Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

vim — Vulnerabilities & Security Advisories 203

Browse all 203 CVE security advisories affecting vim. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Vim is a widely used, open-source text editor primarily designed for efficient code editing and system administration tasks across Unix-like operating systems. Despite its utility, the software has accumulated approximately 200 Common Vulnerabilities and Exposures (CVEs), reflecting its complex codebase and long history. Historically, these security flaws have predominantly involved remote code execution (RCE) and buffer overflow vulnerabilities, often triggered by malformed files or specific command-line arguments. While cross-site scripting is irrelevant to its terminal-based nature, privilege escalation risks have occasionally arisen through improper file permission handling or setuid configurations. Notable incidents include critical RCE flaws in the ex command interpreter and memory corruption issues within the clipboard handling subsystem. These vulnerabilities underscore the importance of keeping the editor updated, as attackers frequently exploit parsing errors to gain unauthorized system access or execute arbitrary code within the user’s environment.

Top products by vim: vim/vim vim
CVE IDTitleCVSSSeverityPublished
CVE-2022-1619 Heap-based Buffer Overflow in function cmdline_erase_chars in vim/vim — vim/vimCWE-122 7.8 -2022-05-08
CVE-2022-1620 NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in vim/vim — vim/vimCWE-476 6.2 -2022-05-08
CVE-2022-1616 Use after free in append_command in vim/vim — vim/vimCWE-416 7.8 -2022-05-07
CVE-2022-1420 Use of Out-of-range Pointer Offset in vim/vim — vim/vimCWE-823 7.8 -2022-04-21
CVE-2022-1381 global heap buffer overflow in skip_range in vim/vim — vim/vimCWE-122 7.8 -2022-04-17
CVE-2022-1154 Use after free in utf_ptr2char in vim/vim — vim/vimCWE-416 7.8 -2022-03-30
CVE-2022-1160 heap buffer overflow in get_one_sourceline in vim/vim — vim/vimCWE-122 7.8 -2022-03-30
CVE-2022-0943 Heap-based Buffer Overflow occurs in vim in vim/vim — vim/vimCWE-122 7.8 -2022-03-14
CVE-2022-0729 Use of Out-of-range Pointer Offset in vim/vim — vim/vimCWE-823 7.8 -2022-02-23
CVE-2022-0714 Heap-based Buffer Overflow in vim/vim — vim/vimCWE-122 7.8 -2022-02-22
CVE-2022-0696 NULL Pointer Dereference in vim/vim — vim/vimCWE-476 5.5 -2022-02-21
CVE-2022-0685 Use of Out-of-range Pointer Offset in vim/vim — vim/vimCWE-823 7.8 -2022-02-20
CVE-2022-0629 Stack-based Buffer Overflow in vim/vim — vim/vimCWE-121 7.8 -2022-02-17
CVE-2022-0572 Heap-based Buffer Overflow in vim/vim — vim/vimCWE-122 7.8 -2022-02-13
CVE-2022-0554 Use of Out-of-range Pointer Offset in vim/vim — vim/vimCWE-823 7.8 -2022-02-10
CVE-2022-0443 Use After Free in vim/vim — vim/vimCWE-416 7.8 -2022-02-02
CVE-2022-0417 Heap-based Buffer Overflow in vim/vim — vim/vimCWE-122 7.8 -2022-02-01
CVE-2022-0407 Heap-based Buffer Overflow in vim/vim — vim/vimCWE-122 7.8 -2022-01-30
CVE-2022-0408 Stack-based Buffer Overflow in vim/vim — vim/vimCWE-121 7.8 -2022-01-30
CVE-2022-0413 Use After Free in vim/vim — vim/vimCWE-416 7.8 -2022-01-30
CVE-2022-0393 Out-of-bounds Read in vim/vim — vim/vimCWE-125 7.8 -2022-01-28
CVE-2022-0392 Heap-based Buffer Overflow in vim/vim — vim/vimCWE-122 7.8 -2022-01-28
CVE-2022-0359 Heap-based Buffer Overflow in vim/vim — vim/vimCWE-122 7.8 -2022-01-26
CVE-2022-0361 Heap-based Buffer Overflow in vim/vim — vim/vimCWE-122 7.8 -2022-01-26
CVE-2022-0368 Out-of-bounds Read in vim/vim — vim/vimCWE-125 7.8 -2022-01-26
CVE-2022-0351 Access of Memory Location Before Start of Buffer in vim/vim — vim/vimCWE-786 7.8 -2022-01-25
CVE-2022-0318 Heap-based Buffer Overflow in vim/vim — vim/vimCWE-122 7.8 -2022-01-21
CVE-2022-0319 Out-of-bounds Read in vim/vim — vim/vimCWE-125 7.1 -2022-01-21
CVE-2022-0261 Heap-based Buffer Overflow in vim/vim — vim/vimCWE-122 7.8 -2022-01-18
CVE-2022-0213 Heap-based Buffer Overflow in vim/vim — vim/vimCWE-122 7.8 -2022-01-14

This page lists every published CVE security advisory associated with vim. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.