Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how vim compares to other vendors in security performance

View Risk Score →

vim VimVim: Arbitrary Code Execution via Python Omni-Completion

Risk 73
Severity
7.5
First published (updated )
CVE-2026-52860

vim VimVim: Out-of-bounds Read in Terminal Screen Snapshot

Risk 41
Severity
6.9
First published (updated )
CVE-2026-52859

vim VimVim: Arbitrary Code Execution via Python Omni-Completion

Risk 69
Severity
7.3
First published (updated )
CVE-2026-52858

vim VimVim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name

Risk 77
Severity
7.3
First published (updated )
CVE-2026-47162

vim VimVim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex

Risk 40
Severity
5.1
First published (updated )
CVE-2026-47167
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

oss-sec[vim-security] Arbitrary Code Execution via Python Omni-Completion in Vim < 9.2.597

First published (updated )
https://seclists.org/oss-sec/2026/q2/818

oss-sec[vim-security] Out-of-bounds ad in Terminal Scen Snapshot in Vim < 9.2.565

First published (updated )
https://seclists.org/oss-sec/2026/q2/735

oss-sec[vim-security] Arbitrary Code Execution via Python Omni-Completion in Vim < 9.2.561

First published (updated )
https://seclists.org/oss-sec/2026/q2/730

oss-sec[vim-security] Arbitrary Code Execution via Python Omni-Completion in Vim < 9.2.561

First published (updated )
https://seclists.org/oss-sec/2026/q2/729

oss-sec[vim-security] Multiple Memory Safety Issues in Vim Spell File Parser affects Vim < 9.2.0513

First published (updated )
https://seclists.org/oss-sec/2026/q2/670
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

oss-sec[vim-security] Vimscript Code Injection in cucumber filetype plugin via crafted step-definition gex affects Vim < 9.2.0496

First published (updated )
https://seclists.org/oss-sec/2026/q2/567

oss-sec[vim-security] Vimscript Code Injection in netrw NetrwBookHistSave() via crafted dictory name affects Vim < 9.2.495

First published (updated )
https://seclists.org/oss-sec/2026/q2/566

vim VimVim: Command injection in tar#Vimuntar via missing shellescape {special} flag

Risk 62
Severity
7
First published (updated )
CVE-2026-46483

oss-sec[vim-security] Vimscript Code Injection in netrw NetrwMarkFile() via crafted filename affects Vim < 9.2.480

First published (updated )
https://seclists.org/oss-sec/2026/q2/527

oss-sec[vim-security] Command Injection in tar.vim affects Vim < 9.2.479

First published (updated )
https://seclists.org/oss-sec/2026/q2/526
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

oss-sec[vim-security] Heap Buffer Overflow in spell file loading affects Vim < 9.2.0450

First published (updated )
https://seclists.org/oss-sec/2026/q2/523

vim VimVim: Heap Buffer Overflow in spell file loading

Risk 52
Severity
6.6
First published (updated )
CVE-2026-45130

vim VimVim: OS Command Injection via 'path' completion

Risk 38
Severity
4.6
First published (updated )
CVE-2026-44656

vim VimVim: OS Command Injection in netrw

Risk 28
Severity
4.4
First published (updated )
CVE-2026-42307

oss-sec[vim-security] Heap Buffer Overflow in spell file loading affects Vim < 9.2.0450

First published (updated )
https://seclists.org/oss-sec/2026/q2/431
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

oss-sec[vim-security] OS Command Injection via 'path' completion affects Vim < 9.2.0435

First published (updated )
https://seclists.org/oss-sec/2026/q2/366

vim VimVim: Command injection via backtick expansion in tag filenames

Risk 49
Severity
6.6
First published (updated )
CVE-2026-41411

oss-sec[vim-security] OS Command Injection in netrw affects Vim < 9.2.0383

First published (updated )
https://seclists.org/oss-sec/2026/q2/203

oss-sec[vim-security] Command injection via backtick expansion in tag filenames in Vim < v9.2.0357

First published (updated )
https://seclists.org/oss-sec/2026/q2/140

Microsoft azl3 vim 9.2.0240-1Vim Ex command injection in Vims NetBeans integration

Risk 68
Severity
7.8
First published (updated )
CVE-2026-39881
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

oss-sec[vim-security] Netbeans command injection in Vim < v9.2.0316

First published (updated )
https://seclists.org/oss-sec/2026/q2/38

vim VimPath Traversal

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2455542

Microsoft azl3 vim 9.2.0240-1Path traversal issue with zip.vim in Vim

Risk 51
Severity
7.1
First published (updated )
CVE-2026-35177

vim VimVim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypas…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2455400

Microsoft azl3 vim 9.2.0240-1Vim modeline bypass via various options affects Vim < 9.2.0276

Risk 62
Severity
8.2
First published (updated )
CVE-2026-34982
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203