vim · threatengine.sh

CVE-2026-45130

< 9.2.0450

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in sr

6.6MEDIUM

CVE-2026-44656

< 9.2.0435

Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's

5.3MEDIUM

CVE-2026-42307

< 9.2.0383

Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the ne

4.4MEDIUM

CVE-2026-41411

< 9.2.0357

Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file pro

6.6MEDIUM

CVE-2026-39881

< 9.2.0316

Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface

5.0MEDIUM

CVE-2026-35177

< 9.2.0280

Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwri

4.1MEDIUM

CVE-2026-34982

< 9.2.0276

Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS c

8.2HIGH

CVE-2026-34714

< 9.2.0272

Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, becau

9.2CRITICAL

CVE-2026-33412

< 9.2.0202

Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob

5.6MEDIUM

CVE-2026-32249

>= 9.1.0011 and < 9.1.0137

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a c

5.3MEDIUM

CVE-2026-28422

< 9.2.0078

Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in build_stl_str_hl()

2.2LOW

CVE-2026-28421

< 9.2.0077

Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (

5.3MEDIUM

CVE-2026-28420

< 9.2.0076

Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bound

4.4MEDIUM

CVE-2026-28419

< 9.2.0075

Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-st

5.3MEDIUM

CVE-2026-28418

< 9.2.0074

Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists

4.4MEDIUM

CVE-2026-28417

< 9.2.0073

Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `n

4.4MEDIUM

CVE-2026-26269

< 9.1.2148

Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans

5.4MEDIUM

CVE-2026-25749

< 9.1.2132

Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's t

6.6MEDIUM

CVE-2025-66476

< 9.1.1947

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows a

7.8HIGH

CVE-2025-9390

>= 9.1.1459 and < 9.1.1616

A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd

5.3MEDIUM

CVE-2025-9389

all versions

A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unal

3.3LOW

CVE-2025-55158

>= 9.1.1231 and < 9.1.1406

Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples durin

8.8HIGH

CVE-2025-55157

>= 9.1.1231 and < 9.1.1400

Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vi

8.8HIGH

CVE-2025-53906

< 9.1.1551

Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can a

4.1MEDIUM

CVE-2025-53905

< 9.1.1552

Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can a

4.1MEDIUM

CVE-2025-29768

< 9.1.1198

Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198.

4.4MEDIUM

CVE-2025-27423

>= 9.1.0858 and < 9.1.1164

Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing

7.1HIGH

CVE-2025-26603

< 9.1.1115

Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the :redir ex com

4.2MEDIUM

CVE-2025-1215

< 9.1.1097

A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src

2.8LOW

CVE-2025-24014

< 9.1.1043

Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e),

4.2MEDIUM

CVE-2025-22134

<= 9.1.1003

When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow,

4.2MEDIUM

CVE-2024-47814

< 9.1.0764

Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a

3.9LOW

CVE-2024-45306

>= 9.1.0038 and < 9.1.0707

Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loo

4.5MEDIUM

CVE-2024-43790

>= 9.1.0425 and < 9.1.0689

Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set

4.5MEDIUM

CVE-2024-43374

< 9.1.0678

The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the

4.5MEDIUM

CVE-2024-41965

< 9.1.0648

Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim

4.2MEDIUM

CVE-2024-41957

< 9.1.0647

Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the cor

4.5MEDIUM

CVE-2024-22667

< 9.0.2142

Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer

7.8HIGH

CVE-2023-48706

< 9.0.2121

Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a :s command for t

3.6LOW

CVE-2023-48237

< 9.0.2112

Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very

2.8LOW

CVE-2023-48236

< 9.0.2111

Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than

2.8LOW

CVE-2023-48235

< 9.0.2110

Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Iron

2.8LOW

CVE-2023-48234

< 9.0.2109

Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large coun

2.8LOW

CVE-2023-48233

< 9.0.2108

Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long va

2.8LOW

CVE-2023-48232

< 9.0.2107

Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong

3.9LOW

CVE-2023-48231

< 9.0.2106

Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Explo

3.9LOW

CVE-2023-46246

< 9.0.2068

Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function ga_grow_inner

4.0MEDIUM

CVE-2023-5535

< 9.0.2010

Use After Free in GitHub repository vim/vim prior to v9.0.2010.

7.8HIGH

CVE-2023-5441

< 9.0.1994

NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.

5.5MEDIUM

CVE-2023-5344

< 9.0.1969

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.

7.5HIGH

CVE-2023-4781

< 9.0.1873

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.

7.8HIGH

CVE-2023-4752

< 9.0.1858

Use After Free in GitHub repository vim/vim prior to 9.0.1858.

7.8HIGH

CVE-2023-4750

< 9.0.1857

Use After Free in GitHub repository vim/vim prior to 9.0.1857.

7.8HIGH

CVE-2023-4733

< 9.0.1840

Use After Free in GitHub repository vim/vim prior to 9.0.1840.

7.8HIGH

CVE-2023-4751

< 9.0.1331

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.

7.8HIGH

CVE-2023-4738

< 9.0.1848

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.

7.8HIGH

CVE-2023-4736

< 9.0.1833

Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.

7.8HIGH

CVE-2023-4735

< 9.0.1847

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.

7.8HIGH

CVE-2023-4734

< 9.0.1846

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.

7.8HIGH

CVE-2021-3236

all versions

vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_

5.5MEDIUM

CVE-2023-3896

all versions

Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3

7.8HIGH

CVE-2020-20703

all versions

Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter.

9.8CRITICAL

CVE-2023-2610

< 9.0.1532

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.

7.8HIGH

CVE-2023-2609

< 9.0.1531

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.

5.5MEDIUM

CVE-2023-2426

< 9.0.1499

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.

5.5MEDIUM

CVE-2023-1355

< 9.0.1402

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.

5.5MEDIUM

CVE-2023-1264

< 9.0.1392

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392.

5.5MEDIUM

CVE-2023-1175

< 9.0.1378

Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.

6.6MEDIUM

CVE-2023-1170

< 9.0.1376

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376.

6.6MEDIUM

CVE-2023-1127

< 9.0.1367

Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.

7.8HIGH

CVE-2023-0512

< 9.0.1247

Divide By Zero in GitHub repository vim/vim prior to 9.0.1247.

7.8HIGH

CVE-2023-0433

< 9.0.1225

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.

7.8HIGH

CVE-2022-47024

>= 8.1.2269 and <= 9.0.0339

A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339

7.8HIGH

CVE-2023-0288

< 9.0.1189

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.

7.8HIGH

CVE-2023-0054

< 9.0.1145

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.

7.8HIGH

CVE-2023-0051

< 9.0.1144

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.

7.8HIGH

CVE-2023-0049

< 9.0.1143

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.

7.8HIGH

CVE-2022-4293

< 9.0.0804

Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.

5.5MEDIUM

CVE-2022-4292

< 9.0.0882

Use After Free in GitHub repository vim/vim prior to 9.0.0882.

7.8HIGH

CVE-2022-3491

< 9.0.0742

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.

7.8HIGH

CVE-2022-3520

< 9.0.0765

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.

9.8CRITICAL

CVE-2022-3591

< 9.0.0789

Use After Free in GitHub repository vim/vim prior to 9.0.0789.

7.8HIGH

CVE-2022-4141

<= 9.0.0946

Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of

7.8HIGH

CVE-2022-3705

< 9.0.0805

A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the fil

5.0MEDIUM

CVE-2022-3352

< 9.0.0614

Use After Free in GitHub repository vim/vim prior to 9.0.0614.

7.8HIGH

CVE-2022-1725

< 8.2.4959

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.

5.5MEDIUM

CVE-2022-3324

< 9.0.0598

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.

7.8HIGH

CVE-2022-3297

< 9.0.0579

Use After Free in GitHub repository vim/vim prior to 9.0.0579.

7.8HIGH

CVE-2022-3296

< 9.0.0577

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.

7.8HIGH

CVE-2022-3278

< 9.0.0552

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.

5.5MEDIUM

CVE-2022-3256

< 9.0.0530

Use After Free in GitHub repository vim/vim prior to 9.0.0530.

7.8HIGH

CVE-2022-3235

< 9.0.0490

Use After Free in GitHub repository vim/vim prior to 9.0.0490.

7.8HIGH

CVE-2022-3234

< 9.0.0483

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.

7.8HIGH

CVE-2022-3153

< 9.0.0404

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.

5.5MEDIUM

CVE-2022-3134

< 9.0.0389

Use After Free in GitHub repository vim/vim prior to 9.0.0389.

7.8HIGH

CVE-2022-3099

< 9.0.0360

Use After Free in GitHub repository vim/vim prior to 9.0.0360.

7.8HIGH

CVE-2022-3037

< 9.0.0322

Use After Free in GitHub repository vim/vim prior to 9.0.0322.

7.8HIGH

CVE-2022-37173

all versions

An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack

7.8HIGH

CVE-2022-3016

< 9.0.0286

Use After Free in GitHub repository vim/vim prior to 9.0.0286.

7.8HIGH

CVE-2022-2982

< 9.0.0260

Use After Free in GitHub repository vim/vim prior to 9.0.0260.

7.8HIGH

CVE-2022-2980

< 9.0.0259

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259.

5.5MEDIUM

CVE-2022-2946

< 9.0.0246

Use After Free in GitHub repository vim/vim prior to 9.0.0246.

7.8HIGH

CVE-2022-2923

< 9.0.0240

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240.

5.5MEDIUM

CVE-2022-2889

< 9.0.0225

Use After Free in GitHub repository vim/vim prior to 9.0.0225.

7.8HIGH

CVE-2022-2874

< 9.0.0224

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224.

5.5MEDIUM

CVE-2022-2862

< 9.0.0221

Use After Free in GitHub repository vim/vim prior to 9.0.0221.

7.8HIGH

CVE-2022-2849

< 9.0.0220

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.

7.8HIGH

CVE-2022-2845

< 9.0.0218

Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.

7.8HIGH

CVE-2022-2817

< 9.0.0213

Use After Free in GitHub repository vim/vim prior to 9.0.0213.

7.8HIGH

CVE-2022-2816

< 9.0.0212

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212.

7.8HIGH

CVE-2022-2819

< 9.0.0211

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211.

7.8HIGH

CVE-2022-2598

< 9.0.0100

Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.

6.5MEDIUM

CVE-2022-2581

< 9.0.0104

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.

7.8HIGH

CVE-2022-2580

< 9.0.0102

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102.

7.8HIGH

CVE-2022-2571

< 9.0.0101

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.

7.8HIGH

CVE-2022-2522

< 9.0.0061

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061.

7.8HIGH

CVE-2022-2345

< 9.0.0046

Use After Free in GitHub repository vim/vim prior to 9.0.0046.

7.8HIGH

CVE-2022-2344

< 9.0.0045

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.

7.8HIGH

CVE-2022-2343

< 9.0.0044

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.

7.8HIGH

CVE-2022-2304

< 9.0.0035

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.

7.8HIGH

CVE-2022-2289

< 9.0.0026

Use After Free in GitHub repository vim/vim prior to 9.0.

7.8HIGH

CVE-2022-2288

< 9.0.0025

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.

7.8HIGH

CVE-2022-2287

< 9.0.0021

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.

7.1HIGH

CVE-2022-2286

< 9.0.0020

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.

7.8HIGH

CVE-2022-2285

< 9.0.0018

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.

7.8HIGH

CVE-2022-2284

< 9.0.0017

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.

7.8HIGH

CVE-2022-2264

< 9.0.0011

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.

7.8HIGH

CVE-2022-2257

< 9.0.0009

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.

7.8HIGH

CVE-2022-2231

< 8.2.5169

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.

5.5MEDIUM

CVE-2022-2210

< 8.2.5164

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-2208

< 8.2.5163

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.

5.5MEDIUM

CVE-2022-2207

< 8.2.5162

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-2206

< 8.2.5160

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-2183

< 8.2.5151

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-2182

< 8.2.5150

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-2175

< 8.2.5148

Buffer Over-read in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-1720

< 8.2.4956

Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crash

7.8HIGH

CVE-2022-2129

< 8.2.5126

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-2126

< 8.2.5123

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-2125

< 8.2.5122

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-2124

< 8.2.5120

Buffer Over-read in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-2042

< 8.2.5072

Use After Free in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-2000

< 8.2.5063

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-1968

< 8.2.5050

Use After Free in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-1942

< 8.2.5043

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-1927

< 8.2.5037

Buffer Over-read in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-1897

< 8.0.5023

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-1898

< 8.2.5024

Use After Free in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-1886

< 8.2.5016

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-1851

< 8.2.5013

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-1796

< 8.2.4979

Use After Free in GitHub repository vim/vim prior to 8.2.4979.

7.8HIGH

CVE-2022-1785

< 8.2.4977

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.

7.8HIGH

CVE-2022-1771

< 8.2.4975

Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.

5.5MEDIUM

CVE-2022-1735

< 8.2.4969

Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.

7.8HIGH

CVE-2022-1769

< 8.2.4974

Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.

7.8HIGH

CVE-2022-1733

< 8.2.4968

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.

7.8HIGH

CVE-2022-1674

< 8.2.4938

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Poin

5.5MEDIUM

CVE-2022-1629

< 8.2.4925

Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of c

7.8HIGH

CVE-2022-1621

< 8.2.4919

Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of cra

7.8HIGH

CVE-2022-1620

< 8.2.4901

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Poin

7.5HIGH

CVE-2022-1619

< 8.2.4899

Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities ar

7.8HIGH

CVE-2022-1616

< 8.2.4895

Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing softwar

7.8HIGH

CVE-2022-1420

< 8.2.4774

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.

5.5MEDIUM

CVE-2022-1381

< 8.2.4763

global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashin

7.8HIGH

CVE-2022-1160

< 8.2.4647

heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.

7.8HIGH

CVE-2022-1154

< 8.2.4646

Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.

7.8HIGH

CVE-2022-0943

< 8.2.4563

Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.

7.8HIGH

CVE-2022-0729

< 8.2.4440

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.

8.8HIGH

CVE-2022-0714

<= 8.2.4436

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.

5.5MEDIUM

CVE-2022-0696

< 8.2.4428

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.

5.5MEDIUM

CVE-2022-0685

< 8.2.4418

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.

7.8HIGH

CVE-2022-0629

< 8.2.4397

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-0572

< 8.2.4359

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-0554

< 8.2.4327

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-0443

< 8.2.4281

Use After Free in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-0417

< 8.2.4245

Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-0413

< 8.2.4253

Use After Free in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-0408

< 8.2.4247

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-0407

< 8.2.4219

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-0393

< 8.2.4233

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

7.1HIGH

CVE-2022-0392

< 8.2.4218

Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.

7.8HIGH

CVE-2022-0368

< 8.2.4217

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-0361

< 8.2.4215

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-0359

< 8.2.4214

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-0351

< 8.2

Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-0319

< 8.2.4154

Out-of-bounds Read in vim/vim prior to 8.2.

5.5MEDIUM

CVE-2022-0318

< 8.2.4151

Heap-based Buffer Overflow in vim/vim prior to 8.2.

9.8CRITICAL

CVE-2022-0261

< 8.2.4120

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

7.8HIGH

CVE-2022-0213

< 8.2

vim is vulnerable to Heap-based Buffer Overflow

6.6MEDIUM

CVE-2022-0158

< 8.2.4049

vim is vulnerable to Heap-based Buffer Overflow

3.3LOW

CVE-2022-0156

< 8.2.4040

vim is vulnerable to Use After Free

5.5MEDIUM

CVE-2022-0128

< 8.2.4009

vim is vulnerable to Out-of-bounds Read

7.8HIGH

CVE-2021-4193

< 8.2.3950

vim is vulnerable to Out-of-bounds Read

5.5MEDIUM

CVE-2021-4192

< 8.2.3949

vim is vulnerable to Use After Free

7.8HIGH

CVE-2021-4187

<= 8.2.3912

vim is vulnerable to Use After Free

7.8HIGH

CVE-2021-4173

< 8.2.3902

vim is vulnerable to Use After Free

7.8HIGH

CVE-2021-4166

< 8.2.3884

vim is vulnerable to Out-of-bounds Read

7.1HIGH

CVE-2021-4136

< 8.2.3847

vim is vulnerable to Heap-based Buffer Overflow

7.8HIGH

CVE-2021-4069

< 8.2.3741

vim is vulnerable to Use After Free

7.8HIGH

CVE-2021-3984

< 8.2.3625

vim is vulnerable to Heap-based Buffer Overflow

7.8HIGH

CVE-2021-4019

< 8.2.3669

vim is vulnerable to Heap-based Buffer Overflow

7.8HIGH

CVE-2021-3973

< 8.2.3611

vim is vulnerable to Heap-based Buffer Overflow

7.8HIGH

CVE-2021-3968

>= 8.2.3430 and < 8.2.3610

vim is vulnerable to Heap-based Buffer Overflow

8.0HIGH

CVE-2021-3974

< 8.2.3612

vim is vulnerable to Use After Free

7.8HIGH

CVE-2021-3928

< 8.2.3582

vim is vulnerable to Use of Uninitialized Variable

7.8HIGH

CVE-2021-3927

< 8.2.3581

vim is vulnerable to Heap-based Buffer Overflow

7.8HIGH

CVE-2021-3903

< 8.2.3564

vim is vulnerable to Heap-based Buffer Overflow

7.8HIGH

CVE-2021-3872

< 8.2.3487

vim is vulnerable to Heap-based Buffer Overflow

7.8HIGH

CVE-2021-3875

< 8.2.3489

vim is vulnerable to Heap-based Buffer Overflow

5.5MEDIUM

CVE-2021-3796

< 8.2.3428

vim is vulnerable to Use After Free

7.3HIGH

CVE-2021-3778

< 8.2.3409

vim is vulnerable to Heap-based Buffer Overflow

7.8HIGH

CVE-2021-3770

< 8.2.3408

vim is vulnerable to Heap-based Buffer Overflow

7.8HIGH

CVE-2021-28832

< 1.19.0

VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configuration.

7.8HIGH

CVE-2019-20807

< 8.1.0881

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (

5.3MEDIUM

CVE-2019-20079

>= 8.1.2121 and < 8.1.2136

The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory.

7.8HIGH

CVE-2019-14957

< 0.52

The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vim_settings.xml file. This xml fil

5.3MEDIUM

CVE-2019-12735

< 8.1.1365

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source!

8.6HIGH

CVE-2017-17087

< 8.0.1263

fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different fr

5.5MEDIUM

CVE-2017-1000382

<= 8.0.1187

VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resultin

5.5MEDIUM

CVE-2017-11109

all versions

Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted sourc

7.8HIGH

CVE-2017-6350

<= 8.0.0377

An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properl

9.8CRITICAL

CVE-2017-6349

<= 8.0.0376

An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly val

9.8CRITICAL

CVE-2017-5953

<= 8.0.0055

vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an int

9.8CRITICAL

CVE-2016-1248

<= 8.0.0055

vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in

7.8HIGH

CVE-2010-3914

<= 7.3.033

Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allow

CVE-2008-6235

all versions

The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharact

CVE-2008-3076

all versions

The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters

CVE-2008-3075

all versions

The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via t

CVE-2008-3074

all versions

The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via t

CVE-2009-0316

<= 7.2

Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute

CVE-2008-4677

all versions

autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 st

CVE-2008-3432

all versions

Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to

CVE-2008-4101

<= 7.2

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitr

CVE-2008-3294

all versions

src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf tempora

CVE-2008-2712

<= 6.4

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do n

CVE-2007-2953

<= 6.4

Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-a

CVE-2007-2438

all versions

The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assiste

CVE-2005-2368

all versions

vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell me

CVE-2005-0069

all versions

The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attac

CVE-2004-1138

all versions

VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that i

CVE-2002-1377

all versions

vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modeline

CVE-2001-0409

all versions

vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, w

CVE-2001-0408

all versions

vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands