Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/brotli@1.2.0-3?distro=trixie

Type deb

Namespace debian

Name brotli

Version 1.2.0-3

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-5k7n-7c84-gkfx

vulnerability_id VCID-5k7n-7c84-gkfx

summary

Multiple vulnerabilities have been found in the Chromium web
    browser, the worst of which allows remote attackers to execute arbitrary
    code.

references

reference_url	http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html
reference_id
reference_type
scores
url	http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html

reference_url	http://lists.opensuse.org/opensuse-updates/2016-02/msg00104.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-02/msg00104.html

reference_url	http://lists.opensuse.org/opensuse-updates/2016-02/msg00119.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-02/msg00119.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0241.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0241.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1624.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1624.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-1624

reference_id

reference_type

scores

value	0.01418
scoring_system	epss
scoring_elements	0.80602
published_at	2026-04-16T12:55:00Z

value	0.01418
scoring_system	epss
scoring_elements	0.80581
published_at	2026-04-12T12:55:00Z

value	0.01418
scoring_system	epss
scoring_elements	0.80574
published_at	2026-04-13T12:55:00Z

value	0.01418
scoring_system	epss
scoring_elements	0.80519
published_at	2026-04-01T12:55:00Z

value	0.01418
scoring_system	epss
scoring_elements	0.80525
published_at	2026-04-02T12:55:00Z

value	0.01418
scoring_system	epss
scoring_elements	0.80547
published_at	2026-04-04T12:55:00Z

value	0.01418
scoring_system	epss
scoring_elements	0.80539
published_at	2026-04-07T12:55:00Z

value	0.01418
scoring_system	epss
scoring_elements	0.80568
published_at	2026-04-08T12:55:00Z

value	0.01418
scoring_system	epss
scoring_elements	0.80578
published_at	2026-04-09T12:55:00Z

value	0.01418
scoring_system	epss
scoring_elements	0.80595
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1624

reference_url	https://code.google.com/p/chromium/issues/detail?id=583607
reference_id
reference_type
scores
url	https://code.google.com/p/chromium/issues/detail?id=583607

reference_url	https://codereview.chromium.org/1662313002
reference_id
reference_type
scores
url	https://codereview.chromium.org/1662313002

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1623
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1624
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1624

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1625
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1625

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1628
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1628

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1629
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1629

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	http://www.debian.org/security/2016/dsa-3486
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3486

reference_url	http://www.securityfocus.com/bid/83125
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/83125

reference_url	http://www.securitytracker.com/id/1035183
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035183

reference_url	http://www.ubuntu.com/usn/USN-2895-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2895-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1306154
reference_id	1306154
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1306154

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817233
reference_id	817233
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817233

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome::::::::
reference_id	cpe:2.3:a:google:chrome::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-1624

reference_id

CVE-2016-1624

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1624

reference_url	https://security.gentoo.org/glsa/201603-09
reference_id	GLSA-201603-09
reference_type
scores
url	https://security.gentoo.org/glsa/201603-09

reference_url	https://access.redhat.com/errata/RHSA-2016:0241
reference_id	RHSA-2016:0241
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0241

reference_url	https://usn.ubuntu.com/2895-1/
reference_id	USN-2895-1
reference_type
scores
url	https://usn.ubuntu.com/2895-1/

fixed_packages

url	pkg:deb/debian/brotli@0.3.0%2Bdfsg-3?distro=trixie
purl	pkg:deb/debian/brotli@0.3.0%2Bdfsg-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/brotli@0.3.0%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/brotli@1.0.9-2?distro=trixie
purl	pkg:deb/debian/brotli@1.0.9-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/brotli@1.0.9-2%3Fdistro=trixie

url	pkg:deb/debian/brotli@1.1.0-2?distro=trixie
purl	pkg:deb/debian/brotli@1.1.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/brotli@1.1.0-2%3Fdistro=trixie

url	pkg:deb/debian/brotli@1.2.0-3?distro=trixie
purl	pkg:deb/debian/brotli@1.2.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/brotli@1.2.0-3%3Fdistro=trixie

aliases CVE-2016-1624

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5k7n-7c84-gkfx

url VCID-69ua-s6h2-3uhc

vulnerability_id VCID-69ua-s6h2-3uhc

summary A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8927.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8927.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36846

reference_id

reference_type

scores

value	0.0054
scoring_system	epss
scoring_elements	0.67663
published_at	2026-04-11T12:55:00Z

value	0.0054
scoring_system	epss
scoring_elements	0.67651
published_at	2026-04-16T12:55:00Z

value	0.0054
scoring_system	epss
scoring_elements	0.67576
published_at	2026-04-07T12:55:00Z

value	0.0054
scoring_system	epss
scoring_elements	0.6754
published_at	2026-04-01T12:55:00Z

value	0.0054
scoring_system	epss
scoring_elements	0.67627
published_at	2026-04-08T12:55:00Z

value	0.0054
scoring_system	epss
scoring_elements	0.67598
published_at	2026-04-04T12:55:00Z

value	0.0054
scoring_system	epss
scoring_elements	0.6764
published_at	2026-04-09T12:55:00Z

value	0.0054
scoring_system	epss
scoring_elements	0.67649
published_at	2026-04-12T12:55:00Z

value	0.0054
scoring_system	epss
scoring_elements	0.67617
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36846

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8927

reference_id

reference_type

scores

value	0.0031
scoring_system	epss
scoring_elements	0.54065
published_at	2026-04-01T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54184
published_at	2026-04-16T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54146
published_at	2026-04-13T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54167
published_at	2026-04-12T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54185
published_at	2026-04-11T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54135
published_at	2026-04-09T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54138
published_at	2026-04-08T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54086
published_at	2026-04-07T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54112
published_at	2026-04-04T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54083
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8927

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8927
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8927

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/bitemyapp/brotli2-rs

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/bitemyapp/brotli2-rs

reference_url

https://github.com/bitemyapp/brotli2-rs/issues/45

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/bitemyapp/brotli2-rs/issues/45

reference_url

https://github.com/github/advisory-database/issues/785

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/github/advisory-database/issues/785

reference_url

https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/

url

https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6

reference_url

https://github.com/google/brotli/releases/tag/v1.0.8

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/google/brotli/releases/tag/v1.0.8

reference_url

https://github.com/google/brotli/releases/tag/v1.0.9

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/google/brotli/releases/tag/v1.0.9

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/brotli/PYSEC-2020-29.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/brotli/PYSEC-2020-29.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-8927

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8927

reference_url

https://rustsec.org/advisories/RUSTSEC-2021-0131.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2021-0131.html

reference_url

https://rustsec.org/advisories/RUSTSEC-2021-0132.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2021-0132.html

reference_url

https://usn.ubuntu.com/4568-1

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/4568-1

reference_url	https://usn.ubuntu.com/4568-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4568-1/

reference_url

https://www.debian.org/security/2020/dsa-4801

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2020/dsa-4801

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1879225
reference_id	1879225
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1879225

reference_url

https://github.com/google/brotli/pull/826

reference_id

826

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/

url

https://github.com/google/brotli/pull/826

reference_url	https://security.archlinux.org/ASA-202009-12
reference_id	ASA-202009-12
reference_type
scores
url	https://security.archlinux.org/ASA-202009-12

reference_url	https://security.archlinux.org/ASA-202009-13
reference_id	ASA-202009-13
reference_type
scores
url	https://security.archlinux.org/ASA-202009-13

reference_url

https://security.archlinux.org/AVG-1230

reference_id

AVG-1230

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1230

reference_url

https://security.archlinux.org/AVG-1231

reference_id

AVG-1231

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1231

reference_url

https://github.com/timlegge/perl-IO-Compress-Brotli/blob/8b44c83b23bb4658179e1494af4b725a1bc476bc/Changes#L52

reference_id

Changes#L52

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/

url

https://github.com/timlegge/perl-IO-Compress-Brotli/blob/8b44c83b23bb4658179e1494af4b725a1bc476bc/Changes#L52

reference_url

https://github.com/advisories/GHSA-5v8v-66v8-mwm7

reference_id

GHSA-5v8v-66v8-mwm7

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/

url

https://github.com/advisories/GHSA-5v8v-66v8-mwm7

reference_url	https://access.redhat.com/errata/RHSA-2021:1702
reference_id	RHSA-2021:1702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1702

reference_url	https://access.redhat.com/errata/RHSA-2022:0827
reference_id	RHSA-2022:0827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0827

reference_url	https://access.redhat.com/errata/RHSA-2022:0828
reference_id	RHSA-2022:0828
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0828

reference_url	https://access.redhat.com/errata/RHSA-2022:0829
reference_id	RHSA-2022:0829
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0829

reference_url	https://access.redhat.com/errata/RHSA-2022:0830
reference_id	RHSA-2022:0830
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0830

fixed_packages

url	pkg:deb/debian/brotli@1.0.9-1?distro=trixie
purl	pkg:deb/debian/brotli@1.0.9-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/brotli@1.0.9-1%3Fdistro=trixie

url	pkg:deb/debian/brotli@1.0.9-2?distro=trixie
purl	pkg:deb/debian/brotli@1.0.9-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/brotli@1.0.9-2%3Fdistro=trixie

url	pkg:deb/debian/brotli@1.1.0-2?distro=trixie
purl	pkg:deb/debian/brotli@1.1.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/brotli@1.1.0-2%3Fdistro=trixie

url	pkg:deb/debian/brotli@1.2.0-3?distro=trixie
purl	pkg:deb/debian/brotli@1.2.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/brotli@1.2.0-3%3Fdistro=trixie

aliases BIT-brotli-2020-8927, BIT-dotnet-2020-8927, BIT-dotnet-sdk-2020-8927, BIT-powershell-2020-8927, CVE-2020-36846, CVE-2020-8927, GHSA-5v8v-66v8-mwm7, GO-2025-3726, PYSEC-2020-29, RUSTSEC-2021-0131, RUSTSEC-2021-0132

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-69ua-s6h2-3uhc

url VCID-ywys-vj5p-ubbe

vulnerability_id VCID-ywys-vj5p-ubbe

summary

Multiple vulnerabilities have been found in Firefox, Thunderbird,
    Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with
    the worst of which may allow remote execution of arbitrary code.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1968.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1968.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-1968

reference_id

reference_type

scores

value	0.01806
scoring_system	epss
scoring_elements	0.82855
published_at	2026-04-16T12:55:00Z

value	0.01806
scoring_system	epss
scoring_elements	0.82751
published_at	2026-04-01T12:55:00Z

value	0.01806
scoring_system	epss
scoring_elements	0.82809
published_at	2026-04-09T12:55:00Z

value	0.01806
scoring_system	epss
scoring_elements	0.82826
published_at	2026-04-11T12:55:00Z

value	0.01806
scoring_system	epss
scoring_elements	0.82821
published_at	2026-04-12T12:55:00Z

value	0.01806
scoring_system	epss
scoring_elements	0.82816
published_at	2026-04-13T12:55:00Z

value	0.01806
scoring_system	epss
scoring_elements	0.82767
published_at	2026-04-02T12:55:00Z

value	0.01806
scoring_system	epss
scoring_elements	0.82781
published_at	2026-04-04T12:55:00Z

value	0.01806
scoring_system	epss
scoring_elements	0.82778
published_at	2026-04-07T12:55:00Z

value	0.01806
scoring_system	epss
scoring_elements	0.82804
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1968

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1246742
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1246742

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	http://www.mozilla.org/security/announce/2016/mfsa2016-30.html
reference_id
reference_type
scores
url	http://www.mozilla.org/security/announce/2016/mfsa2016-30.html

reference_url	http://www.securitytracker.com/id/1035215
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035215

reference_url	http://www.ubuntu.com/usn/USN-2917-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-1

reference_url	http://www.ubuntu.com/usn/USN-2917-2
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-2

reference_url	http://www.ubuntu.com/usn/USN-2917-3
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1315777
reference_id	1315777
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1315777

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817233
reference_id	817233
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817233

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1968
reference_id	CVE-2016-1968
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1968

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-1968

reference_id

CVE-2016-1968

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1968

reference_url	https://security.gentoo.org/glsa/201605-06
reference_id	GLSA-201605-06
reference_type
scores
url	https://security.gentoo.org/glsa/201605-06

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-30

reference_id

mfsa2016-30

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-30

reference_url	https://usn.ubuntu.com/2917-1/
reference_id	USN-2917-1
reference_type
scores
url	https://usn.ubuntu.com/2917-1/

fixed_packages

url	pkg:deb/debian/brotli@0.3.0%2Bdfsg-3?distro=trixie
purl	pkg:deb/debian/brotli@0.3.0%2Bdfsg-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/brotli@0.3.0%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/brotli@1.0.9-2?distro=trixie
purl	pkg:deb/debian/brotli@1.0.9-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/brotli@1.0.9-2%3Fdistro=trixie

url	pkg:deb/debian/brotli@1.1.0-2?distro=trixie
purl	pkg:deb/debian/brotli@1.1.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/brotli@1.1.0-2%3Fdistro=trixie

url	pkg:deb/debian/brotli@1.2.0-3?distro=trixie
purl	pkg:deb/debian/brotli@1.2.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/brotli@1.2.0-3%3Fdistro=trixie

aliases CVE-2016-1968

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ywys-vj5p-ubbe

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/brotli@1.2.0-3%3Fdistro=trixie

Package Instance