Vim
Products
7- 257 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 1 CVE
- 1 CVE
- 0 CVEs
Recent CVEs
260| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6350 | Cri | 0.64 | 9.8 | 0.03 | Feb 27, 2017 | An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. | ||
| CVE-2017-6349 | Cri | 0.64 | 9.8 | 0.03 | Feb 27, 2017 | An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. | ||
| CVE-2017-5953 | Cri | 0.64 | 9.8 | 0.03 | Feb 10, 2017 | vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. | ||
| CVE-2026-34714 | Cri | 0.53 | 9.2 | 0.01 | Mar 30, 2026 | Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE. | ||
| CVE-2021-4019 | Hig | 0.51 | 7.8 | 0.02 | Dec 1, 2021 | vim is vulnerable to Heap-based Buffer Overflow | ||
| CVE-2017-11109 | Hig | 0.51 | 7.8 | 0.01 | Jul 8, 2017 | Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance. | ||
| CVE-2026-47162 | Hig | 0.50 | 8.8 | 0.00 | Jun 11, 2026 | Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave() in the netrw plugin (runtime/pack/dist/opt/netrw/autoload/netrw.vim) when serializing browsed directory paths to the history file… | ||
| CVE-2026-52859 | Hig | 0.46 | 8.2 | 0.00 | Jun 11, 2026 | Vim is an open source, command line text editor. Prior to version 9.2.0565, the update_snapshot() function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars[] array with no… | ||
| CVE-2026-34982 | Hig | 0.46 | 8.2 | 0.00 | Apr 6, 2026 | Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a… | ||
| CVE-2016-1248 | Hig | 0.46 | 7.8 | 0.25 | Nov 23, 2016 | vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. | ||
| CVE-2026-52860 | Hig | 0.44 | 7.8 | 0.00 | Jun 11, 2026 | Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec() as part of populating the completion dictionary. Python evaluates function default… | ||
| CVE-2026-52858 | Hig | 0.44 | 7.8 | 0.00 | Jun 11, 2026 | Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled (and the legacy pythoncomplete.vim for builds with the +python interpreter) executes the import and… | ||
| CVE-2026-25749 | Med | 0.43 | 6.6 | 0.00 | Feb 6, 2026 | Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When… | ||
| CVE-2026-45130 | Med | 0.36 | 6.6 | 0.00 | May 8, 2026 | Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound… | ||
| CVE-2026-41411 | Med | 0.36 | 6.6 | 0.01 | Apr 24, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and… | ||
| CVE-2017-17087 | Med | 0.36 | 5.5 | 0.00 | Dec 1, 2017 | fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership,… | ||
| CVE-2017-1000382 | Med | 0.36 | 5.5 | 0.00 | Oct 31, 2017 | VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary. | ||
| CVE-2025-9390 | Med | 0.34 | 5.3 | 0.00 | Aug 24, 2025 | A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the… | ||
| CVE-2026-47167 | Med | 0.27 | 5.3 | 0.00 | Jun 11, 2026 | Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch() in the cucumber filetype plugin (runtime/ftplugin/cucumber.vim) on Vim builds with +ruby support. Step-definition patterns read from .rb files under… | ||
| CVE-2026-44656 | Med | 0.27 | 5.3 | 0.01 | May 8, 2026 | Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name… |
- risk 0.64cvss 9.8epss 0.03
An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
- risk 0.64cvss 9.8epss 0.03
An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
- risk 0.64cvss 9.8epss 0.03
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.
- risk 0.53cvss 9.2epss 0.01
Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.
- risk 0.51cvss 7.8epss 0.02
vim is vulnerable to Heap-based Buffer Overflow
- risk 0.51cvss 7.8epss 0.01
Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.
- risk 0.50cvss 8.8epss 0.00
Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave() in the netrw plugin (runtime/pack/dist/opt/netrw/autoload/netrw.vim) when serializing browsed directory paths to the history file…
- risk 0.46cvss 8.2epss 0.00
Vim is an open source, command line text editor. Prior to version 9.2.0565, the update_snapshot() function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars[] array with no…
- risk 0.46cvss 8.2epss 0.00
Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a…
- risk 0.46cvss 7.8epss 0.25
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
- risk 0.44cvss 7.8epss 0.00
Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec() as part of populating the completion dictionary. Python evaluates function default…
- risk 0.44cvss 7.8epss 0.00
Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled (and the legacy pythoncomplete.vim for builds with the +python interpreter) executes the import and…
- risk 0.43cvss 6.6epss 0.00
Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When…
- risk 0.36cvss 6.6epss 0.00
Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound…
- risk 0.36cvss 6.6epss 0.01
Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and…
- risk 0.36cvss 5.5epss 0.00
fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership,…
- risk 0.36cvss 5.5epss 0.00
VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.
- risk 0.34cvss 5.3epss 0.00
A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the…
- risk 0.27cvss 5.3epss 0.00
Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch() in the cucumber filetype plugin (runtime/ftplugin/cucumber.vim) on Vim builds with +ruby support. Step-definition patterns read from .rb files under…
- risk 0.27cvss 5.3epss 0.01
Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name…