Vendor CVEs
Vim
All CVEs
260 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6350 | Cri | 0.64 | 9.8 | 0.03 | Feb 27, 2017 | An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. | ||
| CVE-2017-6349 | Cri | 0.64 | 9.8 | 0.03 | Feb 27, 2017 | An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. | ||
| CVE-2017-5953 | Cri | 0.64 | 9.8 | 0.03 | Feb 10, 2017 | vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. | ||
| CVE-2026-34714 | Cri | 0.53 | 9.2 | 0.01 | Mar 30, 2026 | Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE. | ||
| CVE-2021-4019 | Hig | 0.51 | 7.8 | 0.02 | Dec 1, 2021 | vim is vulnerable to Heap-based Buffer Overflow | ||
| CVE-2017-11109 | Hig | 0.51 | 7.8 | 0.01 | Jul 8, 2017 | Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance. | ||
| CVE-2026-47162 | Hig | 0.50 | 8.8 | 0.00 | Jun 11, 2026 | Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave() in the netrw plugin (runtime/pack/dist/opt/netrw/autoload/netrw.vim) when serializing browsed directory paths to the history file… | ||
| CVE-2026-52859 | Hig | 0.46 | 8.2 | 0.00 | Jun 11, 2026 | Vim is an open source, command line text editor. Prior to version 9.2.0565, the update_snapshot() function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars[] array with no… | ||
| CVE-2026-34982 | Hig | 0.46 | 8.2 | 0.00 | Apr 6, 2026 | Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a… | ||
| CVE-2016-1248 | Hig | 0.46 | 7.8 | 0.25 | Nov 23, 2016 | vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. | ||
| CVE-2026-52860 | Hig | 0.44 | 7.8 | 0.00 | Jun 11, 2026 | Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec() as part of populating the completion dictionary. Python evaluates function default… | ||
| CVE-2026-52858 | Hig | 0.44 | 7.8 | 0.00 | Jun 11, 2026 | Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled (and the legacy pythoncomplete.vim for builds with the +python interpreter) executes the import and… | ||
| CVE-2026-25749 | Med | 0.43 | 6.6 | 0.00 | Feb 6, 2026 | Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When… | ||
| CVE-2026-45130 | Med | 0.36 | 6.6 | 0.00 | May 8, 2026 | Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound… | ||
| CVE-2026-41411 | Med | 0.36 | 6.6 | 0.01 | Apr 24, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and… | ||
| CVE-2017-17087 | Med | 0.36 | 5.5 | 0.00 | Dec 1, 2017 | fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership,… | ||
| CVE-2017-1000382 | Med | 0.36 | 5.5 | 0.00 | Oct 31, 2017 | VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary. | ||
| CVE-2025-9390 | Med | 0.34 | 5.3 | 0.00 | Aug 24, 2025 | A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the… | ||
| CVE-2026-47167 | Med | 0.27 | 5.3 | 0.00 | Jun 11, 2026 | Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch() in the cucumber filetype plugin (runtime/ftplugin/cucumber.vim) on Vim builds with +ruby support. Step-definition patterns read from .rb files under… | ||
| CVE-2026-44656 | Med | 0.27 | 5.3 | 0.01 | May 8, 2026 | Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name… | ||
| CVE-2026-35177 | Med | 0.27 | 4.1 | 0.00 | Apr 6, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed… | ||
| CVE-2026-39881 | Med | 0.26 | 5.0 | 0.01 | Apr 8, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and… | ||
| CVE-2026-42307 | Med | 0.22 | 4.4 | 0.01 | May 8, 2026 | Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the sftp:// or file:// protocol handlers), an attacker… | ||
| CVE-2024-43802 | Med | 0.22 | 4.5 | 0.00 | Aug 26, 2024 | Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off… | ||
| CVE-2024-43374 | Med | 0.22 | 4.5 | 0.00 | Aug 16, 2024 | The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it… | ||
| CVE-2025-9389 | Low | 0.21 | 3.3 | 0.00 | Aug 24, 2025 | A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be… | ||
| CVE-2025-53906 | Med | 0.20 | 4.1 | 0.01 | Jul 15, 2025 | Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction.… | ||
| CVE-2025-22134 | Med | 0.20 | 4.2 | 0.00 | Jan 13, 2025 | When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will… | ||
| CVE-2026-46483 | Low | 0.16 | 3.6 | 0.01 | May 15, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using… | ||
| CVE-2019-12735 | 0.05 | — | 0.19 | Jun 5, 2019 | getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. | |||
| CVE-2008-3076 | 0.04 | — | 0.09 | Feb 21, 2009 | The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test… | |||
| CVE-2008-3432 | 0.04 | — | 0.09 | Oct 10, 2008 | Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case. | |||
| CVE-2008-4101 | 0.04 | — | 0.09 | Sep 18, 2008 | Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by… | |||
| CVE-2008-2712 | 0.04 | — | 0.15 | Jun 16, 2008 | Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and… | |||
| CVE-2001-0409 | 0.03 | — | 0.01 | Jun 18, 2001 | vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory. | |||
| CVE-2025-27423 | 0.02 | — | 0.21 | Mar 3, 2025 | Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor… | |||
| CVE-2022-0572 | 0.02 | — | 0.27 | Feb 13, 2022 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||
| CVE-2022-0714 | 0.01 | — | 0.13 | Feb 22, 2022 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. | |||
| CVE-2010-3914 | 0.01 | — | 0.09 | Nov 3, 2010 | Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL… | |||
| CVE-2026-57456 | 0.00 | — | 0.00 | Jun 26, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion (runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim) executes reconstructed function and class definitions from the current buffer with exec() as part of… | |||
| CVE-2026-57451 | 0.00 | — | 0.00 | Jun 26, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0670, get_text_props() in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textprop_T entries that follow. The only check is a floor that… | |||
| CVE-2026-55895 | 0.00 | — | 0.00 | Jun 26, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile() in the netrw plugin (runtime/pack/dist/opt/netrw/autoload/netrw.vim) when deleting a local file from the browser. A filename derived from… | |||
| CVE-2026-55693 | 0.00 | — | 0.00 | Jun 26, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0653, the tree_count_words() function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure… | |||
| CVE-2026-57455 | 0.00 | — | 0.00 | Jun 26, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spell_soundfold_sofo() in src/spell.c translates a word through a spell file's SOFO (sound-folding) byte map into a caller-owned result buffer. Its copy loop advances the output index… | |||
| CVE-2026-55892 | 0.00 | — | 0.00 | Jun 26, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0662, the dump_prefixes() function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefixes that apply to a word. The counter is bounded only by the trie structure… | |||
| CVE-2026-57452 | 0.00 | — | 0.00 | Jun 26, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt~04! or VimCrypt~05! method (xchacha20poly1305, requires the +sodium feature) whose body is shorter than a single libsodium secretstream header, an unsigned… | |||
| CVE-2026-57454 | 0.00 | — | 0.00 | Jun 26, 2026 | Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a… | |||
| CVE-2026-57453 | 0.00 | — | 0.00 | Jun 26, 2026 | Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry… | |||
| CVE-2026-33412 | 0.00 | — | 0.01 | Mar 24, 2026 | Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary… | |||
| CVE-2026-32249 | 0.00 | — | 0.00 | Mar 12, 2026 | Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\u05bb]), incorrectly emits the composing bytes of that… |
- risk 0.64cvss 9.8epss 0.03
An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
- risk 0.64cvss 9.8epss 0.03
An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
- risk 0.64cvss 9.8epss 0.03
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.
- risk 0.53cvss 9.2epss 0.01
Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.
- risk 0.51cvss 7.8epss 0.02
vim is vulnerable to Heap-based Buffer Overflow
- risk 0.51cvss 7.8epss 0.01
Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.
- risk 0.50cvss 8.8epss 0.00
Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave() in the netrw plugin (runtime/pack/dist/opt/netrw/autoload/netrw.vim) when serializing browsed directory paths to the history file…
- risk 0.46cvss 8.2epss 0.00
Vim is an open source, command line text editor. Prior to version 9.2.0565, the update_snapshot() function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars[] array with no…
- risk 0.46cvss 8.2epss 0.00
Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a…
- risk 0.46cvss 7.8epss 0.25
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
- risk 0.44cvss 7.8epss 0.00
Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec() as part of populating the completion dictionary. Python evaluates function default…
- risk 0.44cvss 7.8epss 0.00
Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled (and the legacy pythoncomplete.vim for builds with the +python interpreter) executes the import and…
- risk 0.43cvss 6.6epss 0.00
Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When…
- risk 0.36cvss 6.6epss 0.00
Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound…
- risk 0.36cvss 6.6epss 0.01
Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and…
- risk 0.36cvss 5.5epss 0.00
fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership,…
- risk 0.36cvss 5.5epss 0.00
VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.
- risk 0.34cvss 5.3epss 0.00
A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the…
- risk 0.27cvss 5.3epss 0.00
Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch() in the cucumber filetype plugin (runtime/ftplugin/cucumber.vim) on Vim builds with +ruby support. Step-definition patterns read from .rb files under…
- risk 0.27cvss 5.3epss 0.01
Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name…
- risk 0.27cvss 4.1epss 0.00
Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed…
- risk 0.26cvss 5.0epss 0.01
Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and…
- risk 0.22cvss 4.4epss 0.01
Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the sftp:// or file:// protocol handlers), an attacker…
- risk 0.22cvss 4.5epss 0.00
Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off…
- risk 0.22cvss 4.5epss 0.00
The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it…
- risk 0.21cvss 3.3epss 0.00
A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be…
- risk 0.20cvss 4.1epss 0.01
Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction.…
- risk 0.20cvss 4.2epss 0.00
When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will…
- risk 0.16cvss 3.6epss 0.01
Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using…
- CVE-2019-12735Jun 5, 2019risk 0.05cvss —epss 0.19
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
- CVE-2008-3076Feb 21, 2009risk 0.04cvss —epss 0.09
The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test…
- CVE-2008-3432Oct 10, 2008risk 0.04cvss —epss 0.09
Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.
- CVE-2008-4101Sep 18, 2008risk 0.04cvss —epss 0.09
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by…
- CVE-2008-2712Jun 16, 2008risk 0.04cvss —epss 0.15
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and…
- CVE-2001-0409Jun 18, 2001risk 0.03cvss —epss 0.01
vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory.
- CVE-2025-27423Mar 3, 2025risk 0.02cvss —epss 0.21
Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor…
- CVE-2022-0572Feb 13, 2022risk 0.02cvss —epss 0.27
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
- CVE-2022-0714Feb 22, 2022risk 0.01cvss —epss 0.13
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
- CVE-2010-3914Nov 3, 2010risk 0.01cvss —epss 0.09
Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL…
- CVE-2026-57456Jun 26, 2026risk 0.00cvss —epss 0.00
Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion (runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim) executes reconstructed function and class definitions from the current buffer with exec() as part of…
- CVE-2026-57451Jun 26, 2026risk 0.00cvss —epss 0.00
Vim is an open source, command line text editor. Prior to 9.2.0670, get_text_props() in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textprop_T entries that follow. The only check is a floor that…
- CVE-2026-55895Jun 26, 2026risk 0.00cvss —epss 0.00
Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile() in the netrw plugin (runtime/pack/dist/opt/netrw/autoload/netrw.vim) when deleting a local file from the browser. A filename derived from…
- CVE-2026-55693Jun 26, 2026risk 0.00cvss —epss 0.00
Vim is an open source, command line text editor. Prior to 9.2.0653, the tree_count_words() function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure…
- CVE-2026-57455Jun 26, 2026risk 0.00cvss —epss 0.00
Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spell_soundfold_sofo() in src/spell.c translates a word through a spell file's SOFO (sound-folding) byte map into a caller-owned result buffer. Its copy loop advances the output index…
- CVE-2026-55892Jun 26, 2026risk 0.00cvss —epss 0.00
Vim is an open source, command line text editor. Prior to 9.2.0662, the dump_prefixes() function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefixes that apply to a word. The counter is bounded only by the trie structure…
- CVE-2026-57452Jun 26, 2026risk 0.00cvss —epss 0.00
Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt~04! or VimCrypt~05! method (xchacha20poly1305, requires the +sodium feature) whose body is shorter than a single libsodium secretstream header, an unsigned…
- CVE-2026-57454Jun 26, 2026risk 0.00cvss —epss 0.00
Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a…
- CVE-2026-57453Jun 26, 2026risk 0.00cvss —epss 0.00
Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry…
- CVE-2026-33412Mar 24, 2026risk 0.00cvss —epss 0.01
Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary…
- CVE-2026-32249Mar 12, 2026risk 0.00cvss —epss 0.00
Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\u05bb]), incorrectly emits the composing bytes of that…
Page 1 of 6