Home/Product/bytecodealliance wasmtime
Product

bytecodealliance wasmtime

39 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-44216
>= 30.0.0 and < 36.0.8
Wasmtime is a runtime for WebAssembly. From 30.0.0 to 36.0.8, 43.0.2, and 44.0.1, Wasmtime's allocation logic for a WebAssembly ta
7.5HIGH
 CVE-2026-35195
< 24.0.7
Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strin
5.4MEDIUM
 CVE-2026-35186
>= 25.0.0 and < 36.0.7
Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler backend contain
7.5HIGH
 CVE-2026-34988
>= 28.0.0 and < 36.0.7
Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of its pooling
6.3MEDIUM
 CVE-2026-34987
>= 25.0.0 and < 36.0.7
Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch (baseline) non-de
9.9CRITICAL
 CVE-2026-34983
all versions
Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. Thi
5.0MEDIUM
 CVE-2026-34971
>= 32.0.0 and < 36.0.7
Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend
7.8HIGH
 CVE-2026-34946
>= 25.0.0 and < 36.0.7
Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a vuln
7.5HIGH
 CVE-2026-34945
>= 25.0.0 and < 36.0.7
Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug
6.5MEDIUM
 CVE-2026-34944
< 24.0.7
Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platforms with SSE3 disabled Wasmtim
5.7MEDIUM
 CVE-2026-34943
< 24.0.7
Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a possible panic which can h
7.5HIGH
 CVE-2026-34942
< 24.0.7
Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strin
6.5MEDIUM
 CVE-2026-34941
< 24.0.7
Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a vulnerability where when t
8.1HIGH
 CVE-2026-27572
< 24.0.6
Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of
7.5HIGH
 CVE-2026-27204
< 24.0.6
Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of
6.5MEDIUM
 CVE-2026-27195
>= 39.0.0 and < 40.0.4
Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the component-model-async feature became the default, whic
7.5HIGH
 CVE-2026-24116
>= 29.0.0 and < 36.0.5
Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platf
5.5MEDIUM
 CVE-2025-62711
>= 38.0.0 and < 38.0.3
Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related hos
3.1LOW
 CVE-2025-61670
all versions
Wasmtime is a runtime for WebAssembly. Wasmtime 37.0.0 and 37.0.1 have memory leaks in the C/C++ API when using bindings for the `
3.3LOW
 CVE-2025-53901
< 24.0.4
Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WAS
3.5LOW
 CVE-2024-51745
< 24.0.2
Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's filesystem sandbox implementation on Windows blocks access to sp
10.0CRITICAL
 CVE-2024-47813
all versions
Wasmtime is an open source runtime for WebAssembly. Under certain concurrent event orderings, a wasmtime::Engine's internal type
2.9LOW
 CVE-2024-47763
all versions
Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces
5.5MEDIUM
 CVE-2024-30266
all versions
wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development whic
3.3LOW
 CVE-2023-41880
>= 10.0.0 and < 10.0.2
Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a mi
2.2LOW
 CVE-2023-30624
< 6.0.2
Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing
3.9LOW
 CVE-2023-27477
>= 0.37.0 and < 4.0.1
wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platform
3.1LOW
 CVE-2023-26489
>= 0.37.0 and < 4.0.1
wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x86
9.9CRITICAL
 CVE-2022-39394
< 1.0.2
Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where
3.8LOW
 CVE-2022-39393
< 1.0.2
Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation o
8.6HIGH
 CVE-2022-39392
< 1.0.2
Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooli
5.9MEDIUM
 CVE-2022-31169
< 0.38.1
Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets wher
5.9MEDIUM
 CVE-2022-31146
>= 0.37.0 and < 0.38.2
Wasmtime is a standalone runtime for WebAssembly. There is a bug in the Wasmtime's code generator, Cranelift, where functions usin
6.4MEDIUM
 CVE-2022-31104
< 0.38.1
Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for WebAssem
4.8MEDIUM
 CVE-2022-24791
>= 0.34.0 and < 0.34.2
Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime w
8.1HIGH
 CVE-2022-23636
< 0.33.1
Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling
5.1MEDIUM
 CVE-2021-39218
>= 0.26.0 and < 0.30.0
Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected b
6.3MEDIUM
 CVE-2021-39219
< 0.30.0
Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerab
6.3MEDIUM
 CVE-2021-39216
>= 0.19.0 and < 0.30.0
Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a u
6.3MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin