Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wasmtime — Vulnerabilities & Security Advisories 40

All 40 CVE vulnerabilities found in wasmtime, with AI-generated Chinese analysis, references, and POCs.

Vendor: bytecodealliance

CVE IDTitleCVSSSeverityPublished
CVE-2026-35195 Wasmtime has an out-of-bounds write or crash when transcoding component model strings CWE-787 9.9AICriticalAI2026-04-09
CVE-2026-35186 Wasmtime has an improperly masked return value from `table.grow` with Winch compiler backend CWE-789 9.1AICriticalAI2026-04-09
CVE-2026-34988 Wasmtime leaks data between pooling allocator instances CWE-119 7.5AIHighAI2026-04-09
CVE-2026-34987 Wasmtime with Winch compiler backend on aarch64 may allow a sandbox-escaping memory access CWE-125 6.3AIMediumAI2026-04-09
CVE-2026-34983 Wasmtime has a use-after-free bug after cloning `wasmtime::Linker` CWE-416 7.5AIHighAI2026-04-09
CVE-2026-34971 Wasmtime miscompiled guest heap access enables sandbox escape on aarch64 Cranelift CWE-125 9.1AICriticalAI2026-04-09
CVE-2026-34946 Wasmtime's host panics when Winch compiler executes `table.fill` CWE-670 7.7AIHighAI2026-04-09
CVE-2026-34945 Wasmtime leaks host data with 64-bit tables and Winch CWE-681 6.5AIMediumAI2026-04-09
CVE-2026-34944 Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on x86-64 CWE-248 7.5AIHighAI2026-04-09
CVE-2026-34943 Wasmtime panics when lifting `flags` component value CWE-248 7.5AIHighAI2026-04-09
CVE-2026-34942 Wasmtime panics when transcoding misaligned utf-16 strings CWE-129 7.7AIHighAI2026-04-09
CVE-2026-34941 Wasmtime has a Heap OOB read in component model UTF-16 to latin1+utf16 string transcoding CWE-125 6.5AIMediumAI2026-04-09
CVE-2026-27572 Wasmtime can panic when adding excessive fields to a `wasi:http/types.fields` instance CWE-770 7.5 -2026-02-24
CVE-2026-27204 Wasmtime WASI implementations are vulnerable to guest-controlled resource exhaustion CWE-400 6.5 -2026-02-24
CVE-2026-27195 Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future CWE-755 6.8 -2026-02-24
CVE-2026-24116 Wasmtime segfault or unused out-of-sandbox load with f64.copysign operator on x86-64 CWE-125 7.5AIHighAI2026-01-27
CVE-2025-64345 Wasmtime provides unsound API access to a WebAssembly shared linear memory CWE-362 1.8 Low2025-11-12
CVE-2025-62711 Wasmtime vulnerable to segfault when using component resources CWE-755 7.5 -2025-10-24
CVE-2025-61670 Wasmtime has memory leak in C API with `externref` and `anyref` types CWE-772 7.5AIHighAI2025-10-07
CVE-2025-53901 Wasmtime has host panic with `fd_renumber` WASIp1 function CWE-672 3.5 Low2025-07-18
CVE-2024-51745 Wasmtime doesn't fully sandbox all the Windows device filenames CWE-67 8.2AIHighAI2024-11-05
CVE-2024-47813 Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations CWE-367 2.9 Low2024-10-09
CVE-2024-47763 Wasmtime runtime crash when combining tail calls with trapping imports CWE-670 5.5 Medium2024-10-09
CVE-2024-30266 Wasmtime vulnerable to panic when using a dropped extenref-typed element segment CWE-843 3.3 Low2024-04-04
CVE-2023-41880 Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64 CWE-193 2.2 Low2023-09-15
CVE-2023-30624 Wasmtime has Undefined Behavior in Rust runtime functions CWE-758 3.9 Low2023-04-27
CVE-2023-26489 Guest-controlled out-of-bounds read/write on x86_64 in wasmtime CWE-125 10.0 Critical2023-03-08
CVE-2023-27477 Wasmtime 安全漏洞 CWE-193 3.1 Low2023-03-08
CVE-2022-39393 Wasmtime vulnerable to data leakage between instances in the pooling allocator CWE-226 8.6 High2022-11-10
CVE-2022-39392 Wasmtime vulnerable to out of bounds read/write with zero-memory-pages configuration CWE-119 5.9 Medium2022-11-10

All 40 known CVE vulnerabilities affecting wasmtime with full Chinese analysis, references, and POCs where available.