Bytecodealliance Wasmtime Vulnerabilities

Memory Leak Vulnerabilities in Wasmtime Runtime for WebAssembly

CVE-2025-61670

BytecodeallianceWasmtime1LOW

WebAssembly Runtime Vulnerability in Wasmtime by Bytecode Alliance

CVE-2025-53901

BytecodeallianceWasmtime3.5LOW

Patch Releases Issued for Wasmtime to Address Sandbox Bypass Vulnerability

CVE-2024-51745

BytecodeallianceWasmtime

Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64

CVE-2023-41880

BytecodeallianceWasmtime2.2LOW

Wasmtime has Undefined Behavior in Rust runtime functions

CVE-2023-30624

BytecodeallianceWasmtime3.9LOW

Guest-controlled out-of-bounds read/write on x86_64 in wasmtime

CVE-2023-26489

BytecodeallianceWasmtime10CRITICAL

Code Generation Bug in Wasmtime Affects WebAssembly on x86_64 Platforms

CVE-2023-27477

BytecodeallianceWasmtime3.1LOW

Wasmtime vulnerable to out of bounds read/write with zero-memory-pages configuration

CVE-2022-39392

BytecodeallianceWasmtime5.9MEDIUM

Wasmtime vulnerable to data leakage between instances in the pooling allocator

CVE-2022-39393

BytecodeallianceWasmtime8.6HIGH

wasmtime_trap_code C API function has out of bounds write vulnerability

CVE-2022-39394

BytecodeallianceWasmtime3.8LOW

Cranelift vulnerable to miscompilation of constant values in division on AArch64

CVE-2022-31169

BytecodeallianceWasmtime5.9MEDIUM

Use After Free in Wasmtime

CVE-2022-31146

BytecodeallianceWasmtime6.4MEDIUM

Miscompilation of `i8x16.swizzle` and `select` with v128 inputs in Wasmtime

CVE-2022-31104

BytecodeallianceWasmtime4.8MEDIUM

Use after free in Wasmtime

CVE-2022-24791

BytecodeallianceWasmtime8.1HIGH

Invalid drop of partially-initialized instances in wasmtime

CVE-2022-23636

BytecodeallianceWasmtime5.1MEDIUM

Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime

CVE-2021-39218

BytecodeallianceWasmtime6.3MEDIUM

Wrong type for `Linker`-define functions when used across two `Engine`s

CVE-2021-39219

BytecodeallianceWasmtime6.3MEDIUM

Use after free passing `externref`s to Wasm in Wasmtime

CVE-2021-39216

BytecodeallianceWasmtime6.3MEDIUM

Memory access due to code generation flaw in Cranelift module

CVE-2021-32629

BytecodeallianceWasmtime7.2HIGH

bytecodealliance Wasmtime Vulnerabilities

Vulnerability Published:

Sort By:

7 October 2025

Memory Leak Vulnerabilities in Wasmtime Runtime for WebAssembly

18 July 2025

WebAssembly Runtime Vulnerability in Wasmtime by Bytecode Alliance

5 November 2024

Patch Releases Issued for Wasmtime to Address Sandbox Bypass Vulnerability

15 September 2023

Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64

27 April 2023

Wasmtime has Undefined Behavior in Rust runtime functions

8 March 2023

Guest-controlled out-of-bounds read/write on x86_64 in wasmtime

Code Generation Bug in Wasmtime Affects WebAssembly on x86_64 Platforms

10 November 2022

Wasmtime vulnerable to out of bounds read/write with zero-memory-pages configuration

Wasmtime vulnerable to data leakage between instances in the pooling allocator

wasmtime_trap_code C API function has out of bounds write vulnerability

22 July 2022

Cranelift vulnerable to miscompilation of constant values in division on AArch64

21 July 2022

Use After Free in Wasmtime

28 June 2022

Miscompilation of `i8x16.swizzle` and `select` with v128 inputs in Wasmtime

31 March 2022

Use after free in Wasmtime

16 February 2022

Invalid drop of partially-initialized instances in wasmtime

17 September 2021

Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime

Wrong type for `Linker`-define functions when used across two `Engine`s

Use after free passing `externref`s to Wasm in Wasmtime

24 May 2021

Memory access due to code generation flaw in Cranelift module