GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
9 advisories
Wasmtime: Heap OOB read in component model UTF-16 to latin1+utf16 string transcoding
Moderate
CVE-2026-34941
was published
for
wasmtime
(Rust)
Apr 9, 2026
Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on x86-64
Moderate
CVE-2026-34944
was published
for
wasmtime
(Rust)
Apr 9, 2026
Wasmtime has host data leakage with 64-bit tables and Winch
Low
CVE-2026-34945
was published
for
wasmtime
(Rust)
Apr 9, 2026
Wasmtime has host panic when Winch compiler executes `table.fill`
Moderate
CVE-2026-34946
was published
for
wasmtime
(Rust)
Apr 9, 2026
Wasmtime: Miscompiled guest heap access enables sandbox escape on aarch64 Cranelift
Critical
CVE-2026-34971
was published
for
wasmtime
(Rust)
Apr 9, 2026
Wasmtime has data leakage between pooling allocator instances
Low
CVE-2026-34988
was published
for
wasmtime
(Rust)
Apr 9, 2026
Wasmtime with Winch compiler backend on aarch64 may allow a sandbox-escaping memory access
Critical
CVE-2026-34987
was published
for
wasmtime
(Rust)
Apr 10, 2026
Wasmtime has improperly masked return value from `table.grow` with Winch compiler backend
Moderate
CVE-2026-35186
was published
for
wasmtime
(Rust)
Apr 10, 2026
wasmtime-wasi: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction
High
CVE-2026-47261
was published
for
wasmtime-wasi
(Rust)
Jun 5, 2026
ProTip!
Advisories are also available from the
GraphQL API