Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Vim — Vulnerabilities & Security Advisories 200

Browse all 200 CVE security advisories affecting Vim. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Vim is a widely used, open-source text editor primarily designed for efficient code editing and system administration tasks across Unix-like operating systems. Despite its utility, the software has accumulated approximately 200 Common Vulnerabilities and Exposures (CVEs), reflecting its complex codebase and long history. Historically, these security flaws have predominantly involved remote code execution (RCE) and buffer overflow vulnerabilities, often triggered by malformed files or specific command-line arguments. While cross-site scripting is irrelevant to its terminal-based nature, privilege escalation risks have occasionally arisen through improper file permission handling or setuid configurations. Notable incidents include critical RCE flaws in the ex command interpreter and memory corruption issues within the clipboard handling subsystem. These vulnerabilities underscore the importance of keeping the editor updated, as attackers frequently exploit parsing errors to gain unauthorized system access or execute arbitrary code within the user’s environment.

Top products by Vim: vim/vim vim
CVE IDTitleCVSSSeverityPublished
CVE-2026-41411 Vim: Command injection via backtick expansion in tag filenames — vimCWE-78 6.6 Medium2026-04-24
CVE-2026-39881 Vim Ex command injection in Vims NetBeans integration — vimCWE-94 5.0 Medium2026-04-08
CVE-2026-35177 Path traversal issue with zip.vim in Vim — vimCWE-22 4.1 Medium2026-04-06
CVE-2026-34982 Vim modeline bypass via various options affects Vim < 9.2.0276 — vimCWE-78 8.2 High2026-04-06
CVE-2026-34714 Vim 操作系统命令注入漏洞 — VimCWE-78 9.2 Critical2026-03-30
CVE-2026-33412 Vim affected by Command injection via newline in glob() — vimCWE-78 5.6 Medium2026-03-24
CVE-2026-32249 NFA regex engine NULL pointer dereference affects Vim < 9.2.0137 — vimCWE-476 5.3 Medium2026-03-12
CVE-2026-28422 Vim has stack-buffer-overflow in build_stl_str_hl() — vimCWE-121 2.2 Low2026-02-27
CVE-2026-28421 Vim has a heap-buffer-overflow and a segmentation fault — vimCWE-20 5.3 Medium2026-02-27
CVE-2026-28420 Vim has Heap-based Buffer Overflow and OOB Read in :terminal — vimCWE-122 4.4 Medium2026-02-27
CVE-2026-28419 Vim has Heap-based Buffer Underflow in Emacs tags parsing — vimCWE-124 5.3 Medium2026-02-27
CVE-2026-28418 Vim has Heap-based Buffer Overflow in Emacs tags parsing — vimCWE-122 4.4 Medium2026-02-27
CVE-2026-28417 Vim has OS Command Injection in netrw — vimCWE-86 4.4 Medium2026-02-27
CVE-2026-26269 Vim has a Netbeans specialKeys Stack Buffer Overflow — vimCWE-121 5.4 Medium2026-02-13
CVE-2026-25749 Heap Overflow in Vim — vimCWE-122 6.6 Medium2026-02-06
CVE-2025-66476 Vim for Windows Uncontrolled Search Path Element Remote Code Execution Vulnerability — vimCWE-427 7.8 High2025-12-02
CVE-2025-55157 Vim heap use-after-free vulnerability when processing recursive tuple data types — vimCWE-416 8.8AIHighAI2025-08-11
CVE-2025-55158 Vim double-free vulnerability during Vim9 script import operations — vimCWE-415 7.8AIHighAI2025-08-11
CVE-2025-53906 Vim has path traversal issue with zip.vim and special crafted zip archives — vimCWE-22 4.1 Medium2025-07-15
CVE-2025-53905 Vim has path traversial issue with tar.vim and special crafted tar files — vimCWE-22 4.1 Medium2025-07-15
CVE-2025-29768 Vim vulnerable to potential data loss with zip.vim and special crafted zip files — vimCWE-88 4.4 Medium2025-03-13
CVE-2025-27423 Improper Input Validation in Vim — vimCWE-77 7.1 High2025-03-03
CVE-2025-26603 heap-use-after-free in function str_to_reg in vim/vim — vimCWE-416 4.2 Medium2025-02-18
CVE-2025-24014 segmentation fault in win_line() in Vim < 9.1.1043 — vimCWE-787 4.2 Medium2025-01-20
CVE-2025-22134 heap-buffer-overflow with visual mode in Vim < 9.1.1003 — vimCWE-122 4.2 Medium2025-01-13
CVE-2024-47814 use-after-free when closing buffers in Vim — vimCWE-416 3.9 Low2024-10-07
CVE-2024-45306 heap-buffer-overflow in Vim — vimCWE-122 4.5 Medium2024-09-02
CVE-2024-43802 heap-buffer-overflow in ins_typebuf() in Vim < 9.1.0697 — vimCWE-122 4.5 Medium2024-08-26
CVE-2024-43790 heap-buffer-overflow in do_search() in Vim < 9.1.0689 — vimCWE-122 4.5 Medium2024-08-22
CVE-2024-43374 Vim heap-use-after-free in src/arglist.c:207 — vimCWE-416 4.5 Medium2024-08-15

This page lists every published CVE security advisory associated with Vim. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.