VYPR
Vendor

Webassembly

Products
6
CVEs
46
Across products
47
Status
Private

Products

6

Recent CVEs

46
View all 46 CVEs →
  • CVE-2018-16767HigSep 10, 2018
    risk 0.57cvss 8.8epss 0.01

    In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::popAndValidateOp…

  • CVE-2025-15412MedJan 1, 2026
    risk 0.34cvss 5.3epss 0.00

    A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds read. Local access is…

  • CVE-2025-15411MedJan 1, 2026
    risk 0.34cvss 5.3epss 0.00

    A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the…

  • CVE-2025-14956MedDec 19, 2025
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host.…

  • CVE-2025-6275LowJun 19, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the…

  • CVE-2025-6274LowJun 19, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit…

  • CVE-2025-6273LowJun 19, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The…

  • CVE-2026-8257LowMay 11, 2026
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached…

  • CVE-2025-14957LowDec 19, 2025
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads…

  • CVE-2025-3122Apr 2, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. The attack can…

  • CVE-2025-2584Mar 21, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer…

  • CVE-2025-2368Mar 17, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in WebAssembly wabt 1.0.36 and classified as critical. This issue affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport of the file wabt/src/interp/binary-reader-interp.cc of the component Malformed File Handler. The…

  • CVE-2023-46332Oct 23, 2023
    risk 0.00cvss epss 0.00

    WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault.

  • CVE-2023-46331Oct 23, 2023
    risk 0.00cvss epss 0.00

    WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault.

  • CVE-2020-18382Aug 22, 2023
    risk 0.00cvss epss 0.01

    Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt.

  • CVE-2020-18378Aug 22, 2023
    risk 0.00cvss epss 0.01

    A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.

  • CVE-2023-31670May 23, 2023
    risk 0.00cvss epss 0.01

    An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary.

  • CVE-2023-31669May 23, 2023
    risk 0.00cvss epss 0.00

    WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote (").

  • CVE-2023-27117Mar 10, 2023
    risk 0.00cvss epss 0.00

    WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator.

  • CVE-2023-27116Mar 10, 2023
    risk 0.00cvss epss 0.00

    WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType.