Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

vim — Vulnerabilities & Security Advisories 203

Browse all 203 CVE security advisories affecting vim. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Vim is a widely used, open-source text editor primarily designed for efficient code editing and system administration tasks across Unix-like operating systems. Despite its utility, the software has accumulated approximately 200 Common Vulnerabilities and Exposures (CVEs), reflecting its complex codebase and long history. Historically, these security flaws have predominantly involved remote code execution (RCE) and buffer overflow vulnerabilities, often triggered by malformed files or specific command-line arguments. While cross-site scripting is irrelevant to its terminal-based nature, privilege escalation risks have occasionally arisen through improper file permission handling or setuid configurations. Notable incidents include critical RCE flaws in the ex command interpreter and memory corruption issues within the clipboard handling subsystem. These vulnerabilities underscore the importance of keeping the editor updated, as attackers frequently exploit parsing errors to gain unauthorized system access or execute arbitrary code within the user’s environment.

Top products by vim: vim/vim vim
MediumCVE-2026-45302026-05-09
Heap Buffer Overflow in spell file loading affects Vim < 9.2.0450 · Advisory · vim/vim · GitHub
High2026-05-09
patch 9.2.0450: [security]: heap buffer overflow in spellfile.c read_… · vim/vim@9299332 · GitHub
Critical2026-05-09
patch 9.2.0435: [security]: backticks in 'path' may cause shell execu… · vim/vim@190cb3c · GitHub
Medium2026-05-09
OS Command Injection via 'path' completion affects Vim < 9.2.0435 · Advisory · vim/vim · GitHub
High2026-05-09
patch 9.2.0383: [security]: runtime(netrw): shell-injection via sftp:… · vim/vim@405e2fb · GitHub
HighCVE-2017-62812026-04-25
patch 9.2.0357: [security]: command injection via backticks in tag files · vim/vim@c78194e · GitHub
CriticalCVE-2026-398812026-04-09
Ex command injection in Vims NetBeans integration · Advisory · vim/vim · GitHub
High2026-04-07
patch 9.2.0276: [security]: modeline security bypass · vim/vim@75661a6 · GitHub
Unknown2026-04-02
patch 9.2.0272: [security]: 'tabpanel' can be set in a modeline · vim/vim@664701e · GitHub
MediumCVE-2026-284172026-02-28
OS Command Injection in netrw affects Vim < 9.2.0073 · Advisory · vim/vim · GitHub
LowCVE-2026-284222026-02-28
Stack-buffer-overflow in build_stl_str_hl() affects Vim < 9.2.0078 · Advisory · vim/vim · GitHub
MediumCVE-2026-284192026-02-28
Heap-based Buffer Underflow in Emacs tags parsing affects Vim < 9.2.0075 · Advisory · vim/vim · GitHub
MediumCVE-2026-262692026-02-21
NetBeans specialKeys Stack Buffer Overflow with Vim <9.1.2148 · Advisory · vim/vim · GitHub

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with vim. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.