Vim
This hub aggregates every CVE we track for Vim, a product in the consumer software space. Use it to gauge the current risk picture and drill into individual advisories.
247
CVEs tracked
14
Critical
148
High
0
In CISA KEV
Severity distribution
HIGH148MEDIUM69LOW16CRITICAL14
Monthly trend
0
5
1
1
0
0
2
2
2
0
0
0
2
4
0
0
0
1
0
8
3
4
4
5
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Vim.
- CVE-2026-52860Vim: Arbitrary Code Execution via Python Omni-Completion7.8
- CVE-2026-52859Vim: Out-of-bounds Read in Terminal Screen Snapshot8.2
- CVE-2026-52858Vim: Arbitrary Code Execution via Python Omni-Completion7.8
- CVE-2026-47162Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name8.8
- CVE-2026-47167Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex5.3
- CVE-2026-46483Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag3.6
- CVE-2026-45130Vim: Heap Buffer Overflow in spell file loading6.6
- CVE-2026-44656Vim: OS Command Injection via 'path' completion5.3
- CVE-2026-42307Vim: OS Command Injection in netrw4.4
- CVE-2026-41411Vim: Command injection via backtick expansion in tag filenames6.6
- CVE-2026-39881Vim Ex command injection in Vims NetBeans integration5.0
- CVE-2026-35177Path traversal issue with zip.vim in Vim4.1
- CVE-2026-34982Vim modeline bypass via various options affects Vim < 9.2.02768.2
- CVE-2026-34714Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.9.2
- CVE-2026-33412Vim affected by Command injection via newline in glob()5.6
Product normalization is registry-driven with AI assist and human review. How it works