U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:vim:vim:8.0.1265:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 171 matching records.
Displaying matches 161 through 171.
Vuln ID Summary CVSS Severity
CVE-2021-3974

vim is vulnerable to Use After Free

Published: November 19, 2021; 6:15:07 AM -0500 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-3928

vim is vulnerable to Use of Uninitialized Variable

Published: November 05, 2021; 11:15:08 AM -0400 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2021-3927

vim is vulnerable to Heap-based Buffer Overflow

Published: November 05, 2021; 11:15:08 AM -0400 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-3903

vim is vulnerable to Heap-based Buffer Overflow

Published: October 27, 2021; 5:15:08 PM -0400 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2021-3872

vim is vulnerable to Heap-based Buffer Overflow

Published: October 19, 2021; 9:15:11 AM -0400 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-3875

vim is vulnerable to Heap-based Buffer Overflow

Published: October 15, 2021; 10:15:07 AM -0400 		V4.0:(not available)
 V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-3796

vim is vulnerable to Use After Free

Published: September 15, 2021; 9:15:08 AM -0400 		V4.0:(not available)
 V3.1: 7.3 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-3778

vim is vulnerable to Heap-based Buffer Overflow

Published: September 15, 2021; 4:15:06 AM -0400 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-3770

vim is vulnerable to Heap-based Buffer Overflow

Published: September 06, 2021; 8:15:08 AM -0400 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2019-20807

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).

Published: May 28, 2020; 10:15:11 AM -0400 		V4.0:(not available)
 V3.1: 5.3 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2019-12735

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

Published: June 05, 2019; 10:29:11 AM -0400 		V4.0:(not available)
 V3.0: 8.6 HIGH
V2.0: 9.3 HIGH