Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.
RCE
Path Traversal
Syntastic
Debian Linux
NVD
GitHub
CVSS 3.0
7.5
EPSS
2.7%