Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

vim — Vulnerabilities & Security Advisories 203

Browse all 203 CVE security advisories affecting vim. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Vim is a widely used, open-source text editor primarily designed for efficient code editing and system administration tasks across Unix-like operating systems. Despite its utility, the software has accumulated approximately 200 Common Vulnerabilities and Exposures (CVEs), reflecting its complex codebase and long history. Historically, these security flaws have predominantly involved remote code execution (RCE) and buffer overflow vulnerabilities, often triggered by malformed files or specific command-line arguments. While cross-site scripting is irrelevant to its terminal-based nature, privilege escalation risks have occasionally arisen through improper file permission handling or setuid configurations. Notable incidents include critical RCE flaws in the ex command interpreter and memory corruption issues within the clipboard handling subsystem. These vulnerabilities underscore the importance of keeping the editor updated, as attackers frequently exploit parsing errors to gain unauthorized system access or execute arbitrary code within the user’s environment.

Found 44 results / 203Clear Filters
Top products by vim: vim/vim vim
CVE IDTitleCVSSSeverityPublished
CVE-2024-43802 heap-buffer-overflow in ins_typebuf() in Vim < 9.1.0697 — vimCWE-122 4.5 Medium2024-08-26
CVE-2024-43790 heap-buffer-overflow in do_search() in Vim < 9.1.0689 — vimCWE-122 4.5 Medium2024-08-22
CVE-2024-43374 Vim heap-use-after-free in src/arglist.c:207 — vimCWE-416 4.5 Medium2024-08-15
CVE-2024-41965 Vim < v9.1.0648 has a double-free in dialog_changed() — vimCWE-416 4.2 Medium2024-08-01
CVE-2024-41957 Vim double free in src/alloc.c:616 — vimCWE-415 4.5 Medium2024-08-01
CVE-2023-48706 Vim has heap-use-after-free at /src/charset.c:1770:12 in skipwhite — vimCWE-416 3.6 Low2023-11-22
CVE-2023-48231 Use-After-Free in win_close() in vim — vimCWE-416 3.9 Low2023-11-16
CVE-2023-48232 Floating point Exception in adjust_plines_for_skipcol() in vim — vimCWE-755 3.9 Low2023-11-16
CVE-2023-48233 overflow with count for :s command in vim — vimCWE-190 2.8 Low2023-11-16
CVE-2023-48234 overflow in nv_z_get_count in vim — vimCWE-190 2.8 Low2023-11-16
CVE-2023-48235 overflow in ex address parsing in vim — vimCWE-190 2.8 Low2023-11-16
CVE-2023-48236 overflow in get_number in vim — vimCWE-190 2.8 Low2023-11-16
CVE-2023-48237 overflow in shift_line in vim — vimCWE-190 2.8 Low2023-11-16
CVE-2023-46246 Integer Overflow in :history command in Vim — vimCWE-416 4.0 Medium2023-10-27

This page lists every published CVE security advisory associated with vim. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.