vim

235 tracked vulnerabilities.

CVE-2026-46483 LOW
Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag
May 15, 2026
CVSS 3.6
EPSS 0.00
CVE-2026-45130 MEDIUM
Vim: Heap Buffer Overflow in spell file loading
May 08, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-44656 MEDIUM
Vim path Completion - OS Command Injection
May 08, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-42307 MEDIUM
Vim netrw - OS Command Injection
May 08, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-41411 MEDIUM
Vim < 9.2.0357 - OS Command Injection via Tag File Processing
Apr 24, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-39881 MEDIUM
Vim Ex command injection in Vims NetBeans integration
Apr 08, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-35177 MEDIUM
Vim < 9.2.0280 zip.vim - Path Traversal Arbitrary File Overwrite
Apr 06, 2026
CVSS 4.1
EPSS 0.00
CVE-2026-34982 HIGH
Vim modeline bypass via various options affects Vim < 9.2.0276
Apr 06, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-34714 CRITICAL
Vim < 9.2.0272 - Remote Code Execution via %{expr} Injection in Tabpanel
Mar 30, 2026
CVSS 9.2
EPSS 0.00
CVE-2026-33412 MEDIUM
Vim affected by Command injection via newline in glob()
Mar 24, 2026
CVSS 5.6
EPSS 0.00
CVE-2026-32249 MEDIUM
Vim 9.1.0011-9.2.0137 - Memory Corruption
Mar 12, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-28422 LOW
vim < 9.2.0078 - Stack-based Buffer Overflow in Statusline Rendering
Feb 27, 2026
CVSS 2.2
EPSS 0.00
CVE-2026-28421 MEDIUM
Vim < 9.2.0077 - Heap Buffer Overflow and Denial of Service via Swap File Recovery
Feb 27, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-28420 MEDIUM
Vim < 9.2.0076 - Heap-based Buffer Overflow in Terminal Emulator
Feb 27, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-28419 MEDIUM
vim < 9.2.0075 - Heap-Based Buffer Underflow in Emacs-Style Tags File Parser
Feb 27, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-28418 MEDIUM
Vim < 9.2.0074 - Heap-based Buffer Overflow in Emacs-style Tags File Parser
Feb 27, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-28417 MEDIUM
Vim < 9.2.0073 - OS Command Injection via netrw Plugin SCP URL Handler
Feb 27, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-26269 MEDIUM
Vim < 9.1.2148 - Stack-based Buffer Overflow in NetBeans Special Keys Processing
Feb 13, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-25749 MEDIUM
Vim < 9.1.2132 - Heap-based Buffer Overflow in Tag File Resolution
Feb 06, 2026
CVSS 6.6
EPSS 0.00
CVE-2025-66476 HIGH
Vim < 9.1.1947 - Uncontrolled Search Path Element on Windows via Current Working Directory
Dec 02, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-9390 MEDIUM
vim 9.1.1459-9.1.1615 - Buffer Overflow in xxd
Aug 24, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-9389 LOW
vim 9.1.0000 - Memory Corruption in __memmove_avx_unaligned_erms
Aug 24, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-55158 HIGH
vim 9.1.1231-9.1.1406 - Double Free in Vim9 Script Import Typed Value Handling
Aug 11, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-55157 HIGH
Vim 9.1.1231-9.1.1400 - Use-After-Free in Tuple Reference Management
Aug 11, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-53906 MEDIUM
Vim < 9.1.1551 - Path Traversal and Arbitrary File Write via Zip Archive Processing
Jul 15, 2025
CVSS 4.1
EPSS 0.00
Products
vim 232 gvim 2 Vim 1 netrw 1 tar.vim 1 zipplugin.vim 1
Quick Filters
Critical CVEs With Exploits In CISA KEV