Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/brotli@1.0.6-4?arch=el8_4
Typerpm
Namespaceredhat
Namebrotli
Version1.0.6-4
Qualifiers
arch el8_4
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-dc1m-rt7j-w3af
vulnerability_id VCID-dc1m-rt7j-w3af
summary 
Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation
Scrapy versions up to 2.13.3 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression. Mitigation for this vulnerability needs security enhancement added in brotli v1.2.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6176.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6176.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-6176
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.08047
published_at 2026-04-04T12:55:00Z
1
value 0.00028
scoring_system epss
scoring_elements 0.08092
published_at 2026-04-09T12:55:00Z
2
value 0.00028
scoring_system epss
scoring_elements 0.08068
published_at 2026-04-08T12:55:00Z
3
value 0.00028
scoring_system epss
scoring_elements 0.08
published_at 2026-04-02T12:55:00Z
4
value 0.00028
scoring_system epss
scoring_elements 0.08008
published_at 2026-04-07T12:55:00Z
5
value 0.00033
scoring_system epss
scoring_elements 0.09747
published_at 2026-04-13T12:55:00Z
6
value 0.00033
scoring_system epss
scoring_elements 0.09605
published_at 2026-04-18T12:55:00Z
7
value 0.00033
scoring_system epss
scoring_elements 0.09633
published_at 2026-04-16T12:55:00Z
8
value 0.00033
scoring_system epss
scoring_elements 0.09795
published_at 2026-04-11T12:55:00Z
9
value 0.00033
scoring_system epss
scoring_elements 0.09763
published_at 2026-04-12T12:55:00Z
10
value 0.00037
scoring_system epss
scoring_elements 0.11087
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-6176
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6176
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6176
3
reference_url https://github.com/google/brotli
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/google/brotli
4
reference_url https://github.com/google/brotli/commit/67d78bc41db1a0d03f2e763497748f2f69946627
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/google/brotli/commit/67d78bc41db1a0d03f2e763497748f2f69946627
5
reference_url https://github.com/google/brotli/issues/1327
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/google/brotli/issues/1327
6
reference_url https://github.com/google/brotli/issues/1375
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/google/brotli/issues/1375
7
reference_url https://github.com/google/brotli/pull/1234
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/google/brotli/pull/1234
8
reference_url https://github.com/google/brotli/releases/tag/v1.2.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/google/brotli/releases/tag/v1.2.0
9
reference_url https://github.com/scrapy/scrapy/commit/14737e91edc513967f516fc839cc9c8a4f8d91da
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/scrapy/scrapy/commit/14737e91edc513967f516fc839cc9c8a4f8d91da
10
reference_url https://github.com/scrapy/scrapy/pull/7134
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/scrapy/scrapy/pull/7134
11
reference_url https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-31T16:15:58Z/
url https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2408762
reference_id 2408762
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2408762
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-6176
reference_id CVE-2025-6176
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-6176
14
reference_url https://github.com/advisories/GHSA-2qfp-q593-8484
reference_id GHSA-2qfp-q593-8484
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2qfp-q593-8484
15
reference_url https://access.redhat.com/errata/RHSA-2026:0008
reference_id RHSA-2026:0008
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0008
16
reference_url https://access.redhat.com/errata/RHSA-2026:0845
reference_id RHSA-2026:0845
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0845
17
reference_url https://access.redhat.com/errata/RHSA-2026:2042
reference_id RHSA-2026:2042
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2042
18
reference_url https://access.redhat.com/errata/RHSA-2026:2226
reference_id RHSA-2026:2226
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2226
19
reference_url https://access.redhat.com/errata/RHSA-2026:2227
reference_id RHSA-2026:2227
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2227
20
reference_url https://access.redhat.com/errata/RHSA-2026:2228
reference_id RHSA-2026:2228
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2228
21
reference_url https://access.redhat.com/errata/RHSA-2026:2229
reference_id RHSA-2026:2229
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2229
22
reference_url https://access.redhat.com/errata/RHSA-2026:2389
reference_id RHSA-2026:2389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2389
23
reference_url https://access.redhat.com/errata/RHSA-2026:2399
reference_id RHSA-2026:2399
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2399
24
reference_url https://access.redhat.com/errata/RHSA-2026:2400
reference_id RHSA-2026:2400
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2400
25
reference_url https://access.redhat.com/errata/RHSA-2026:2401
reference_id RHSA-2026:2401
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2401
26
reference_url https://access.redhat.com/errata/RHSA-2026:2455
reference_id RHSA-2026:2455
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2455
27
reference_url https://access.redhat.com/errata/RHSA-2026:2737
reference_id RHSA-2026:2737
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2737
28
reference_url https://access.redhat.com/errata/RHSA-2026:2800
reference_id RHSA-2026:2800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2800
29
reference_url https://access.redhat.com/errata/RHSA-2026:2844
reference_id RHSA-2026:2844
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2844
30
reference_url https://access.redhat.com/errata/RHSA-2026:2974
reference_id RHSA-2026:2974
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2974
31
reference_url https://access.redhat.com/errata/RHSA-2026:2976
reference_id RHSA-2026:2976
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2976
32
reference_url https://access.redhat.com/errata/RHSA-2026:3392
reference_id RHSA-2026:3392
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3392
33
reference_url https://access.redhat.com/errata/RHSA-2026:3406
reference_id RHSA-2026:3406
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3406
34
reference_url https://access.redhat.com/errata/RHSA-2026:3415
reference_id RHSA-2026:3415
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3415
35
reference_url https://access.redhat.com/errata/RHSA-2026:3417
reference_id RHSA-2026:3417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3417
36
reference_url https://access.redhat.com/errata/RHSA-2026:3861
reference_id RHSA-2026:3861
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3861
37
reference_url https://access.redhat.com/errata/RHSA-2026:4419
reference_id RHSA-2026:4419
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4419
38
reference_url https://access.redhat.com/errata/RHSA-2026:4465
reference_id RHSA-2026:4465
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4465
fixed_packages
aliases CVE-2025-6176, GHSA-2qfp-q593-8484
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dc1m-rt7j-w3af
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/brotli@1.0.6-4%3Farch=el8_4