CVE Tools

vim

Consumer Softwareoss-project

179

Cumulative CVEs

24

Monthly snapshots

#30

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting vim.

CVE-2026-52860Vim: Arbitrary Code Execution via Python Omni-Completion7.8Jun 11, 2026
CVE-2026-52859Vim: Out-of-bounds Read in Terminal Screen Snapshot8.2Jun 11, 2026
CVE-2026-52858Vim: Arbitrary Code Execution via Python Omni-Completion7.8Jun 11, 2026
CVE-2026-47162Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name8.8Jun 11, 2026
CVE-2026-47167Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex5.3Jun 11, 2026
CVE-2026-46483Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag3.6May 15, 2026
CVE-2026-45130Vim: Heap Buffer Overflow in spell file loading6.6May 8, 2026
CVE-2026-44656Vim: OS Command Injection via 'path' completion5.3May 8, 2026
CVE-2026-42307Vim: OS Command Injection in netrw4.4May 8, 2026
CVE-2026-41411Vim: Command injection via backtick expansion in tag filenames6.6Apr 24, 2026
CVE-2026-39881Vim Ex command injection in Vims NetBeans integration5.0Apr 8, 2026
CVE-2026-35177Path traversal issue with zip.vim in Vim4.1Apr 6, 2026
CVE-2026-34982Vim modeline bypass via various options affects Vim < 9.2.02768.2Apr 6, 2026
CVE-2026-34714Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.9.2Mar 30, 2026
CVE-2026-33412Vim affected by Command injection via newline in glob()5.6Mar 24, 2026