- Notifications
You must be signed in to change notification settings - Fork1.6k
Security: bytecodealliance/wasmtime
Security
SECURITY.md
Please refer to theBytecode Alliance securitypolicy for details on our disclosure policy and how to receivenotifications about security issues.
For classification of what is and what isn't a security issue please see ouronlinedocumentationon the subject.
To report a vulnerability, navigate to thesecuritytab and click the greenReport a Vulnerability button, or usethis direct link to the reporting form.
- Unsound API access to a WebAssembly shared linear memoryGHSA-hc7m-r6v8-hg9q published
Nov 11, 2025 byalexcrichtonLow - Possible host crash with host-to-wasm component intrinsicsGHSA-4h67-722j-5pmc published
Oct 24, 2025 byalexcrichtonLow - Memory leak in C API with `externref` and `anyref` typesGHSA-vvp9-h8p2-xwfc published
Oct 7, 2025 byalexcrichtonLow - Host panic with `fd_renumber` WASIp1 functionGHSA-fm79-3f68-h2fc published
Jul 18, 2025 bypchickeyLow - Wasmtime doesn't fully sandbox all the Windows device filenamesGHSA-c2f5-jxjv-2hh8 published
Nov 5, 2024 bysunfishcodeLow - Race condition could lead to WebAssembly control-flow integrity and type safety violationsGHSA-7qmx-3fpx-r45m published
Oct 9, 2024 byalexcrichtonLow - Runtime crash when combining tail calls with stack tracesGHSA-q8hx-mm92-4wvg published
Oct 9, 2024 byalexcrichtonModerate - Panic when using a dropped extenref-typed element segmentGHSA-75hq-h6g9-h4q5 published
Apr 2, 2024 byalexcrichtonLow - Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64GHSA-gw5p-q8mj-p7gh published
Sep 14, 2023 byalexcrichtonLow - Undefined Behavior in Rust runtime functionsGHSA-ch89-5g45-qwc7 published
Apr 27, 2023 byalexcrichtonLow
Learn more about advisories related tobytecodealliance/wasmtime in theGitHub Advisory Database