pkg:PyPI/scrapy

All known vulnerabilities

• HIGH7.5CVE-2025-6176Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation
  from 0, < 2.13.4
• HIGH7.5CVE-2024-3572Scrapy decompression bomb vulnerability
  >= 2.0.0, < 2.11.1
• HIGH7.5CVE-2024-3574Scrapy authorization header leakage on cross-domain redirect
  >= 2, < 2.11.1
• HIGH7.5Scrapy vulnerable to ReDoS via XMLFeedSpider
  from 0, < 479619b340f197a8f24c5db45bc068fb8755f2c5, < 479619b340f197a8f24c5db45bc068fb8755f2c5 | from 0, < 2.11.1
• HIGH7.5Scrapy vulnerable to ReDoS via XMLFeedSpider
  >= 2, < 2.11.1
• HIGH7.5Scrapy denial of service vulnerability
  >= 0.7, <= 2.15.2
• HIGH7.5Scrapy denial of service vulnerability
  >= 0.7
• MEDIUM6.5Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy
  from 0, < 8ce01b3b76d4634f55067d6cfdf632ec70ba304a | from 0, < 2.6.1
• MEDIUM6.5Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy
  from 0, < 1.8.2
• MEDIUM5.9Scrapy leaks the authorization header on same-domain but cross-origin redirects
  from 0, < 1d0502f25bbe55a22899af915623fda1aaeb9dd8 | from 0, < 2.0.0, >= 2.0.0, < 2.11.2
• MEDIUM5.9Scrapy leaks the authorization header on same-domain but cross-origin redirects
  from 0, < 2.11.2
• MEDIUM5.7python-scrapy - security update
  from 0, < 1.8.1
• MEDIUM5.7python-scrapy - security update
  from 0, < b01d69a1bf48060daec8f751368622352d8b85a6 | from 0, < 1.8.1, >= 2.0.0, < 2.5.1