Neovim vulnerabilities
5 known vulnerabilities affecting neovim/neovim.
Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2019-12735P2HIGHCVSS 8.6PoCfixed in 0.3.62019-06-05
CVE-2019-12735 [HIGH] CWE-78 CVE-2019-12735: getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrar
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
nvdosv
CVE-2026-25749P4MEDIUMCVSS 6.6≤ 0.11.62026-02-06
CVE-2026-25749 [MEDIUM] CWE-122 CVE-2026-25749: Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow v
Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When processing help file tags, Vim copies the user-controlled 'helpfile' option va
nvd
CVE-2025-22134P4MEDIUMCVSS 5.5≤ 0.10.42025-01-13
CVE-2025-22134 [MEDIUM] CWE-122 CVE-2025-22134: When switching to other buffers using the :all command and visual mode still being active, this may
When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and th
nvd
CVE-2026-45130P4MEDIUMCVSS 5.5≤ 0.12.22026-05-08
CVE-2026-45130 [MEDIUM] CWE-122 CVE-2026-45130: Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow e
Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-bit signed integer multiplication, causing a small
nvd
CVE-2024-43374P4MEDIUMCVSS 4.7≤ 0.10.42024-08-16
CVE-2024-43374 [MEDIUM] CWE-416 CVE-2024-43374: The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling.
The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a
nvd