Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

bytecodealliance — Vulnerabilities & Security Advisories 48

Browse all 48 CVE security advisories affecting bytecodealliance. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products bytecodealliance:wasmtimewasm-micro-runtimelucetrustixcap-std
CVE IDTitleCVSSSeverityPaused
CVE-2026-35195 Wasmtime has an out-of-bounds write or crash when transcoding component model strings — wasmtimeCWE-787 9.9AICriticalAI2026-04-09
CVE-2026-35186 Wasmtime has an improperly masked return value from `table.grow` with Winch compiler backend — wasmtimeCWE-789 9.1AICriticalAI2026-04-09
CVE-2026-34988 Wasmtime leaks data between pooling allocator instances — wasmtimeCWE-119 7.5AIHighAI2026-04-09
CVE-2026-34987 Wasmtime with Winch compiler backend on aarch64 may allow a sandbox-escaping memory access — wasmtimeCWE-125 6.3AIMediumAI2026-04-09
CVE-2026-34983 Wasmtime has a use-after-free bug after cloning `wasmtime::Linker` — wasmtimeCWE-416 7.5AIHighAI2026-04-09
CVE-2026-34971 Wasmtime miscompiled guest heap access enables sandbox escape on aarch64 Cranelift — wasmtimeCWE-125 9.1AICriticalAI2026-04-09
CVE-2026-34946 Wasmtime's host panics when Winch compiler executes `table.fill` — wasmtimeCWE-670 7.7AIHighAI2026-04-09
CVE-2026-34945 Wasmtime leaks host data with 64-bit tables and Winch — wasmtimeCWE-681 6.5AIMediumAI2026-04-09
CVE-2026-34944 Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on x86-64 — wasmtimeCWE-248 7.5AIHighAI2026-04-09
CVE-2026-34943 Wasmtime panics when lifting `flags` component value — wasmtimeCWE-248 7.5AIHighAI2026-04-09
CVE-2026-34942 Wasmtime panics when transcoding misaligned utf-16 strings — wasmtimeCWE-129 7.7AIHighAI2026-04-09
CVE-2026-34941 Wasmtime has a Heap OOB read in component model UTF-16 to latin1+utf16 string transcoding — wasmtimeCWE-125 6.5AIMediumAI2026-04-09
CVE-2026-27572 Wasmtime can panic when adding excessive fields to a `wasi:http/types.fields` instance — wasmtimeCWE-770 7.5 -2026-02-24
CVE-2026-27204 Wasmtime WASI implementations are vulnerable to guest-controlled resource exhaustion — wasmtimeCWE-400 6.5 -2026-02-24
CVE-2026-27195 Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future — wasmtimeCWE-755 6.8 -2026-02-24
CVE-2026-24116 Wasmtime segfault or unused out-of-sandbox load with f64.copysign operator on x86-64 — wasmtimeCWE-125 7.5AIHighAI2026-01-27
CVE-2025-64713 WebAssembly Micro Runtime frame_offset_bottom array bounds overflow in fast Interpreter mode when handling GET_GLOBAL(I32) followed by if opcode — wasm-micro-runtimeCWE-119 5.1 Medium2025-11-25
CVE-2025-64704 WebAssembly Micro Runtime vulnerable to a segmentation fault in v128.store instruction — wasm-micro-runtimeCWE-754 4.7 Medium2025-11-25
CVE-2025-64345 Wasmtime provides unsound API access to a WebAssembly shared linear memory — wasmtimeCWE-362 1.8 Low2025-11-12
CVE-2025-62711 Wasmtime vulnerable to segfault when using component resources — wasmtimeCWE-755 7.5 -2025-10-24
CVE-2025-61670 Wasmtime has memory leak in C API with `externref` and `anyref` types — wasmtimeCWE-772 7.5AIHighAI2025-10-07
CVE-2025-58749 WAMR runtime hangs or crashes with large memory.fill addresses in LLVM-JIT mode — wasm-micro-runtimeCWE-822 6.2AIMediumAI2025-09-16
CVE-2025-54126 WebAssembly Micro Runtime's `--addr-pool` option allows all IPv4 addresses when subnet mask is not specified — wasm-micro-runtimeCWE-668 9.1AICriticalAI2025-07-29
CVE-2025-53901 Wasmtime has host panic with `fd_renumber` WASIp1 function — wasmtimeCWE-672 3.5 Low2025-07-18
CVE-2025-43853 iwasm vulnerable to filesystem sandbox escape with symlink when using uvwasi feature — wasm-micro-runtimeCWE-61 6.5AIMediumAI2025-05-15
CVE-2024-51756 cap-std doesn't fully sandbox all the Windows device filenames — cap-stdCWE-22 7.8AIHighAI2024-11-05
CVE-2024-51745 Wasmtime doesn't fully sandbox all the Windows device filenames — wasmtimeCWE-67 8.2AIHighAI2024-11-05
CVE-2024-47813 Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations — wasmtimeCWE-367 2.9 Low2024-10-09
CVE-2024-47763 Wasmtime runtime crash when combining tail calls with trapping imports — wasmtimeCWE-670 5.5 Medium2024-10-09
CVE-2024-43806 `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion — rustixCWE-400 6.5 Medium2024-08-26

This page lists every published CVE security advisory associated with bytecodealliance. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.