pkg:Hex/bandit

7 total CVEs

✅ Check your installed version

All known vulnerabilities

  • CVE-2026-39806Bandit: Unauthenticated DoS via chunked request trailers in Bandit HTTP/1 decoder
    >= 1.6.0, < 1.11.1
  • CVE-2026-39803Bandit: Unauthenticated one-shot DoS via `Transfer-Encoding: chunked`
    >= 1.4.0, < 1.11.1
  • CVE-2026-42788Bandit HTTP/2 Frame Size Limit Bypass via Late Buffer Check Enables Memory Exhaustion
    >= 0.3.5, < 1.11.0
  • CVE-2026-39807Bandit trusts client-supplied URI scheme on plaintext connections
    >= 1.0.0, < 1.11.0
  • CVE-2026-39805Bandit is vulnerable to CL.CL request smuggling via unrejected duplicate `Content-Length` header
    from 0, < 1.11.0
  • CVE-2026-42786Bandit Buffers Unbounded WebSocket Continuation Frames, Allowing Unauthenticated Memory Exhaustion
    >= 0.5.0, < 1.11.0
  • CVE-2026-39804Bandit's unbounded WebSocket inflate causes BEAM OOM with a single frame
    >= 0.5.8, < 1.11.0