Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

vim — Vulnerabilities & Security Advisories 203

Browse all 203 CVE security advisories affecting vim. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Vim is a widely used, open-source text editor primarily designed for efficient code editing and system administration tasks across Unix-like operating systems. Despite its utility, the software has accumulated approximately 200 Common Vulnerabilities and Exposures (CVEs), reflecting its complex codebase and long history. Historically, these security flaws have predominantly involved remote code execution (RCE) and buffer overflow vulnerabilities, often triggered by malformed files or specific command-line arguments. While cross-site scripting is irrelevant to its terminal-based nature, privilege escalation risks have occasionally arisen through improper file permission handling or setuid configurations. Notable incidents include critical RCE flaws in the ex command interpreter and memory corruption issues within the clipboard handling subsystem. These vulnerabilities underscore the importance of keeping the editor updated, as attackers frequently exploit parsing errors to gain unauthorized system access or execute arbitrary code within the user’s environment.

Top products by vim: vim/vim vim
CVE IDTitleCVSSSeverityPublished
CVE-2022-2982 Use After Free in vim/vim — vim/vimCWE-416 7.8 -2022-08-25
CVE-2022-2946 Use After Free in vim/vim — vim/vimCWE-416 7.8 -2022-08-23
CVE-2022-2923 NULL Pointer Dereference in vim/vim — vim/vimCWE-476 5.5 -2022-08-22
CVE-2022-2889 Use After Free in vim/vim — vim/vimCWE-416 7.8 -2022-08-19
CVE-2022-2874 NULL Pointer Dereference in vim/vim — vim/vimCWE-476 5.5 -2022-08-18
CVE-2022-2845 Improper Validation of Specified Quantity in Input in vim/vim — vim/vimCWE-1284 7.8 High2022-08-17
CVE-2022-2849 Heap-based Buffer Overflow in vim/vim — vim/vimCWE-122 7.8 -2022-08-17
CVE-2022-2862 Use After Free in vim/vim — vim/vimCWE-416 7.8 -2022-08-17
CVE-2022-2816 Out-of-bounds Read in vim/vim — vim/vimCWE-125 7.8 -2022-08-15
CVE-2022-2817 Use After Free in vim/vim — vim/vimCWE-416 7.8 -2022-08-15
CVE-2022-2819 Heap-based Buffer Overflow in vim/vim — vim/vimCWE-122 7.8 -2022-08-15
CVE-2022-2581 Out-of-bounds Read in vim/vim — vim/vimCWE-125 7.8 -2022-08-01
CVE-2022-2580 Heap-based Buffer Overflow in vim/vim — vim/vimCWE-122 7.8 -2022-08-01
CVE-2022-2571 Heap-based Buffer Overflow in vim/vim — vim/vimCWE-122 7.8 -2022-08-01
CVE-2022-2598 Out-of-bounds Write to API in vim/vim — vim/vimCWE-787 6.5 Medium2022-08-01
CVE-2022-2522 Heap-based Buffer Overflow in vim/vim — vim/vimCWE-122 7.8 -2022-07-25
CVE-2022-2343 Heap-based Buffer Overflow in vim/vim — vim/vimCWE-122 7.8 -2022-07-08
CVE-2022-2344 Heap-based Buffer Overflow in vim/vim — vim/vimCWE-122 7.8 -2022-07-08
CVE-2022-2345 Use After Free in vim/vim — vim/vimCWE-416 7.8 -2022-07-08
CVE-2022-2304 Stack-based Buffer Overflow in vim/vim — vim/vimCWE-121 7.8 -2022-07-05
CVE-2022-2288 Out-of-bounds Write in vim/vim — vim/vimCWE-787 7.8 -2022-07-03
CVE-2022-2289 Use After Free in vim/vim — vim/vimCWE-416 7.8 -2022-07-03
CVE-2022-2284 Heap-based Buffer Overflow in vim/vim — vim/vimCWE-122 7.8 -2022-07-02
CVE-2022-2285 Integer Overflow or Wraparound in vim/vim — vim/vimCWE-190 7.8 -2022-07-02
CVE-2022-2286 Out-of-bounds Read in vim/vim — vim/vimCWE-125 7.8 -2022-07-02
CVE-2022-2287 Out-of-bounds Read in vim/vim — vim/vimCWE-125 7.8 -2022-07-02
CVE-2022-2264 Heap-based Buffer Overflow in vim/vim — vim/vimCWE-122 7.8 -2022-07-01
CVE-2022-2257 Out-of-bounds Read in vim/vim — vim/vimCWE-125 7.8 -2022-06-30
CVE-2022-2231 NULL Pointer Dereference in vim/vim — vim/vimCWE-476 5.5 -2022-06-28
CVE-2022-2207 Heap-based Buffer Overflow in vim/vim — vim/vimCWE-122 7.8 -2022-06-27

This page lists every published CVE security advisory associated with vim. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.