GHSA-M758-WJHJ-P3JQ Wasmtime has a possible panic when lifting `flags` component value

Impact Wasmtime contains a possible panic which can happen when a flags-typed component model value is lifted with the Val type. If bits are set outside of the set of flags the component model specifies that these bits should be ignored but Wasmtime will panic when this value is lifted. This pani...

CVE-2026-34943 Wasmtime panics when lifting `flags` component value

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a possible panic which can happen when a flags-typed component model value is lifted with the Val type. If bits are set outside of the set of flags the component model specifies that these bits...

CVE-2026-27887 Spin has memory leaks in various WIT interfaces

Spin is an open source developer tool for building and running serverless applications powered by WebAssembly. When Spin is configured to allow connections to a database or web server which could return responses of unbounded size e.g. tables with many rows or large content bodies, Spin may in so...

CVE-2026-27887

CVE-2026-27887 affects Spin and related components where buffering an entire response from a database or HTTP server can exhaust host memory, causing panics/crashes. The issue arises when a guest app inserts large numbers of rows or large content bodies and Spin buffers the full response before d...