Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/64777?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/64777?format=api", "purl": "pkg:pypi/brotli@1.2.0", "type": "pypi", "namespace": "", "name": "brotli", "version": "1.2.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22199?format=api", "vulnerability_id": "VCID-dc1m-rt7j-w3af", "summary": "Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation\nScrapy versions up to 2.13.3 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression. Mitigation for this vulnerability needs security enhancement added in brotli v1.2.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6176.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6176.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6176", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08068", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08092", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08047", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08008", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09763", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09633", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09747", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09795", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6176" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6176", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6176" }, { "reference_url": "https://github.com/google/brotli", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/google/brotli" }, { "reference_url": "https://github.com/google/brotli/commit/67d78bc41db1a0d03f2e763497748f2f69946627", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/google/brotli/commit/67d78bc41db1a0d03f2e763497748f2f69946627" }, { "reference_url": "https://github.com/google/brotli/issues/1327", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/google/brotli/issues/1327" }, { "reference_url": "https://github.com/google/brotli/issues/1375", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/google/brotli/issues/1375" }, { "reference_url": "https://github.com/google/brotli/pull/1234", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/google/brotli/pull/1234" }, { "reference_url": "https://github.com/google/brotli/releases/tag/v1.2.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/google/brotli/releases/tag/v1.2.0" }, { "reference_url": "https://github.com/scrapy/scrapy/commit/14737e91edc513967f516fc839cc9c8a4f8d91da", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy/commit/14737e91edc513967f516fc839cc9c8a4f8d91da" }, { "reference_url": "https://github.com/scrapy/scrapy/pull/7134", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy/pull/7134" }, { "reference_url": "https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-31T16:15:58Z/" } ], "url": "https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408762", "reference_id": "2408762", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408762" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6176", "reference_id": "CVE-2025-6176", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6176" }, { "reference_url": "https://github.com/advisories/GHSA-2qfp-q593-8484", "reference_id": "GHSA-2qfp-q593-8484", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2qfp-q593-8484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0008", "reference_id": "RHSA-2026:0008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0008" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0845", "reference_id": "RHSA-2026:0845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2042", "reference_id": "RHSA-2026:2042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2226", "reference_id": "RHSA-2026:2226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2226" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2227", "reference_id": "RHSA-2026:2227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2228", "reference_id": "RHSA-2026:2228", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2228" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2229", "reference_id": "RHSA-2026:2229", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2229" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2389", "reference_id": "RHSA-2026:2389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2399", "reference_id": "RHSA-2026:2399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2400", "reference_id": "RHSA-2026:2400", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2400" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2401", "reference_id": "RHSA-2026:2401", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2401" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2455", "reference_id": "RHSA-2026:2455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2455" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2737", "reference_id": "RHSA-2026:2737", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2737" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2800", "reference_id": "RHSA-2026:2800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2844", "reference_id": "RHSA-2026:2844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2974", "reference_id": "RHSA-2026:2974", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2974" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2976", "reference_id": "RHSA-2026:2976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3392", "reference_id": "RHSA-2026:3392", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3392" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3406", "reference_id": "RHSA-2026:3406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3406" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3415", "reference_id": "RHSA-2026:3415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3417", "reference_id": "RHSA-2026:3417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3861", "reference_id": "RHSA-2026:3861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4419", "reference_id": "RHSA-2026:4419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4419" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4465", "reference_id": "RHSA-2026:4465", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4465" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64777?format=api", "purl": "pkg:pypi/brotli@1.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/brotli@1.2.0" } ], "aliases": [ "CVE-2025-6176", "GHSA-2qfp-q593-8484" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dc1m-rt7j-w3af" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/brotli@1.2.0" }