HIGH 7.5 crates.io
GHSA-2r75-cxrj-cmph · CVE-2026-47261, RUSTSEC-2026-0149 wasmtime-wasi: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction
Modified: 6/9/2026
package
crates.io / wasmtime-wasi
pkg:crates.io/wasmtime-wasi
LOW 3.5 crates.io
GHSA-fm79-3f68-h2fc · CVE-2025-53901, RUSTSEC-2025-0046 Wasmtime CLI is vulnerable to host panic through its fd_renumber function
Modified: 2/4/2026
HIGH 7.5 crates.io
RUSTSEC-2026-0149 · CVE-2026-47261, GHSA-2r75-cxrj-cmph WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction
Modified: 5/22/2026
— crates.io
RUSTSEC-2026-0182 · GHSA-3p27-qvp9-27qf Leak in WASIp1 `fd_renumber` implementation
Modified: 6/15/2026