vim security advisories
4 threat alerts tracking vulnerabilities and security advisories that affect vim products.
Vulnios monitors vim CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent vim security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2026-34714 — vim — vim
Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.
criticalCVE-2026-34714Critical Vulnerability: CVE-2017-6350 — vim — vim
An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file,
criticalCVE-2017-6350Critical Vulnerability: CVE-2017-6349 — vim — vim
An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which
criticalCVE-2017-6349Critical Vulnerability: CVE-2017-5953 — vim — vim
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overf
criticalCVE-2017-5953
Track vim exposure across your environment
Vulnios automatically cross-references your asset inventory against new vim CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan