{"url":"http://public2.vulnerablecode.io/api/packages/106726?format=json","purl":"pkg:deb/debian/vim@2:9.2.0428-1?distro=trixie","type":"deb","namespace":"debian","name":"vim","version":"2:9.2.0428-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2:9.2.0461-1","latest_non_vulnerable_version":"2:9.2.0524-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70257?format=json","vulnerability_id":"VCID-ar9v-jmw8-e7aq","summary":"Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the sftp:// or file:// protocol handlers), an attacker can execute arbitrary shell commands with the privileges of the Vim process. This issue has been patched in version 9.2.0383.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42307"},{"reference_url":"https://github.com/vim/vim/commit/405e2fb6d54d5653523809e2853d99d1c000a5fc","reference_id":"405e2fb6d54d5653523809e2853d99d1c000a5fc","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:24:20Z/"}],"url":"https://github.com/vim/vim/commit/405e2fb6d54d5653523809e2853d99d1c000a5fc"},{"reference_url":"https://github.com/vim/vim/security/advisories/GHSA-85ch-p2qr-m5gx","reference_id":"GHSA-85ch-p2qr-m5gx","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:24:20Z/"}],"url":"https://github.com/vim/vim/security/advisories/GHSA-85ch-p2qr-m5gx"},{"reference_url":"https://github.com/vim/vim/releases/tag/v9.2.0383","reference_id":"v9.2.0383","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:24:20Z/"}],"url":"https://github.com/vim/vim/releases/tag/v9.2.0383"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/106726?format=json","purl":"pkg:deb/debian/vim@2:9.2.0428-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vim@2:9.2.0428-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106673?format=json","purl":"pkg:deb/debian/vim@2:9.2.0524-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vim@2:9.2.0524-1%3Fdistro=trixie"}],"aliases":["CVE-2026-42307"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ar9v-jmw8-e7aq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28599?format=json","vulnerability_id":"VCID-xvxm-ykrd-zffn","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41411","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41411"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134906","reference_id":"1134906","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134906"},{"reference_url":"https://github.com/vim/vim/commit/c78194e41d5a0b05b0ddf383b6679b1503f977fb","reference_id":"c78194e41d5a0b05b0ddf383b6679b1503f977fb","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-28T03:55:27Z/"}],"url":"https://github.com/vim/vim/commit/c78194e41d5a0b05b0ddf383b6679b1503f977fb"},{"reference_url":"https://github.com/vim/vim/security/advisories/GHSA-cwgx-gcj7-6qh8","reference_id":"GHSA-cwgx-gcj7-6qh8","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-28T03:55:27Z/"}],"url":"https://github.com/vim/vim/security/advisories/GHSA-cwgx-gcj7-6qh8"},{"reference_url":"https://github.com/vim/vim/releases/tag/v9.2.0357","reference_id":"v9.2.0357","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-28T03:55:27Z/"}],"url":"https://github.com/vim/vim/releases/tag/v9.2.0357"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/106726?format=json","purl":"pkg:deb/debian/vim@2:9.2.0428-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vim@2:9.2.0428-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106673?format=json","purl":"pkg:deb/debian/vim@2:9.2.0524-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vim@2:9.2.0524-1%3Fdistro=trixie"}],"aliases":["CVE-2026-41411"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xvxm-ykrd-zffn"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vim@2:9.2.0428-1%3Fdistro=trixie"}