| CVE-2026-39804 |
high |
— |
8.0 |
|
|
|
28d ago |
Bandit's unbounded WebSocket inflate causes BEAM OOM with a single frame |
| CVE-2026-42786 |
high |
— |
8.0 |
|
|
|
28d ago |
Bandit Buffers Unbounded WebSocket Continuation Frames, Allowing Unauthenticated Memory Exhaustion |
| CVE-2026-39806 |
high |
7.5 |
7.5 |
|
|
|
16d ago |
Bandit: Unauthenticated DoS via chunked request trailers in Bandit HTTP/1 decoder |
| CVE-2026-39803 |
high |
7.5 |
7.5 |
|
|
|
16d ago |
Bandit: Unauthenticated one-shot DoS via `Transfer-Encoding: chunked` |
| CVE-2026-39805 |
medium |
— |
5.5 |
|
|
|
28d ago |
Bandit is vulnerable to CL.CL request smuggling via unrejected duplicate `Content-Length` header |
| CVE-2026-39807 |
medium |
— |
5.5 |
|
|
|
28d ago |
Bandit trusts client-supplied URI scheme on plaintext connections |
| CVE-2026-42788 |
medium |
— |
5.5 |
|
|
|
28d ago |
Bandit HTTP/2 Frame Size Limit Bypass via Late Buffer Check Enables Memory Exhaustion |