VYPR

Vendor CVEs

Vim

All CVEs

260 total · sorted by risk
  • CVE-2017-6350CriFeb 27, 2017
    risk 0.64cvss 9.8epss 0.03

    An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.

  • CVE-2017-6349CriFeb 27, 2017
    risk 0.64cvss 9.8epss 0.03

    An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.

  • CVE-2017-5953CriFeb 10, 2017
    risk 0.64cvss 9.8epss 0.03

    vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.

  • CVE-2026-34714CriMar 30, 2026
    risk 0.53cvss 9.2epss 0.01

    Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.

  • CVE-2021-4019HigDec 1, 2021
    risk 0.51cvss 7.8epss 0.02

    vim is vulnerable to Heap-based Buffer Overflow

  • CVE-2017-11109HigJul 8, 2017
    risk 0.51cvss 7.8epss 0.01

    Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.

  • CVE-2026-47162HigJun 11, 2026
    risk 0.50cvss 8.8epss 0.00

    Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave() in the netrw plugin (runtime/pack/dist/opt/netrw/autoload/netrw.vim) when serializing browsed directory paths to the history file…

  • CVE-2026-52859HigJun 11, 2026
    risk 0.46cvss 8.2epss 0.00

    Vim is an open source, command line text editor. Prior to version 9.2.0565, the update_snapshot() function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars[] array with no…

  • CVE-2026-34982HigApr 6, 2026
    risk 0.46cvss 8.2epss 0.00

    Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a…

  • CVE-2016-1248HigNov 23, 2016
    risk 0.46cvss 7.8epss 0.25

    vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.

  • CVE-2026-52860HigJun 11, 2026
    risk 0.44cvss 7.8epss 0.00

    Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec() as part of populating the completion dictionary. Python evaluates function default…

  • CVE-2026-52858HigJun 11, 2026
    risk 0.44cvss 7.8epss 0.00

    Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled (and the legacy pythoncomplete.vim for builds with the +python interpreter) executes the import and…

  • CVE-2026-25749MedFeb 6, 2026
    risk 0.43cvss 6.6epss 0.00

    Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When…

  • CVE-2026-45130MedMay 8, 2026
    risk 0.36cvss 6.6epss 0.00

    Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound…

  • CVE-2026-41411MedApr 24, 2026
    risk 0.36cvss 6.6epss 0.01

    Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and…

  • CVE-2017-17087MedDec 1, 2017
    risk 0.36cvss 5.5epss 0.00

    fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership,…

  • CVE-2017-1000382MedOct 31, 2017
    risk 0.36cvss 5.5epss 0.00

    VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.

  • CVE-2025-9390MedAug 24, 2025
    risk 0.34cvss 5.3epss 0.00

    A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the…

  • CVE-2026-47167MedJun 11, 2026
    risk 0.27cvss 5.3epss 0.00

    Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch() in the cucumber filetype plugin (runtime/ftplugin/cucumber.vim) on Vim builds with +ruby support. Step-definition patterns read from .rb files under…

  • CVE-2026-44656MedMay 8, 2026
    risk 0.27cvss 5.3epss 0.01

    Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name…

  • CVE-2026-35177MedApr 6, 2026
    risk 0.27cvss 4.1epss 0.00

    Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed…

  • CVE-2026-39881MedApr 8, 2026
    risk 0.26cvss 5.0epss 0.01

    Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and…

  • CVE-2026-42307MedMay 8, 2026
    risk 0.22cvss 4.4epss 0.01

    Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the sftp:// or file:// protocol handlers), an attacker…

  • CVE-2024-43802MedAug 26, 2024
    risk 0.22cvss 4.5epss 0.00

    Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off…

  • CVE-2024-43374MedAug 16, 2024
    risk 0.22cvss 4.5epss 0.00

    The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it…

  • CVE-2025-9389LowAug 24, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be…

  • CVE-2025-53906MedJul 15, 2025
    risk 0.20cvss 4.1epss 0.01

    Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction.…

  • CVE-2025-22134MedJan 13, 2025
    risk 0.20cvss 4.2epss 0.00

    When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will…

  • CVE-2026-46483LowMay 15, 2026
    risk 0.16cvss 3.6epss 0.01

    Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using…

  • CVE-2019-12735Jun 5, 2019
    risk 0.05cvss epss 0.19

    getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

  • CVE-2008-3076Feb 21, 2009
    risk 0.04cvss epss 0.09

    The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test…

  • CVE-2008-3432Oct 10, 2008
    risk 0.04cvss epss 0.09

    Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.

  • CVE-2008-4101Sep 18, 2008
    risk 0.04cvss epss 0.09

    Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by…

  • CVE-2008-2712Jun 16, 2008
    risk 0.04cvss epss 0.15

    Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and…

  • CVE-2001-0409Jun 18, 2001
    risk 0.03cvss epss 0.01

    vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory.

  • CVE-2025-27423Mar 3, 2025
    risk 0.02cvss epss 0.21

    Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor…

  • CVE-2022-0572Feb 13, 2022
    risk 0.02cvss epss 0.27

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

  • CVE-2022-0714Feb 22, 2022
    risk 0.01cvss epss 0.13

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.

  • CVE-2010-3914Nov 3, 2010
    risk 0.01cvss epss 0.09

    Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL…

  • CVE-2026-57456Jun 26, 2026
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion (runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim) executes reconstructed function and class definitions from the current buffer with exec() as part of…

  • CVE-2026-57451Jun 26, 2026
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. Prior to 9.2.0670, get_text_props() in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textprop_T entries that follow. The only check is a floor that…

  • CVE-2026-55895Jun 26, 2026
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile() in the netrw plugin (runtime/pack/dist/opt/netrw/autoload/netrw.vim) when deleting a local file from the browser. A filename derived from…

  • CVE-2026-55693Jun 26, 2026
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. Prior to 9.2.0653, the tree_count_words() function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure…

  • CVE-2026-57455Jun 26, 2026
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spell_soundfold_sofo() in src/spell.c translates a word through a spell file's SOFO (sound-folding) byte map into a caller-owned result buffer. Its copy loop advances the output index…

  • CVE-2026-55892Jun 26, 2026
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. Prior to 9.2.0662, the dump_prefixes() function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefixes that apply to a word. The counter is bounded only by the trie structure…

  • CVE-2026-57452Jun 26, 2026
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt~04! or VimCrypt~05! method (xchacha20poly1305, requires the +sodium feature) whose body is shorter than a single libsodium secretstream header, an unsigned…

  • CVE-2026-57454Jun 26, 2026
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a…

  • CVE-2026-57453Jun 26, 2026
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry…

  • CVE-2026-33412Mar 24, 2026
    risk 0.00cvss epss 0.01

    Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary…

  • CVE-2026-32249Mar 12, 2026
    risk 0.00cvss epss 0.00

    Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\u05bb]), incorrectly emits the composing bytes of that…

Page 1 of 6