Huawei EulerOS: Security Advisory for brotli (EulerOS-SA-2026-1476)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

article-extract (>=0.1.2 <=0.1.3), athlinks-races (>=0.0.4 <=0.0.7) +51 more potentially affected by unknown CVE via scrapy (>=1.4.0 <=2.14.1)

scrapy PYPI version =1.4.0, =0.1.2, =0.0.4, =3.4.0, =2.8.3, =0.0.1.dev1, =1.3.0, =1.2.1.20160901, =0.2.0, =0.0.5, =0.2.4, =0.0.2, =0.3.0a0, =0.0.20, =0.0.34 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-SCRAPY-15624315...

EulerOS 2.0 SP13 : brotli (EulerOS-SA-2026-1206)

According to the versions of the brotli package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The...

OESA-2025-2668 brotli security update

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...

DEBIAN-CVE-2025-6176

Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...

ayugespidertools (>=3.4.0 <=3.9.5), baotool (=1.0.1) +7 more potentially affected by CVE-2024-3572 via scrapy (>=2.0.1 <=2.11.0)

scrapy PYPI version =2.0.1, =3.4.0, =2.8.3, =0.3.0a0, =0.1.2, =0.2.3, =0.2.1, =0.4.0, =0.8.1 Source cves: CVE-2024-3572 Source advisory: OSV:GHSA-7J7M-V7M3-JQM7...

2adif (=0.1.0), addgene-mcp (>=0.1.0 <=0.1.3) +564 more potentially affected by CVE-2022-0577 via scrapy (>=1.3.3 <=2.6.0)

scrapy PYPI version =1.3.3, =0.1.0, =0.10.0, =0.0.1, =0.4.0, =0.1.4, =1.0.0, =0.0.1, =1.0.0, =0.0.24, =2.9.3, =0.2.3, =0.3.7 and more Source cves: CVE-2022-0577 Source advisory: OSV:PYSEC-2022-159...

PT-2021-23108 · Scrapy +2 · Scrapy +2

Name of the Vulnerable Software and Affected Versions: Scrapy versions prior to 2.5.1 Scrapy versions 1.8 and earlier Description: The issue affects Scrapy when using HttpAuthMiddleware for HTTP authentication, causing all requests to expose credentials to the request target. This includes reques...