Vulnerabilities in bytecodealliance
50 resultsCVE-2022-31104MEDIUMMiscompilation of `i8x16.swizzle` and `select` with v128 inputs in WasmtimeEPSS 1.6%CVE-2021-43790HIGHUse After Free in lucetEPSS 1.6%CVE-2023-26489CRITICALGuest-controlled out-of-bounds read/write on x86_64 in wasmtimeEPSS 1.3%CVE-2022-24791HIGHUse after free in WasmtimeEPSS 1.1%CVE-2022-31146MEDIUMUse After Free in WasmtimeEPSS 0.8%CVE-2024-51745LOWWasmtime doesn't fully sandbox all the Windows device filenamesEPSS 0.8%CVE-2022-23636MEDIUMInvalid drop of partially-initialized instances in wasmtimeEPSS 0.8%CVE-2022-39393HIGHWasmtime vulnerable to data leakage between instances in the pooling allocatorEPSS 0.7%CVE-2022-31169MEDIUMCranelift vulnerable to miscompilation of constant values in division on AArch64EPSS 0.7%CVE-2023-27477LOWwasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platforms for the EPSS 0.6%CVE-2023-41880LOWMiscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64EPSS 0.6%CVE-2022-39392MEDIUMWasmtime vulnerable to out of bounds read/write with zero-memory-pages configurationEPSS 0.6%CVE-2025-54126MEDIUMWebAssembly Micro Runtime's `--addr-pool` option allows all IPv4 addresses when subnet mask is not specifiedEPSS 0.6%CVE-2024-51756LOWcap-std doesn't fully sandbox all the Windows device filenamesEPSS 0.6%CVE-2024-43806MEDIUM`rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosionEPSS 0.5%CVE-2026-27572MEDIUMWasmtime can panic when adding excessive fields to a `wasi:http/types.fields` instanceEPSS 0.5%CVE-2021-32629HIGHMemory access due to code generation flaw in Cranelift moduleEPSS 0.5%CVE-2023-30624LOWWasmtime has Undefined Behavior in Rust runtime functionsEPSS 0.4%CVE-2025-62711LOWWasmtime vulnerable to segfault when using component resourcesEPSS 0.4%CVE-2026-34941MEDIUMWasmtime has a Heap OOB read in component model UTF-16 to latin1+utf16 string transcodingEPSS 0.4%