Browse all 11 CVE security advisories affecting WebAssembly. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WebAssembly enables high-performance client-side and server-side applications, commonly used for games, video editing, and computational tasks. Historically, it has faced vulnerabilities like remote code execution, cross-site scripting, and privilege escalation, often stemming from memory corruption flaws and insecure sandbox implementations. While designed with security in mind, allowing sandboxed execution, its interaction with JavaScript and native code has introduced attack vectors. Notable incidents include memory safety issues in early implementations and vulnerabilities in runtimes that could bypass security restrictions. With 10 CVEs recorded, security remains a focus area as adoption grows.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-15412 | WebAssembly wabt wasm-decompile VarName out-of-bounds — wabtCWE-125 | 5.3 | Medium | 2026-01-01 |
| CVE-2025-15411 | WebAssembly wabt wasm-decompile InsertNode memory corruption — wabtCWE-119 | 5.3 | Medium | 2026-01-01 |
| CVE-2025-6275 | WebAssembly wabt binary-reader-interp.cc GetFuncOffset use after free — wabtCWE-416 | 3.3 | Low | 2025-06-19 |
| CVE-2025-6274 | WebAssembly wabt binary-reader-interp.cc OnDataCount resource consumption — wabtCWE-400 | 3.3 | Low | 2025-06-19 |
| CVE-2025-6273 | WebAssembly wabt binary-reader-objdump.cc LogOpcode assertion — wabtCWE-617 | 3.3 | Low | 2025-06-19 |
| CVE-2025-3122 | WebAssembly wabt binary-reader-interp.cc BeginFunctionBody null pointer dereference — wabtCWE-476 | 3.1 | Low | 2025-04-02 |
| CVE-2025-2584 | WebAssembly wabt binary-reader-interp.cc GetReturnCallDropKeepCount heap-based overflow — wabtCWE-122 | 5.0 | Medium | 2025-03-21 |
| CVE-2025-2368 | WebAssembly wabt Malformed File binary-reader-interp.cc OnExport heap-based overflow — wabtCWE-122 | 6.3 | Medium | 2025-03-17 |
This page lists every published CVE security advisory associated with WebAssembly. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.