GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
6 advisories
Bandit: Unauthenticated DoS via chunked request trailers in Bandit HTTP/1 decoder
High
CVE-2026-39806
was published
for
bandit
(Erlang)
May 19, 2026
Bandit: Unauthenticated one-shot DoS via `Transfer-Encoding: chunked`
High
CVE-2026-39803
was published
for
bandit
(Erlang)
May 19, 2026
Bandit trusts client-supplied URI scheme on plaintext connections
Moderate
CVE-2026-39807
was published
for
bandit
(Erlang)
May 7, 2026
Bandit is vulnerable to CL.CL request smuggling via unrejected duplicate `Content-Length` header
Moderate
CVE-2026-39805
was published
for
bandit
(Erlang)
May 7, 2026
Bandit Buffers Unbounded WebSocket Continuation Frames, Allowing Unauthenticated Memory Exhaustion
High
CVE-2026-42786
was published
for
bandit
(Erlang)
May 7, 2026
Bandit's unbounded WebSocket inflate causes BEAM OOM with a single frame
High
CVE-2026-39804
was published
for
bandit
(Erlang)
May 7, 2026
ProTip!
Advisories are also available from the
GraphQL API