Vim Vim

Do you want an email whenever new security vulnerabilities are reported in Vim?

By the Year

In 2021 there have been 5 vulnerabilities in Vim with an average score of 7.2 out of ten. Last year Vim had 1 security vulnerability published. That is, 4 more vulnerabilities have already been reported in 2021 as compared to last year. However, the average CVE base score of the vulnerabilities in 2021 is greater by 1.94.

Year Vulnerabilities Average Score
2021 5 7.24
2020 1 5.30
2019 2 8.20
2018 0 0.00

It may take a day or so for new Vim vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Vim Security Vulnerabilities

vim is vulnerable to Heap-based Buffer Overflow

CVE-2021-3872 7.8 - High - October 19, 2021

vim is vulnerable to Heap-based Buffer Overflow

Heap-based Buffer Overflow

vim is vulnerable to Heap-based Buffer Overflow

CVE-2021-3875 5.5 - Medium - October 15, 2021

vim is vulnerable to Heap-based Buffer Overflow

Memory Corruption

vim is vulnerable to Use After Free

CVE-2021-3796 7.3 - High - September 15, 2021

vim is vulnerable to Use After Free

Dangling pointer

vim is vulnerable to Heap-based Buffer Overflow

CVE-2021-3778 7.8 - High - September 15, 2021

vim is vulnerable to Heap-based Buffer Overflow

Heap-based Buffer Overflow

vim is vulnerable to Heap-based Buffer Overflow

CVE-2021-3770 7.8 - High - September 06, 2021

vim is vulnerable to Heap-based Buffer Overflow

Memory Corruption

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g

CVE-2019-20807 5.3 - Medium - May 28, 2020

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).

Shell injection

The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory.

CVE-2019-20079 7.8 - High - December 30, 2019

The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory.

Dangling pointer

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6

CVE-2019-12735 8.6 - High - June 05, 2019

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

Shell injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Vim or by Vim? Click the Watch button to subscribe.

Vim
Vendor

Vim
Product

subscribe