Browse all 11 CVE security advisories affecting WebAssembly. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WebAssembly enables high-performance client-side and server-side applications, commonly used for games, video editing, and computational tasks. Historically, it has faced vulnerabilities like remote code execution, cross-site scripting, and privilege escalation, often stemming from memory corruption flaws and insecure sandbox implementations. While designed with security in mind, allowing sandboxed execution, its interaction with JavaScript and native code has introduced attack vectors. Notable incidents include memory safety issues in early implementations and vulnerabilities in runtimes that could bypass security restrictions. With 10 CVEs recorded, security remains a focus area as adoption grows.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-8257 | WebAssembly Binaryen BrOn wasm-ir-builder.cpp makeBrOn assertion — BinaryenCWE-617 | 3.3 | Low | 2026-05-11 |
| CVE-2025-14957 | WebAssembly Binaryen IRBuilder wasm-ir-builder.cpp makeLocalTee null pointer dereference — BinaryenCWE-476 | 3.3 | Low | 2025-12-19 |
| CVE-2025-14956 | WebAssembly Binaryen wasm-binary.cpp readExport heap-based overflow — BinaryenCWE-122 | 5.3 | Medium | 2025-12-19 |
This page lists every published CVE security advisory associated with WebAssembly. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.