VYPR

rpm package

opensuse/tree-sitter&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/tree-sitter&distro=openSUSE%20Tumbleweed

Vulnerabilities (6)

  • CVE-2026-44216HigMay 14, 2026
    affected < 0.26.8-3.1fixed 0.26.8-3.1

    Wasmtime is a runtime for WebAssembly. From 30.0.0 to 36.0.8, 43.0.2, and 44.0.1, Wasmtime's allocation logic for a WebAssembly table contained checked arithmetic which panicked on overflow. This overflow is possible to trigger, and thus panic, when a table with an extremely larg

  • CVE-2026-35186HigApr 9, 2026
    affected < 0.26.8-2.1fixed 0.26.8-2.1

    Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler backend contains a bug where translating the table.grow operator causes the result to be incorrectly typed. For 32-bit tables this means that the result of the opera

  • CVE-2026-34988MedApr 9, 2026
    affected < 0.26.8-2.1fixed 0.26.8-2.1

    Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of its pooling allocator contains a bug where in certain configurations the contents of linear memory can be leaked from one instance to the next. The implementation

  • CVE-2026-34945MedApr 9, 2026
    affected < 0.26.8-1.1fixed 0.26.8-1.1

    Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosi

  • CVE-2026-34943HigApr 9, 2026
    affected < 0.26.8-2.1fixed 0.26.8-2.1

    Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a possible panic which can happen when a flags-typed component model value is lifted with the Val type. If bits are set outside of the set of flags the component model specifies

  • CVE-2026-34941HigApr 9, 2026
    affected < 0.26.8-2.1fixed 0.26.8-2.1

    Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a vulnerability where when transcoding a UTF-16 string to the latin1+utf16 component-model encoding it would incorrectly validate the byte length of the input string when perform