{"package":"brotli","ecosystem":"conda","latest_version":"1.2.0","description":"Brotli compression format","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"http://github.com/google/brotli","repository":"http://github.com/google/brotli","downloads_weekly":125444,"health":{"score":63,"risk":"moderate","breakdown":{"maintenance":15,"popularity":14,"security":20,"maturity":12,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":0,"high":1,"medium":0,"low":0,"details":[{"vuln_id":"CVE-2025-6176","severity":"high","summary":"Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation","affected_versions":"<1.2.0|<2.13.4|=0.5.2|=0.6.0|=1.0.1|=1.0.4|=1.0.6|=1.0.7|=1.0.8|=1.0.9|=1.1.0|=0.10.4.2364|=0.12.0.2550|=0.14.1|=0.14.2|=0.14.3|=0.14.4|=0.16.0|=0.16.1|=0.16.2|=0.16.3|=0.16.4|=0.16.5|=0.18.0|=0.18.1|=0.18.2|=0.18.3|=0.18.4|=0.20.0|=0.20.1|=0.20.2|=0.22.0|=0.22.1|=0.22.2|=0.24.0|=0.24.1|=0.24.2|=0.24.3|=0.24.4|=0.24.5|=0.24.6|=0.7|=0.8|=0.9|=1.0.0|=1.0.0rc1|=1.0.0rc2|=1.0.0rc3|=1.0.1|=1.0.2|=1.0.3|=1.0.4|=1.0.5|=1.0.6|=1.0.7|=1.1.0|=1.1.0rc1|=1.1.0rc2|=1.1.0rc3|=1.1.0rc4|=1.1.1|=1.1.2|=1.1.3|=1.1.4|=1.2.0|=1.2.1|=1.2.2|=1.2.3|=1.3.0|=1.3.1|=1.3.2|=1.3.3|=1.4.0|=1.5.0|=1.5.1|=1.5.2|=1.6.0|=1.7.0|=1.7.1|=1.7.2|=1.7.3|=1.7.4|=1.8.0|=1.8.1|=1.8.2|=1.8.3|=1.8.4|=2.0.0|=2.0.1|=2.1.0|=2.10.0|=2.10.1|=2.11.0|=2.11.1|=2.11.2|=2.12.0|=2.13.0|=2.13.1|=2.13.2|=2.13.3|=2.2.0|=2.2.1|=2.3.0|=2.4.0|=2.4.1|=2.5.0|=2.5.1|=2.6.0|=2.6.1|=2.6.2|=2.6.3|=2.7.0|=2.7.1|=2.8.0|=2.9.0","fixed_version":"2.13.4","source":"osv","published_at":"2025-10-31T00:30:35Z","in_kev":false,"epss_prob":0.00033,"epss_percentile":0.09719,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"1.2.0","total_count":10,"recent":["0.6.pre","0.6.0","1.0.2","1.0.3","1.0.5","1.0.6","1.0.7","1.0.9","1.1.0","1.2.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":"2020-05-28 00:07:06.264000+00:00","last_published":"2025-11-24 21:18:39.842000+00:00","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["1 high severity vulnerabilities"],"use_version":"1.2.0","version_hint":"Update to >= 2.13.4 to fix known vulnerabilities","summary":"brotli@1.2.0 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":1019,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":9,"active_contributors_12m":14,"primary_author_ratio":0.37,"owner_account_age_days":5213,"is_archived":false,"stars":14673,"alerts":[]},"malicious":{"is_malicious":false},"scorecard":{"available":true,"score":8.1,"tier":"strong"},"quality":{"available":false},"version_history_summary":{"total_versions":10,"first_release_age_days":2164,"last_release_days_ago":157,"avg_days_between_releases":240,"release_velocity":"moderate"}}