Aggregates CVE and security vulnerability intelligence across all wasm3_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk memory corruption and vendor risk buffer overflow and related problems; some flaws may lead to vendor impact memory corruption and vendor impact application crash.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-15572 | A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation leads to memory leak. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Unfortunately, the project has no active maintainer at the moment. | [email protected] | 1.9 | 0.01% | 2026-02-10 | 2026-04-29 |
| CVE-2025-15413 | A vulnerability was detected in wasm3 up to 0.5.0. Impacted is the function op_SetSlot_i32/op_CallIndirect of the file m3_exec.h. Performing a manipulation results in memory corruption. The attack needs to be approached locally. The exploit is now public and may be used. Unfortunately, the project has no active maintainer at the moment. | [email protected] | 1.9 | 0.01% | 2026-01-01 | 2026-04-29 |
| CVE-2025-6272 | A vulnerability has been found in wasm3 0.5.0 and classified as problematic. This vulnerability affects the function MarkSlotAllocated of the file source/m3_compile.c. The manipulation leads to out-of-bounds write. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.06% | 2025-06-19 | 2026-04-29 |
| CVE-2024-27530 | wasm3 139076a contains a Use-After-Free in ForEachModule. | [email protected] | 8.4 | 0.12% | 2024-11-08 | 2025-06-24 |
| CVE-2024-27529 | wasm3 139076a contains memory leaks in Read_utf8. | [email protected] | 8.4 | 0.18% | 2024-11-08 | 2025-06-24 |
| CVE-2024-27528 | wasm3 139076a suffers from Invalid Memory Read, leading to DoS and potential Code Execution. | [email protected] | 8.4 | 0.13% | 2024-11-08 | 2025-06-24 |
| CVE-2024-27527 | wasm3 139076a is vulnerable to Denial of Service (DoS). | [email protected] | 7.5 | 0.26% | 2024-11-08 | 2025-06-24 |
| CVE-2024-34246 | wasm3 v0.5.0 was discovered to contain an out-of-bound memory read which leads to segmentation fault via the function "main" in wasm3/platforms/app/main.c. | [email protected] | 7.5 | 0.55% | 2024-05-06 | 2025-04-16 |
| CVE-2024-34252 | wasm3 v0.5.0 was discovered to contain a global buffer overflow which leads to segmentation fault via the function "PreserveRegisterIfOccupied" in wasm3/source/m3_compile.c. | [email protected] | 7.5 | 0.48% | 2024-05-06 | 2025-04-16 |
| CVE-2024-34249 | wasm3 v0.5.0 was discovered to contain a heap buffer overflow which leads to segmentation fault via the function "DeallocateSlot" in wasm3/source/m3_compile.c. | [email protected] | 9.8 | 1.07% | 2024-05-06 | 2025-04-16 |
| CVE-2022-44874 | wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was discovered to contain a segmentation fault via the component op_CallIndirect at /m3_exec.h. | [email protected] | 5.5 | 0.13% | 2022-12-13 | 2025-04-22 |
| CVE-2022-39974 | WASM3 v0.5.0 was discovered to contain a segmentation fault via the component op_Select_i32_srs in wasm3/source/m3_exec.h. | [email protected] | 7.5 | 0.29% | 2022-09-20 | 2025-05-28 |
| CVE-2022-34529 | WASM3 v0.5.0 was discovered to contain a segmentation fault via the component Compile_Memory_CopyFill. | [email protected] | 5.5 | 0.02% | 2022-07-27 | 2024-11-21 |
| CVE-2022-28990 | WASM3 v0.5.0 was discovered to contain a heap overflow via the component /wabt/bin/poc.wasm. | [email protected] | 7.8 | 0.11% | 2022-05-20 | 2024-11-21 |
| CVE-2022-28966 | Wasm3 0.5.0 has a heap-based buffer overflow in NewCodePage in m3_code.c (called indirectly from Compile_BranchTable in m3_compile.c). | [email protected] | 5.5 | 0.14% | 2022-04-16 | 2024-11-21 |
| CVE-2021-45947 | Wasm3 0.5.0 has an out-of-bounds write in Runtime_Release (called from EvaluateExpression and InitDataSegments). | [email protected] | 5.5 | 0.05% | 2022-01-01 | 2024-11-21 |
| CVE-2021-45946 | Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Compile_LoopOrBlock and CompileBlockStatements). | [email protected] | 5.5 | 0.05% | 2022-01-01 | 2024-11-21 |
| CVE-2021-45929 | Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from CompileElseBlock and Compile_If). | [email protected] | 5.5 | 0.05% | 2022-01-01 | 2024-11-21 |
| CVE-2021-38592 | Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called from EvaluateExpression and m3_LoadModule). | [email protected] | 7.5 | 0.30% | 2021-08-12 | 2024-11-21 |