Vim
By the Year
In 2022 there have been 36 vulnerabilities in Vim with an average score of 7.4 out of ten. Last year Vim had 20 security vulnerabilities published. That is, 16 more vulnerabilities have already been reported in 2022 as compared to last year. Last year, the average CVE base score was greater by 0.09
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2022 | 36 | 7.43 |
| 2021 | 20 | 7.52 |
| 2020 | 1 | 5.30 |
| 2019 | 2 | 8.20 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Vim vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Vim Security Vulnerabilities
Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.
CVE-2022-1735
7.8 - High
- May 17, 2022
Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.
Classic Buffer Overflow
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938
CVE-2022-1674
5.5 - Medium
- May 12, 2022
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.
NULL Pointer Dereference
Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919
CVE-2022-1621
7.8 - High
- May 10, 2022
Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
Memory Corruption
Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925
CVE-2022-1629
7.8 - High
- May 10, 2022
Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution
Out-of-bounds Read
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901
CVE-2022-1620
7.5 - High
- May 08, 2022
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.
NULL Pointer Dereference
Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899
CVE-2022-1619
7.8 - High
- May 08, 2022
Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution
Memory Corruption
Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895
CVE-2022-1616
7.8 - High
- May 07, 2022
Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
Dangling pointer
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.
CVE-2022-1420
5.5 - Medium
- April 21, 2022
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.
Buffer Overflow
global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763
CVE-2022-1381
7.8 - High
- April 18, 2022
global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
Memory Corruption
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
CVE-2022-1160
7.8 - High
- March 30, 2022
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
Heap-based Buffer Overflow
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
CVE-2022-1154
9.8 - Critical
- March 30, 2022
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
Dangling pointer
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.
CVE-2022-0943
7.8 - High
- March 14, 2022
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.
Heap-based Buffer Overflow
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.
CVE-2022-0729
8.8 - High
- February 23, 2022
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.
Buffer Overflow
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
CVE-2022-0714
5.5 - Medium
- February 22, 2022
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
Memory Corruption
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.
CVE-2022-0696
5.5 - Medium
- February 21, 2022
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.
NULL Pointer Dereference
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.
CVE-2022-0685
7.8 - High
- February 20, 2022
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0629
7.8 - High
- February 17, 2022
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Memory Corruption
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0572
7.8 - High
- February 14, 2022
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Memory Corruption
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.
CVE-2022-0554
7.8 - High
- February 10, 2022
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.
Buffer Overflow
Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-0443
7.8 - High
- February 02, 2022
Use After Free in GitHub repository vim/vim prior to 8.2.
Dangling pointer
Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.
CVE-2022-0417
7.8 - High
- February 01, 2022
Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.
Memory Corruption
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0408
7.8 - High
- January 30, 2022
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Stack Overflow
Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-0413
7.8 - High
- January 30, 2022
Use After Free in GitHub repository vim/vim prior to 8.2.
Dangling pointer
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0407
7.8 - High
- January 30, 2022
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow
Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.
CVE-2022-0392
7.8 - High
- January 28, 2022
Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.
Heap-based Buffer Overflow
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-0393
7.1 - High
- January 28, 2022
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
Out-of-bounds Read
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-0368
7.8 - High
- January 26, 2022
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
Out-of-bounds Read
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0361
7.8 - High
- January 26, 2022
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Memory Corruption
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0359
7.8 - High
- January 26, 2022
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Memory Corruption
Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.
CVE-2022-0351
7.8 - High
- January 25, 2022
Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.
Access of Memory Location Before Start of Buffer
Heap-based Buffer Overflow in vim/vim prior to 8.2.
CVE-2022-0318
9.8 - Critical
- January 21, 2022
Heap-based Buffer Overflow in vim/vim prior to 8.2.
Heap-based Buffer Overflow
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0261
7.8 - High
- January 18, 2022
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow
vim is vulnerable to Heap-based Buffer Overflow
CVE-2022-0213
6.6 - Medium
- January 14, 2022
vim is vulnerable to Heap-based Buffer Overflow
Memory Corruption
vim is vulnerable to Use After Free
CVE-2022-0156
5.5 - Medium
- January 10, 2022
vim is vulnerable to Use After Free
Dangling pointer
vim is vulnerable to Heap-based Buffer Overflow
CVE-2022-0158
3.3 - Low
- January 10, 2022
vim is vulnerable to Heap-based Buffer Overflow
Heap-based Buffer Overflow
vim is vulnerable to Out-of-bounds Read
CVE-2022-0128
7.8 - High
- January 06, 2022
vim is vulnerable to Out-of-bounds Read
Out-of-bounds Read
vim is vulnerable to Out-of-bounds Read
CVE-2021-4193
5.5 - Medium
- December 31, 2021
vim is vulnerable to Out-of-bounds Read
Out-of-bounds Read
vim is vulnerable to Use After Free
CVE-2021-4192
7.8 - High
- December 31, 2021
vim is vulnerable to Use After Free
Dangling pointer
vim is vulnerable to Use After Free
CVE-2021-4187
7.8 - High
- December 29, 2021
vim is vulnerable to Use After Free
Dangling pointer
vim is vulnerable to Use After Free
CVE-2021-4173
7.8 - High
- December 27, 2021
vim is vulnerable to Use After Free
Dangling pointer
vim is vulnerable to Out-of-bounds Read
CVE-2021-4166
7.1 - High
- December 25, 2021
vim is vulnerable to Out-of-bounds Read
Out-of-bounds Read
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-4136
7.8 - High
- December 19, 2021
vim is vulnerable to Heap-based Buffer Overflow
Memory Corruption
vim is vulnerable to Use After Free
CVE-2021-4069
7.8 - High
- December 06, 2021
vim is vulnerable to Use After Free
Dangling pointer
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3984
7.8 - High
- December 01, 2021
vim is vulnerable to Heap-based Buffer Overflow
Heap-based Buffer Overflow
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-4019
7.8 - High
- December 01, 2021
vim is vulnerable to Heap-based Buffer Overflow
Memory Corruption
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3968
8 - High
- November 19, 2021
vim is vulnerable to Heap-based Buffer Overflow
Heap-based Buffer Overflow
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3973
7.8 - High
- November 19, 2021
vim is vulnerable to Heap-based Buffer Overflow
Heap-based Buffer Overflow
vim is vulnerable to Use After Free
CVE-2021-3974
7.8 - High
- November 19, 2021
vim is vulnerable to Use After Free
Dangling pointer
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3927
7.8 - High
- November 05, 2021
vim is vulnerable to Heap-based Buffer Overflow
Heap-based Buffer Overflow
vim is vulnerable to Use of Uninitialized Variable
CVE-2021-3928
7.8 - High
- November 05, 2021
vim is vulnerable to Use of Uninitialized Variable
Use of Uninitialized Variable
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3903
7.8 - High
- October 27, 2021
vim is vulnerable to Heap-based Buffer Overflow
Heap-based Buffer Overflow
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3872
7.8 - High
- October 19, 2021
vim is vulnerable to Heap-based Buffer Overflow
Heap-based Buffer Overflow
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3875
5.5 - Medium
- October 15, 2021
vim is vulnerable to Heap-based Buffer Overflow
Heap-based Buffer Overflow
vim is vulnerable to Use After Free
CVE-2021-3796
7.3 - High
- September 15, 2021
vim is vulnerable to Use After Free
Dangling pointer
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3778
7.8 - High
- September 15, 2021
vim is vulnerable to Heap-based Buffer Overflow
Heap-based Buffer Overflow
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3770
7.8 - High
- September 06, 2021
vim is vulnerable to Heap-based Buffer Overflow
Memory Corruption
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g
CVE-2019-20807
5.3 - Medium
- May 28, 2020
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).
Shell injection
The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory.
CVE-2019-20079
7.8 - High
- December 30, 2019
The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory.
Dangling pointer
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6
CVE-2019-12735
8.6 - High
- June 05, 2019
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
Shell injection
fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which
CVE-2017-17087
5.5 - Medium
- December 01, 2017
fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.
Exposure of Resource to Wrong Sphere
