VYPR

Vim

by Vim

Source repositories

CVEs (257)

  • CVE-2026-55693Jun 26, 2026
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. Prior to 9.2.0653, the tree_count_words() function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure…

  • CVE-2026-57455Jun 26, 2026
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spell_soundfold_sofo() in src/spell.c translates a word through a spell file's SOFO (sound-folding) byte map into a caller-owned result buffer. Its copy loop advances the output index…

  • CVE-2026-55892Jun 26, 2026
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. Prior to 9.2.0662, the dump_prefixes() function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefixes that apply to a word. The counter is bounded only by the trie structure…

  • CVE-2026-57452Jun 26, 2026
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt~04! or VimCrypt~05! method (xchacha20poly1305, requires the +sodium feature) whose body is shorter than a single libsodium secretstream header, an unsigned…

  • CVE-2026-57454Jun 26, 2026
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a…

  • CVE-2026-57453Jun 26, 2026
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry…

  • CVE-2026-33412Mar 24, 2026
    risk 0.00cvss epss 0.01

    Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary…

  • CVE-2026-32249Mar 12, 2026
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\u05bb]), incorrectly emits the composing bytes of that…

  • CVE-2026-28422Feb 27, 2026
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue.

  • CVE-2026-28421Feb 27, 2026
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version…

  • CVE-2026-28420Feb 27, 2026
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the…

  • CVE-2026-28419Feb 27, 2026
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory…

  • CVE-2026-28418Feb 27, 2026
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can be tricked into reading up to 7 bytes beyond the…

  • CVE-2026-28417Feb 27, 2026
    risk 0.00cvss epss 0.01

    Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute…

  • CVE-2026-26269Feb 13, 2026
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The Stack buffer overflow exists…

  • CVE-2025-66476Dec 2, 2025
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a…

  • CVE-2025-55157Aug 11, 2025
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim’s internal tuple reference management. Specifically, the tuple_unref()…

  • CVE-2025-55158Aug 11, 2025
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim’s internal typed value (typval_T) management.…

  • CVE-2025-53905Jul 15, 2025
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction.…

  • CVE-2025-29768Mar 13, 2025
    risk 0.00cvss epss 0.00

    Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been…

Page 3 of 13