Package impact
Hex / bandit
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-39805 | medium | — | 5.5 | 28d ago | Bandit is vulnerable to CL.CL request smuggling via unrejected duplicate `Content-Length` header | |||
| CVE-2026-39807 | medium | — | 5.5 | 28d ago | Bandit trusts client-supplied URI scheme on plaintext connections | |||
| CVE-2026-42788 | medium | — | 5.5 | 28d ago | Bandit HTTP/2 Frame Size Limit Bypass via Late Buffer Check Enables Memory Exhaustion |