auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +106 more potentially affected by CVE-2026-34944 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-34944 Source advisory: OSV:GHSA-QQFJ-4VCM-26HV...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +106 more potentially affected by CVE-2026-34943 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-34943 Source advisory: OSV:GHSA-M758-WJHJ-P3JQ...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +106 more potentially affected by CVE-2026-27204 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-27204 Source advisory: OSV:RUSTSEC-2026-0020...

OSV-2026-150 Null-dereference READ in wasm_runtime_invoke_native

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=478557340 Crash type: Null-dereference READ Crash state: wasmruntimeinvokenative wasminterpcallwasm wasmcallfunction...

Malicious code in skiko-js-wasm-runtime (npm)

--- -= Per source details. Do not edit below this line.=-...

AZL-66048 CVE-2025-54126 affecting package fluent-bit for versions less than 3.0.6-3

The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. In versions 2.4.0 and below, iwasm uses --addr-pool with an IPv4 address that lacks a subnet mask, allowing the system to...

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the symlink creation process. An attacker can create or modify files outside of the intended sandboxed directory by creating a symlink that points to an external directory or file. Note: This is...

AZL-52557 CVE-2024-27532 affecting package fluent-bit for versions less than 2.2.3-6

wasm-micro-runtime aka WebAssembly Micro Runtime or WAMR 06df58f is vulnerable to NULL Pointer Dereference in function blocktypegetresulttypes...

AZL-53175 CVE-2024-25431 affecting package fluent-bit for versions less than 3.1.9-1

An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the checkwasabicompatibility function...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +106 more potentially affected by CVE-2024-51745 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2024-51745 Source advisory: OSV:RUSTSEC-2024-0438...

An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c.

...

Security update for trivy (moderate)

openSUSE Security Update: Security update for trivy Announcement ID: openSUSE-SU-2022:10081-1 Rating: moderate References: Cross-References: CVE-2022-1996 CVSS scores: CVE-2022-1996 NVD : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-1996 SUSE: 7.5...