Vim Security Vulnerabilities and Issues — Vim CVE List

Lucene search

VimVim

212 matches found

CVE•added 2019/06/05 2:29 p.m.•630 views

CVE-2019-12735

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

9.3CVSS7.7AI score0.56629EPSS

CVE•added 2020/05/28 2:15 p.m.•522 views

CVE-2019-20807

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).

5.3CVSS6AI score0.00078EPSS

CVE•added 2023/03/11 10:15 p.m.•441 views

CVE-2023-1355

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.

8.4CVSS6.1AI score0.0003EPSS

CVE•added 2023/03/01 7:15 p.m.•435 views

CVE-2023-1127

Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.

7.8CVSS7.3AI score0.00033EPSS

CVE•added 2023/03/07 10:15 p.m.•434 views

CVE-2023-1264

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392.

6.6CVSS6.4AI score0.00019EPSS

CVE•added 2023/03/04 4:15 p.m.•430 views

CVE-2023-1175

Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.

7.3CVSS7AI score0.00022EPSS

CVE•added 2023/09/04 2:15 p.m.•429 views

CVE-2023-4733

Use After Free in GitHub repository vim/vim prior to 9.0.1840.

7.8CVSS7.4AI score0.00036EPSS

CVE•added 2023/09/02 6:15 p.m.•415 views

CVE-2023-4734

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.

7.8CVSS7.7AI score0.00036EPSS

CVE•added 2023/09/02 8:15 p.m.•411 views

CVE-2023-4738

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.

7.8CVSS7.7AI score0.00041EPSS

CVE•added 2023/09/02 6:15 p.m.•368 views

CVE-2023-4735

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.

7.8CVSS6.2AI score0.00027EPSS

CVE•added 2022/03/30 12:15 p.m.•367 views

CVE-2022-1154

Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.

7.8CVSS8.3AI score0.00419EPSS

CVE•added 2023/05/09 10:15 p.m.•331 views

CVE-2023-2610

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.

7.8CVSS7.6AI score0.00014EPSS

CVE•added 2024/08/16 2:15 a.m.•308 views

CVE-2024-43374

The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers Buf* autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes...

4.7CVSS5AI score0.00025EPSS

CVE•added 2021/10/19 1:15 p.m.•307 views

CVE-2021-3872

vim is vulnerable to Heap-based Buffer Overflow

7.8CVSS7.8AI score0.00146EPSS

CVE•added 2023/05/09 6:15 p.m.•298 views

CVE-2023-2609

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.

7.8CVSS6.5AI score0.00012EPSS

CVE•added 2021/10/27 9:15 p.m.•295 views

CVE-2021-3903

vim is vulnerable to Heap-based Buffer Overflow

7.8CVSS6.4AI score0.00323EPSS

CVE•added 2021/09/15 8:15 a.m.•294 views

CVE-2021-3778

vim is vulnerable to Heap-based Buffer Overflow

7.8CVSS7.8AI score0.00393EPSS

CVE•added 2022/01/30 3:15 p.m.•276 views

CVE-2022-0413

Use After Free in GitHub repository vim/vim prior to 8.2.

8.4CVSS8.9AI score0.0018EPSS

CVE•added 2025/01/20 11:15 p.m.•276 views

CVE-2025-24014

Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui ...

5.5CVSS6.8AI score0.00047EPSS

CVE•added 2022/05/10 2:15 p.m.•275 views

CVE-2022-1621

Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution

7.8CVSS7.9AI score0.00177EPSS

CVE•added 2021/12/01 10:15 a.m.•273 views

CVE-2021-4019

vim is vulnerable to Heap-based Buffer Overflow

7.8CVSS7.4AI score0.00113EPSS

CVE•added 2021/09/15 1:15 p.m.•269 views

CVE-2021-3796

vim is vulnerable to Use After Free

8.2CVSS7.5AI score0.00117EPSS

CVE•added 2021/12/31 3:15 p.m.•268 views

CVE-2021-4192

vim is vulnerable to Use After Free

7.8CVSS7.1AI score0.00329EPSS

CVE•added 2024/10/07 10:15 p.m.•267 views

CVE-2024-47814

Vim is an open source, command line text editor. A use-after-free was found in Vim

4.7CVSS4AI score0.00015EPSS

CVE•added 2023/04/29 10:15 p.m.•266 views

CVE-2023-2426

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.

6.8CVSS6.5AI score0.00012EPSS

CVE•added 2024/08/22 10:15 p.m.•263 views

CVE-2024-43790

Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. Th...

5.5CVSS7.5AI score0.00017EPSS

CVE•added 2021/12/01 11:15 a.m.•261 views

CVE-2021-3984

vim is vulnerable to Heap-based Buffer Overflow

7.8CVSS7.5AI score0.00223EPSS

CVE•added 2024/08/26 7:15 p.m.•260 views

CVE-2024-43802

Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typ...

4.5CVSS4.9AI score0.0005EPSS

CVE•added 2023/01/21 3:15 p.m.•256 views

CVE-2023-0433

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.

7.8CVSS7.8AI score0.00016EPSS

CVE•added 2022/01/21 12:15 p.m.•254 views

CVE-2022-0318

Heap-based Buffer Overflow in vim/vim prior to 8.2.

9.8CVSS8AI score0.00203EPSS

CVE•added 2024/09/02 6:15 p.m.•254 views

CVE-2024-45306

Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end ofa line. Back then we assumed this loop is ...

5.5CVSS4.8AI score0.00095EPSS

CVE•added 2021/12/31 4:15 p.m.•253 views

CVE-2021-4193

vim is vulnerable to Out-of-bounds Read

5.5CVSS7.1AI score0.00325EPSS

CVE•added 2022/04/18 1:15 a.m.•252 views

CVE-2022-1381

global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution

7.8CVSS8AI score0.00065EPSS

CVE•added 2017/12/01 8:29 a.m.•248 views

CVE-2017-17087

fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /...

5.5CVSS5.2AI score0.00059EPSS

CVE•added 2023/01/04 4:15 p.m.•244 views

CVE-2023-0049

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.

7.8CVSS7.4AI score0.00017EPSS

CVE•added 2022/01/30 3:15 p.m.•238 views

CVE-2022-0408

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

8.4CVSS8.2AI score0.00191EPSS

CVE•added 2022/02/22 8:15 p.m.•234 views

CVE-2022-0714

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.