VYPR

Brotli

by Google

pypi: brotli

Source repositories

CVEs (3)

  • CVE-2020-36846CriMay 30, 2025
    risk 0.57cvss 9.8epss 0.01

    A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library.  Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a "one-shot"…

  • CVE-2025-64508HigNov 10, 2025
    risk 0.42cvss 7.5epss 0.00

    Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" (highly compressed brotli streams, such as many zeros) can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to…

  • CVE-2025-6176HigOct 31, 2025
    risk 0.42cvss 7.5epss 0.01

    Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less…