Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/brotli@1.0.4
Typepypi
Namespace
Namebrotli
Version1.0.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.2.0
Latest_non_vulnerable_version1.2.0
Affected_by_vulnerabilities
0
url VCID-69ua-s6h2-3uhc
vulnerability_id VCID-69ua-s6h2-3uhc
summary A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8927.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8927.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36846
reference_id
reference_type
scores
0
value 0.0054
scoring_system epss
scoring_elements 0.67617
published_at 2026-04-13T12:55:00Z
1
value 0.0054
scoring_system epss
scoring_elements 0.6754
published_at 2026-04-01T12:55:00Z
2
value 0.0054
scoring_system epss
scoring_elements 0.67576
published_at 2026-04-07T12:55:00Z
3
value 0.0054
scoring_system epss
scoring_elements 0.67627
published_at 2026-04-08T12:55:00Z
4
value 0.0054
scoring_system epss
scoring_elements 0.67598
published_at 2026-04-04T12:55:00Z
5
value 0.0054
scoring_system epss
scoring_elements 0.6764
published_at 2026-04-09T12:55:00Z
6
value 0.0054
scoring_system epss
scoring_elements 0.67663
published_at 2026-04-11T12:55:00Z
7
value 0.0054
scoring_system epss
scoring_elements 0.67649
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36846
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8927
reference_id
reference_type
scores
0
value 0.0031
scoring_system epss
scoring_elements 0.54138
published_at 2026-04-08T12:55:00Z
1
value 0.0031
scoring_system epss
scoring_elements 0.54146
published_at 2026-04-13T12:55:00Z
2
value 0.0031
scoring_system epss
scoring_elements 0.54167
published_at 2026-04-12T12:55:00Z
3
value 0.0031
scoring_system epss
scoring_elements 0.54185
published_at 2026-04-11T12:55:00Z
4
value 0.0031
scoring_system epss
scoring_elements 0.54135
published_at 2026-04-09T12:55:00Z
5
value 0.0031
scoring_system epss
scoring_elements 0.54086
published_at 2026-04-07T12:55:00Z
6
value 0.0031
scoring_system epss
scoring_elements 0.54112
published_at 2026-04-04T12:55:00Z
7
value 0.0031
scoring_system epss
scoring_elements 0.54083
published_at 2026-04-02T12:55:00Z
8
value 0.0031
scoring_system epss
scoring_elements 0.54065
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8927
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8927
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8927
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/bitemyapp/brotli2-rs
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bitemyapp/brotli2-rs
7
reference_url https://github.com/bitemyapp/brotli2-rs/issues/45
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bitemyapp/brotli2-rs/issues/45
8
reference_url https://github.com/github/advisory-database/issues/785
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/issues/785
9
reference_url https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/
url https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6
10
reference_url https://github.com/google/brotli/releases/tag/v1.0.8
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/google/brotli/releases/tag/v1.0.8
11
reference_url https://github.com/google/brotli/releases/tag/v1.0.9
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/google/brotli/releases/tag/v1.0.9
12
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/brotli/PYSEC-2020-29.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/brotli/PYSEC-2020-29.yaml
13
reference_url https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/
26
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK
27
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG
29
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8927
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/
url https://nvd.nist.gov/vuln/detail/CVE-2020-8927
30
reference_url https://rustsec.org/advisories/RUSTSEC-2021-0131.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2021-0131.html
31
reference_url https://rustsec.org/advisories/RUSTSEC-2021-0132.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2021-0132.html
32
reference_url https://usn.ubuntu.com/4568-1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4568-1
33
reference_url https://usn.ubuntu.com/4568-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4568-1/
34
reference_url https://www.debian.org/security/2020/dsa-4801
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4801
35
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1879225
reference_id 1879225
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1879225
36
reference_url https://github.com/google/brotli/pull/826
reference_id 826
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/
url https://github.com/google/brotli/pull/826
37
reference_url https://security.archlinux.org/ASA-202009-12
reference_id ASA-202009-12
reference_type
scores
url https://security.archlinux.org/ASA-202009-12
38
reference_url https://security.archlinux.org/ASA-202009-13
reference_id ASA-202009-13
reference_type
scores
url https://security.archlinux.org/ASA-202009-13
39
reference_url https://security.archlinux.org/AVG-1230
reference_id AVG-1230
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1230
40
reference_url https://security.archlinux.org/AVG-1231
reference_id AVG-1231
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1231
41
reference_url https://github.com/timlegge/perl-IO-Compress-Brotli/blob/8b44c83b23bb4658179e1494af4b725a1bc476bc/Changes#L52
reference_id Changes#L52
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/
url https://github.com/timlegge/perl-IO-Compress-Brotli/blob/8b44c83b23bb4658179e1494af4b725a1bc476bc/Changes#L52
42
reference_url https://github.com/advisories/GHSA-5v8v-66v8-mwm7
reference_id GHSA-5v8v-66v8-mwm7
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/
url https://github.com/advisories/GHSA-5v8v-66v8-mwm7
43
reference_url https://access.redhat.com/errata/RHSA-2021:1702
reference_id RHSA-2021:1702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1702
44
reference_url https://access.redhat.com/errata/RHSA-2022:0827
reference_id RHSA-2022:0827
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0827
45
reference_url https://access.redhat.com/errata/RHSA-2022:0828
reference_id RHSA-2022:0828
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0828
46
reference_url https://access.redhat.com/errata/RHSA-2022:0829
reference_id RHSA-2022:0829
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0829
47
reference_url https://access.redhat.com/errata/RHSA-2022:0830
reference_id RHSA-2022:0830
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0830
fixed_packages
0
url pkg:pypi/brotli@1.0.8
purl pkg:pypi/brotli@1.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dc1m-rt7j-w3af
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/brotli@1.0.8
aliases BIT-brotli-2020-8927, BIT-dotnet-2020-8927, BIT-dotnet-sdk-2020-8927, BIT-powershell-2020-8927, CVE-2020-36846, CVE-2020-8927, GHSA-5v8v-66v8-mwm7, GO-2025-3726, PYSEC-2020-29, RUSTSEC-2021-0131, RUSTSEC-2021-0132
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-69ua-s6h2-3uhc
1
url VCID-dc1m-rt7j-w3af
vulnerability_id VCID-dc1m-rt7j-w3af
summary 
Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation
Scrapy versions up to 2.13.3 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression. Mitigation for this vulnerability needs security enhancement added in brotli v1.2.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6176.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6176.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-6176
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.08068
published_at 2026-04-08T12:55:00Z
1
value 0.00028
scoring_system epss
scoring_elements 0.08092
published_at 2026-04-09T12:55:00Z
2
value 0.00028
scoring_system epss
scoring_elements 0.08
published_at 2026-04-02T12:55:00Z
3
value 0.00028
scoring_system epss
scoring_elements 0.08047
published_at 2026-04-04T12:55:00Z
4
value 0.00028
scoring_system epss
scoring_elements 0.08008
published_at 2026-04-07T12:55:00Z
5
value 0.00033
scoring_system epss
scoring_elements 0.09763
published_at 2026-04-12T12:55:00Z
6
value 0.00033
scoring_system epss
scoring_elements 0.09747
published_at 2026-04-13T12:55:00Z
7
value 0.00033
scoring_system epss
scoring_elements 0.09795
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-6176
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6176
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6176
3
reference_url https://github.com/google/brotli
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/google/brotli
4
reference_url https://github.com/google/brotli/commit/67d78bc41db1a0d03f2e763497748f2f69946627
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/google/brotli/commit/67d78bc41db1a0d03f2e763497748f2f69946627
5
reference_url https://github.com/google/brotli/issues/1327
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/google/brotli/issues/1327
6
reference_url https://github.com/google/brotli/issues/1375
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/google/brotli/issues/1375
7
reference_url https://github.com/google/brotli/pull/1234
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/google/brotli/pull/1234
8
reference_url https://github.com/google/brotli/releases/tag/v1.2.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/google/brotli/releases/tag/v1.2.0
9
reference_url https://github.com/scrapy/scrapy/commit/14737e91edc513967f516fc839cc9c8a4f8d91da
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/scrapy/scrapy/commit/14737e91edc513967f516fc839cc9c8a4f8d91da
10
reference_url https://github.com/scrapy/scrapy/pull/7134
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/scrapy/scrapy/pull/7134
11
reference_url https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-31T16:15:58Z/
url https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2408762
reference_id 2408762
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2408762
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-6176
reference_id CVE-2025-6176
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-6176
14
reference_url https://github.com/advisories/GHSA-2qfp-q593-8484
reference_id GHSA-2qfp-q593-8484
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2qfp-q593-8484
15
reference_url https://access.redhat.com/errata/RHSA-2026:0008
reference_id RHSA-2026:0008
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0008
16
reference_url https://access.redhat.com/errata/RHSA-2026:0845
reference_id RHSA-2026:0845
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0845
17
reference_url https://access.redhat.com/errata/RHSA-2026:2042
reference_id RHSA-2026:2042
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2042
18
reference_url https://access.redhat.com/errata/RHSA-2026:2226
reference_id RHSA-2026:2226
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2226
19
reference_url https://access.redhat.com/errata/RHSA-2026:2227
reference_id RHSA-2026:2227
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2227
20
reference_url https://access.redhat.com/errata/RHSA-2026:2228
reference_id RHSA-2026:2228
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2228
21
reference_url https://access.redhat.com/errata/RHSA-2026:2229
reference_id RHSA-2026:2229
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2229
22
reference_url https://access.redhat.com/errata/RHSA-2026:2389
reference_id RHSA-2026:2389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2389
23
reference_url https://access.redhat.com/errata/RHSA-2026:2399
reference_id RHSA-2026:2399
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2399
24
reference_url https://access.redhat.com/errata/RHSA-2026:2400
reference_id RHSA-2026:2400
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2400
25
reference_url https://access.redhat.com/errata/RHSA-2026:2401
reference_id RHSA-2026:2401
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2401
26
reference_url https://access.redhat.com/errata/RHSA-2026:2455
reference_id RHSA-2026:2455
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2455
27
reference_url https://access.redhat.com/errata/RHSA-2026:2737
reference_id RHSA-2026:2737
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2737
28
reference_url https://access.redhat.com/errata/RHSA-2026:2800
reference_id RHSA-2026:2800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2800
29
reference_url https://access.redhat.com/errata/RHSA-2026:2844
reference_id RHSA-2026:2844
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2844
30
reference_url https://access.redhat.com/errata/RHSA-2026:2974
reference_id RHSA-2026:2974
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2974
31
reference_url https://access.redhat.com/errata/RHSA-2026:2976
reference_id RHSA-2026:2976
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2976
32
reference_url https://access.redhat.com/errata/RHSA-2026:3392
reference_id RHSA-2026:3392
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3392
33
reference_url https://access.redhat.com/errata/RHSA-2026:3406
reference_id RHSA-2026:3406
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3406
34
reference_url https://access.redhat.com/errata/RHSA-2026:3415
reference_id RHSA-2026:3415
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3415
35
reference_url https://access.redhat.com/errata/RHSA-2026:3417
reference_id RHSA-2026:3417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3417
36
reference_url https://access.redhat.com/errata/RHSA-2026:3861
reference_id RHSA-2026:3861
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3861
37
reference_url https://access.redhat.com/errata/RHSA-2026:4419
reference_id RHSA-2026:4419
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4419
38
reference_url https://access.redhat.com/errata/RHSA-2026:4465
reference_id RHSA-2026:4465
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4465
fixed_packages
0
url pkg:pypi/brotli@1.2.0
purl pkg:pypi/brotli@1.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/brotli@1.2.0
aliases CVE-2025-6176, GHSA-2qfp-q593-8484
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dc1m-rt7j-w3af
Fixing_vulnerabilities
Risk_score4.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/brotli@1.0.4