVE-2021-21372 — CVSS 8.3 (high): Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used…
CVE-2021-21374 — CVSS 8.1 (high): Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh"…
CVE-2020-15694 — CVSS 7.5 (high): In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength()…
CVE-2021-21373 — CVSS 7.5 (high): Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh"…
CVE-2020-15693 — CVSS 6.5 (medium): In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the…
CVE-2021-46872 — CVSS 6.1 (medium): An issue was discovered in Nim before 1.6.2. The RST module of the Nim language stdlib, as used in NimForum and other products, permits the…
CVE-2021-29495 — CVSS 5.9 (medium): Nim is a statically typed compiled systems programming language. In Nim standard library before 1.4.2, httpClient SSL/TLS certificate…