- CVE-2022-0572: heap overflow on vcol-overflow in :retab (upstream vim 8.2.4359) - CVE-2022-0368: illegal memory access when undo makes Visual area invalid (upstream vim 8.2.4217) - CVE-2022-0685: crash on multi-byte char in unix_expandpath() (upstream vim 8.2.4418) - CVE-2022-2125: heap overflow in get_lisp_indent() (upstream vim 8.2.5122) - CVE-2022-2183: reading past end-of-line in lisp indenting (upstream vim 8.2.5151) - CVE-2022-2124: reading past end-of-line in current_quote() (upstream vim 8.2.5120) - CVE-2022-2344: heap overflow in ins_compl_add() (upstream vim 9.0.0046) - CVE-2022-3256: use-after-free in movemark() when autocmd changes mark (upstream vim 9.0.0530) - CVE-2023-4752: heap use-after-free in ins_compl_get_exp() (upstream vim 9.0.1858) - CVE-2022-2126: spell-suggest read past bad word (upstream vim 8.2.5123) - CVE-2022-2946: use-after-free in do_tag() when tagfunc invalidates tagstack (upstream vim 9.0.0246) - CVE-2022-1720: OOB read in get_visual_text() (upstream vim 8.2.4956) - CVE-2022-3234: OOB write in op_replace() (upstream vim 9.0.0483) - CVE-2023-0433: same_leader() read past end-of-line on short comment line (upstream vim 9.0.1225) - CVE-2023-4781: heap-buffer-overflow in vim_regsub_both() via nmatch underflow in :substitute, plus textlock guard in win_exchange() (upstream vim 9.0.1873) - CVE-2022-0351: crash on deeply nested expression (upstream vim 8.2.4206) - CVE-2022-2175: new_cmdpos leak across register insertion in getcmdline() (upstream vim 8.2.5148) - CVE-2026-39881: netbeans command injection via crafted sign/highlight identifier + special-keys (upstream vim 9.2.0316) - CVE-2021-4166: heap-buffer-overflow when clearing the argument list while it is being used (upstream vim 8.2.3884, with 8.2.2421 + 8.2.2463 prereqs for arglist_locked plumbing) - CVE-2022-2343: heap-buffer-overflow in ins_compl_add_infercase() on long line with 'infercase' (upstream vim 9.0.0045) - CVE-2022-3296: stack underflow in ex_finally / ex_endtry when :finally lacks an enclosing :try (upstream vim 9.0.0577)