Package impact
Hex / bandit
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-39804 | high | — | 8.0 | 28d ago | Bandit's unbounded WebSocket inflate causes BEAM OOM with a single frame | |||
| CVE-2026-42786 | high | — | 8.0 | 28d ago | Bandit Buffers Unbounded WebSocket Continuation Frames, Allowing Unauthenticated Memory Exhaustion | |||
| CVE-2026-39806 | high | 7.5 | 7.5 | 17d ago | Bandit: Unauthenticated DoS via chunked request trailers in Bandit HTTP/1 decoder | |||
| CVE-2026-39803 | high | 7.5 | 7.5 | 17d ago | Bandit: Unauthenticated one-shot DoS via `Transfer-Encoding: chunked` |