VIR Vulnerability Intelligence Relay

Package impact

python PyPI / scrapy

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2025-6176 high 8.0 7mo ago Important: brotli security update rockylinuxredhatdebianpython
CVE-2017-14158 high 7.5 7.5 9y ago Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files … debianpython
CVE-2021-41125 medium 5.5 5y ago Scrapy is a high-level web crawling and scraping framework for Python. If you use `HttpAuthMiddleware` (i.e. the `http_user` and `http_pass` spider attributes) for HTTP authentication, all requests w… archdebianpython
CVE-2024-1968 unknown 2y ago In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme (e.g., HTTPS to HTTP) but remain within the same domain. This beha… susedebianpython
CVE-2024-3572 unknown 2y ago The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allow… debianpython
CVE-2024-3574 unknown 2y ago Scrapy authorization header leakage on cross-domain redirect debianpython
CVE-2024-1892 unknown 2y ago A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML cont… debianpython
CVE-2022-0577 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1. debianpython