VYPR

PyPI package

brotli

pkg:pypi/brotli

Vulnerabilities (2)

  • CVE-2025-6176HigOct 31, 2025
    affected < 1.2.0fixed 1.2.0

    Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less

  • CVE-2020-8927Sep 15, 2020
    affected < 1.0.8fixed 1.0.8

    A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to upda