Vim
by Vim
Source repositories
CVEs (257)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-35177 | Med | 0.27 | 4.1 | 0.00 | Apr 6, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed… | ||
| CVE-2026-39881 | Med | 0.26 | 5.0 | 0.01 | Apr 8, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and… | ||
| CVE-2026-42307 | Med | 0.22 | 4.4 | 0.01 | May 8, 2026 | Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the sftp:// or file:// protocol handlers), an attacker… | ||
| CVE-2024-43802 | Med | 0.22 | 4.5 | 0.00 | Aug 26, 2024 | Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off… | ||
| CVE-2024-43374 | Med | 0.22 | 4.5 | 0.00 | Aug 16, 2024 | The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it… | ||
| CVE-2025-9389 | Low | 0.21 | 3.3 | 0.00 | Aug 24, 2025 | A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be… | ||
| CVE-2025-53906 | Med | 0.20 | 4.1 | 0.01 | Jul 15, 2025 | Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction.… | ||
| CVE-2025-22134 | Med | 0.20 | 4.2 | 0.00 | Jan 13, 2025 | When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will… | ||
| CVE-2026-46483 | Low | 0.16 | 3.6 | 0.01 | May 15, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using… | ||
| CVE-2019-12735 | 0.05 | — | 0.19 | Jun 5, 2019 | getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. | |||
| CVE-2008-3076 | 0.04 | — | 0.09 | Feb 21, 2009 | The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test… | |||
| CVE-2008-3432 | 0.04 | — | 0.09 | Oct 10, 2008 | Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case. | |||
| CVE-2008-4101 | 0.04 | — | 0.09 | Sep 18, 2008 | Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by… | |||
| CVE-2008-2712 | 0.04 | — | 0.15 | Jun 16, 2008 | Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and… | |||
| CVE-2001-0409 | 0.03 | — | 0.01 | Jun 18, 2001 | vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory. | |||
| CVE-2025-27423 | 0.02 | — | 0.21 | Mar 3, 2025 | Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor… | |||
| CVE-2022-0572 | 0.02 | — | 0.27 | Feb 13, 2022 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-0714 | 0.01 | — | 0.13 | Feb 22, 2022 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. | |||
| CVE-2026-57456 | 0.00 | — | 0.00 | Jun 26, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion (runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim) executes reconstructed function and class definitions from the current buffer with exec() as part of… | |||
| CVE-2026-57451 | 0.00 | — | 0.00 | Jun 26, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0670, get_text_props() in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textprop_T entries that follow. The only check is a floor that… |
- risk 0.27cvss 4.1epss 0.00
Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed…
- risk 0.26cvss 5.0epss 0.01
Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and…
- risk 0.22cvss 4.4epss 0.01
Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the sftp:// or file:// protocol handlers), an attacker…
- risk 0.22cvss 4.5epss 0.00
Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off…
- risk 0.22cvss 4.5epss 0.00
The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it…
- risk 0.21cvss 3.3epss 0.00
A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be…
- risk 0.20cvss 4.1epss 0.01
Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction.…
- risk 0.20cvss 4.2epss 0.00
When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will…
- risk 0.16cvss 3.6epss 0.01
Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using…
- CVE-2019-12735Jun 5, 2019risk 0.05cvss —epss 0.19
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
- CVE-2008-3076Feb 21, 2009risk 0.04cvss —epss 0.09
The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test…
- CVE-2008-3432Oct 10, 2008risk 0.04cvss —epss 0.09
Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.
- CVE-2008-4101Sep 18, 2008risk 0.04cvss —epss 0.09
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by…
- CVE-2008-2712Jun 16, 2008risk 0.04cvss —epss 0.15
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and…
- CVE-2001-0409Jun 18, 2001risk 0.03cvss —epss 0.01
vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory.
- CVE-2025-27423Mar 3, 2025risk 0.02cvss —epss 0.21
Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor…
- CVE-2022-0572Feb 13, 2022risk 0.02cvss —epss 0.27
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
- CVE-2022-0714Feb 22, 2022risk 0.01cvss —epss 0.13
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
- CVE-2026-57456Jun 26, 2026risk 0.00cvss —epss 0.00
Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion (runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim) executes reconstructed function and class definitions from the current buffer with exec() as part of…
- CVE-2026-57451Jun 26, 2026risk 0.00cvss —epss 0.00
Vim is an open source, command line text editor. Prior to 9.2.0670, get_text_props() in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textprop_T entries that follow. The only check is a floor that…
Page 2 of 13