Bytecodealliance Wasmtime
41 CVEs affecting Bytecodealliance Wasmtime. Latest disclosed: 2026-05-14. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-26489 | Critical | 10.0 | 2023-03-08 | wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x86_64 targets where address-mod… |
CVE-2022-39393 | High | 8.6 | 2022-11-10 | Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance alloca… |
CVE-2022-24791 | High | 8.1 | 2022-03-31 | Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that us… |
CVE-2026-44216 | High | 7.5 | 2026-05-14 | Wasmtime is a runtime for WebAssembly. From 30.0.0 to 36.0.8, 43.0.2, and 44.0.1, Wasmtime's allocation logic for a WebAssembly table contained checked arithme… |
CVE-2021-32629 | High | 7.2 | 2021-05-24 | Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable mach… |
CVE-2022-31146 | Medium | 6.4 | 2022-07-20 | Wasmtime is a standalone runtime for WebAssembly. There is a bug in the Wasmtime's code generator, Cranelift, where functions using reference types may be inco… |
CVE-2021-39218 | Medium | 6.3 | 2021-09-17 | Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulner… |
CVE-2021-39219 | Medium | 6.3 | 2021-09-17 | Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the… |
CVE-2021-39216 | Medium | 6.3 | 2021-09-17 | Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passin… |
CVE-2022-39392 | Medium | 5.9 | 2022-11-10 | Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when th… |
CVE-2022-31169 | Medium | 5.9 | 2022-07-21 | Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can resul… |
CVE-2024-47763 | Medium | 5.5 | 2024-10-09 | Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime cras… |
CVE-2022-23636 | Medium | 5.1 | 2022-02-16 | Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtim… |
CVE-2022-31104 | Medium | 4.8 | 2022-06-27 | Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for WebAssembly on x86_64 contained two d… |
CVE-2023-30624 | Low | 3.9 | 2023-04-27 | Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as… |
CVE-2022-39394 | Low | 3.8 | 2022-11-10 | Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where the definition of the `wasmti… |
CVE-2025-53901 | Low | 3.5 | 2025-07-18 | Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions c… |
CVE-2024-30266 | Low | 3.3 | 2024-04-04 | wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAsse… |
CVE-2023-27477 | Low | 3.1 | 2023-03-08 | wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platforms for the WebAssembly `i8x16… |
CVE-2024-47813 | Low | 2.9 | 2024-10-09 | Wasmtime is an open source runtime for WebAssembly. Under certain concurrent event orderings, a `wasmtime::Engine`'s internal type registry was susceptible to… |