VulnerableCode Package Details - pkg:deb/debian/python-scrapy@0.8-3

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/python-scrapy@0.8-3

Essentials
History (6)

purl	pkg:deb/debian/python-scrapy@0.8-3

Next non-vulnerable version	2.14.2-1
Latest non-vulnerable version	2.14.2-1
Risk	3.1

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-4vw6-u8m8-dbe2 Aliases: CVE-2021-41125 GHSA-jwqp-28gf-p498 PYSEC-2021-363	Scrapy is a high-level web crawling and scraping framework for Python. If you use `HttpAuthMiddleware` (i.e. the `http_user` and `http_pass` spider attributes) for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, such as `robots.txt` requests sent by Scrapy when the `ROBOTSTXT_OBEY` setting is set to `True`, or as requests reached through redirects. Upgrade to Scrapy 2.5.1 and use the new `http_auth_domain` spider attribute to control which domains are allowed to receive the configured HTTP authentication credentials. If you are using Scrapy 1.8 or a lower version, and upgrading to Scrapy 2.5.1 is not an option, you may upgrade to Scrapy 1.8.1 instead. If you cannot upgrade, set your HTTP authentication credentials on a per-request basis, using for example the `w3lib.http.basic_auth_header` function to convert your credentials into a value that you can assign to the `Authorization` header of your request, instead of defining your credentials globally using `HttpAuthMiddleware`.	2.4.1-2+deb11u1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-x9ee-za9y-3fcb Aliases: CVE-2022-0577 GHSA-cjvr-mfj7-j4j8 PYSEC-2022-159	Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1.	2.4.1-2+deb11u1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T23:03:23.095295+00:00	Debian Oval Importer	Affected by	VCID-x9ee-za9y-3fcb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:56:59.914233+00:00	Debian Oval Importer	Affected by	VCID-4vw6-u8m8-dbe2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T22:39:31.950475+00:00	Debian Oval Importer	Affected by	VCID-x9ee-za9y-3fcb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:42:53.092029+00:00	Debian Oval Importer	Affected by	VCID-4vw6-u8m8-dbe2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T22:14:42.822493+00:00	Debian Oval Importer	Affected by	VCID-x9ee-za9y-3fcb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T17:30:14.848329+00:00	Debian Oval Importer	Affected by	VCID-4vw6-u8m8-dbe2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0