Aggregates CVE and security vulnerability intelligence across all webassembly-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk memory corruption and vendor risk cross-site scripting and related security problems, affecting vendor surface production workloads and vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-27115 | WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size. | [email protected] | 5.5 | 0.31% | 2023-03-09 | 2026-06-17 |
| CVE-2022-43283 | wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write. | [email protected] | 5.5 | 0.27% | 2022-10-28 | 2026-06-17 |
| CVE-2022-43282 | wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount. | [email protected] | 7.1 | 0.30% | 2022-10-28 | 2026-06-17 |
| CVE-2022-43281 | wasm-interp v1.0.29 was discovered to contain a heap overflow via the component std::vector<wabt::Type, std::allocator<wabt::Type>>::size() at /bits/stl_vector.h. | [email protected] | 7.8 | 0.32% | 2022-10-28 | 2026-06-17 |
| CVE-2022-43280 | wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount. | [email protected] | 7.1 | 0.30% | 2022-10-28 | 2026-06-17 |
| CVE-2021-46055 | A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*). | [email protected] | 5.5 | 0.70% | 2022-01-10 | 2026-06-17 |
| CVE-2021-46054 | A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*). | [email protected] | 5.5 | 0.70% | 2022-01-10 | 2026-06-17 |
| CVE-2021-46053 | A Denial of Service vulnerability exists in Binaryen 103. The program terminates with signal SIGKILL. | [email protected] | 5.5 | 0.70% | 2022-01-10 | 2026-06-17 |
| CVE-2021-46052 | A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate. | [email protected] | 5.5 | 0.70% | 2022-01-10 | 2026-06-17 |
| CVE-2021-46050 | A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function. | [email protected] | 5.5 | 0.68% | 2022-01-10 | 2026-06-17 |
| CVE-2021-46048 | A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions. | [email protected] | 5.5 | 0.70% | 2022-01-10 | 2026-06-17 |
| CVE-2021-45293 | A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet. | [email protected] | 5.5 | 0.78% | 2021-12-21 | 2026-06-17 |
| CVE-2021-45290 | A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable. | [email protected] | 7.5 | 1.47% | 2021-12-21 | 2026-06-17 |
| CVE-2019-15759 | An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js. | [email protected] | 6.5 | 1.25% | 2019-08-28 | 2026-06-16 |
| CVE-2019-15758 | An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js. | [email protected] | 6.5 | 1.24% | 2019-08-28 | 2026-06-16 |
| CVE-2019-7704 | wasm::WasmBinaryBuilder::readUserSection in wasm-binary.cpp in Binaryen 1.38.22 triggers an attempt at excessive memory allocation, as demonstrated by wasm-merge and wasm-opt. | [email protected] | 6.5 | 1.16% | 2019-02-10 | 2026-06-16 |
| CVE-2019-7703 | In Binaryen 1.38.22, there is a use-after-free problem in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service via a wasm file, as demonstrated by wasm-merge. | [email protected] | 6.5 | 1.46% | 2019-02-10 | 2026-06-16 |
| CVE-2019-7702 | A NULL pointer dereference was discovered in wasm::SExpressionWasmBuilder::parseExpression in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as. | [email protected] | 6.5 | 1.15% | 2019-02-10 | 2026-06-16 |
| CVE-2019-7701 | A heap-based buffer over-read was discovered in wasm::SExpressionParser::skipWhitespace() in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm2js. | [email protected] | 6.5 | 1.15% | 2019-02-10 | 2026-06-16 |
| CVE-2019-7700 | A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-merge. | [email protected] | 6.5 | 1.15% | 2019-02-10 | 2026-06-16 |