Safe binary execution is a crucial requirement in to- day's security-critical computing infrastructures. WebAssem- bly is an emerging language designed for safe binary execution that has been deployed in many security-critical domains, such as blockchain, edge computing, and clouds. However, WebAssembly's security guarantee is not a panacea, and recent studies have revealed a large spectrum of security issues such as integer overflows and memory vulnerabilities, leading to serious security hazards to WebAssembly applications. In this paper, we present Wasmdypa, the first automated bug detection framework for WebAssembly programs based on dynamic program analysis with three primary components: 1) an input generator for WebAssembly binaries; 2) static instrumentation hooks with extensible interfaces to record runtime information; and 3) dynamic program analysis al- gorithms as security plugins to detect vulnerabilities. We have implemented a software prototype for Wasmdypa, and have conducted experiments to evaluate the effectiveness, usefulness, performance of our approach. The experimental results demonstrated that WASMDYPA can accurately detect vulnerabilities with an 88.24% precision and a 93.75% recall. Furthermore, WASMDYPA detected 56 bugs in real-world WebAssembly programs, including 2 integer overflows and 54 memory bugs.