Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

cargo wasmtime Security Advisories

Loading...
Low
GSA_kwCzR0hTQS03NWhxLWg2ZzktaDRxNc4AA6jC
Wasmtime vulnerable to panic when using a dropped extenref-typed element segment
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1oODRxLW04cnItM3Y5cc4AA4-6
wasmtime_trap_code C API function has out of bounds write vulnerability
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 4 months ago
Low
GSA_kwCzR0hTQS1ndzVwLXE4bWotcDdnaM4AA14F
Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 9 months ago
Low
GSA_kwCzR0hTQS1jaDg5LTVnNDUtcXdjN84AAy_z
Undefined Behavior in Rust runtime functions
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1mZjRwLTd4cnEtcTVyOM4AAyAY
wasmtime vulnerable to guest-controlled out-of-bounds read/write on x86_64
Ecosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Blast Radius: 35.3
Published: about 1 year ago
Low
GSA_kwCzR0hTQS14bTY3LTU4N3EtcjJ2d84AAyAX
wasmtime vulnerable to miscompilation of `i8x16.select` with the same inputs on x86_64
Ecosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS13aDZ3LTM4MjgtZzlxZs4AAv0W
Wasmtime may have data leakage between instances in the pooling allocator
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00NG1yLTh2bW0td2poZ84AAv0V
Wasmtime out of bounds read/write with zero-memory-pages configuration
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03ZjZ4LWp3aDUtbTlyNM4AAtkN
Cranelift vulnerable to miscompilation of constant values in division on AArch64
Ecosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01ZmhqLWczcDMtcHE5Z84AAtg8
Wasmtime vulnerable to Use After Free with `externref`s
Ecosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qcXdjLWM0OXItNHcyeM4AAtBw
Miscompilation of `i8x16.swizzle` and `select` with v128 inputs
Ecosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1nd2M5LTM0OHgtcXd2Ms03ng
Use after free in Wasmtime
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04OHhxLXc4Y3EteGZnN80sbg
Invalid drop of partially-initialized instances in the pooling instance allocator for modules with defined `externref` globals
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 17.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xODc5LTlnOTUtNTZteM0V3Q
Wrong type for `Linker`-define functions when used across two `Engine`s
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00ODczLTM2aDktd3Y0Oc0V3A
Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12NGNwLWg5NHItbTd4Zs0V2w
Use after free passing `externref`s to Wasm in Wasmtime
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 2 years ago
Statistics
Advisories: 18,946
Packages: 8,441
Repositories: 1
Ecosystems: 12
Filter by Package
openssl-src 26 ckb 22 wasmtime 16 rusqlite 16 deno 12 surrealdb 8 openssl 7 libpulse-binding 7 hyper 7 cranelift-codegen 6 smallvec 6 Simple-Wayland-HotKey-Daemon 6 sized-chunks 6 frontier 5 lock_api 5 xcb 5 comrak 5 messagepack-rs 5 tauri 5 cargo 5 bottlerocket/update-operator 5 deno_runtime 4 apollo-router 4 evm 4 tokio 4 pleaser 4 tremor-script 4 actix-web 4 raw-cpuid 4 crossbeam-channel 3 ursa 3 nanorand 3 slice-deque 3 s2n-quic 3 anoncreds-clsignatures 3 arrow 3 crossbeam 3 h2 3 ammonia 3 apache-avro 3 arr 3 solana_rbpf 3 routinator 3 grin 3 id-map 3 gitoxide 3 cgc 3 quiche 3 fltk 3 tough 3 flatbuffers 3 acc_reader 3 gix 3 futures-util 2 v9 2 gfx-auxil 2 signal-simple 2 tiny_future 2 derive-com-impl 2 bite 2 parc 2 binjs_io 2 simple-slab 2 vm-memory 2 pywasm3 2 internment 2 lru 2 multiqueue 2 libp2p-core 2 abi_stable 2 metrics-util 2 memoffset 2 libgit2-sys 2 tar 2 vec-const 2 ordnung 2 inventory 2 rocket 2 reorder 2 pnet 2 arti 2 failure 2 tor-circmgr 2 ozone 2 streebog 2 bumpalo 2 rust-embed 2 rdiff 2 crayon 2 traitobject 2 rsa 2 csv-sniffer 2 opcua 2 ticketed_lock 2 cache 2 rulex 2 arenavec 2 buffoon 2 bronzedb-protocol 2 mopa 2 flumedb 2 Deno 2 gix-index 2 gitoxide-core 2 gix-worktree 2 gix-fs 2 gix-worktree-state 2 russh 2 hyper-staticfile 2 http 2 abomonation 2 sodiumoxide 2 syncpool 2 slock 2 actix-http 2 ntpd 2 columnar 2 crypto2 2 generator 2 libsecp256k1 2 matrix-sdk-crypto 2 array-macro 2 ash 2 tectonic_xdv 2 ncurses 2 oqs 2 mio 2 evm-core 2 futures-task 2 simple_asn1 2 image 2 sha2 2 slack-morphism 2 async-h1 2 stack_dst 2 toodee 2 trust-dns-server 2 lettre 2 spin 2 tower-http 2 wasm3 2 zerocopy 2 net2 2 svix 2 rand_core 2 coreos-installer 2 nix 2 gix-transport 2 molecule 2 Pillow 1 github.com/chai2010/webp 1 simd-json 1 SkiaSharp 1 endian_trait 1 electron 1 libwebp-sys 1 cookie 1 stackvector 1 libwebp-sys2 1 orion 1 bam 1 totp-rs 1 diesel 1 actix-utils 1 pancurses 1 beef 1 ouroboros 1 model 1 async-coap 1 bigint 1 noise_search 1 serde_v8 1 magick.net-q8-x64 1 magick.net-q8-openmp-x64 1 magick.net-q8-anycpu 1 better-macro 1 magick.net-q16-x64 1 parse_duration 1 xml-rs 1 magick.net-q16-hdri-anycpu 1 magick.net-q16-anycpu 1 mail-internals 1 paramiko 1 trillium-http 1 trillium-client 1 snow 1 lzf 1 wasmi 1 golang.org/x/crypto 1 whoami 1 transpose 1 libdav1d-sys 1 vmm-sys-util 1 cyfs-base 1 spin-sdk 1 rmp-serde 1 self_cell 1 vodozemac 1 stack 1 tungstenite 1