{"url":"http://public2.vulnerablecode.io/api/packages/24000?format=json","purl":"pkg:pypi/scrapy@1.1.2","type":"pypi","namespace":"","name":"scrapy","version":"1.1.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.11.2","latest_non_vulnerable_version":"2.14.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6970?format=json","vulnerability_id":"VCID-4q2x-51p4-eygm","summary":"information disclosure","references":[{"reference_url":"http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41125","reference_id":"","reference_type":"","scores":[{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48671","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41125"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2021-363.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2021-363.yaml"},{"reference_url":"https://github.com/scrapy/scrapy","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy"},{"reference_url":"https://github.com/scrapy/scrapy/commit/b01d69a1bf48060daec8f751368622352d8b85a6","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/commit/b01d69a1bf48060daec8f751368622352d8b85a6"},{"reference_url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-jwqp-28gf-p498","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-jwqp-28gf-p498"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00021.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00021.html"},{"reference_url":"https://w3lib.readthedocs.io/en/latest/w3lib.html#w3lib.http.basic_auth_header","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://w3lib.readthedocs.io/en/latest/w3lib.html#w3lib.http.basic_auth_header"},{"reference_url":"https://security.archlinux.org/AVG-2447","reference_id":"AVG-2447","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2447"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41125","reference_id":"CVE-2021-41125","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41125"},{"reference_url":"https://github.com/advisories/GHSA-jwqp-28gf-p498","reference_id":"GHSA-jwqp-28gf-p498","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jwqp-28gf-p498"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/24031?format=json","purl":"pkg:pypi/scrapy@1.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atnw-pnvj-zkhp"},{"vulnerability":"VCID-jrh5-kjau-xkar"},{"vulnerability":"VCID-meje-5upu-mqen"},{"vulnerability":"VCID-n6z2-awrh-7kbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/24032?format=json","purl":"pkg:pypi/scrapy@2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atnw-pnvj-zkhp"},{"vulnerability":"VCID-jrh5-kjau-xkar"},{"vulnerability":"VCID-meje-5upu-mqen"},{"vulnerability":"VCID-n6z2-awrh-7kbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.5.1"}],"aliases":["CVE-2021-41125","GHSA-jwqp-28gf-p498","PYSEC-2021-363"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4q2x-51p4-eygm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36743?format=json","vulnerability_id":"VCID-atnw-pnvj-zkhp","summary":"A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker can cause a denial-of-service (DoS) condition. This vulnerability allows for the system to hang and consume significant resources, potentially rendering services that utilize Scrapy for XML processing unresponsive.","references":[{"reference_url":"https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5"},{"reference_url":"https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065111","reference_id":"1065111","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065111"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40529?format=json","purl":"pkg:pypi/scrapy@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n6z2-awrh-7kbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.1"}],"aliases":["CVE-2024-1892","PYSEC-2024-162"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-atnw-pnvj-zkhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36044?format=json","vulnerability_id":"VCID-jrh5-kjau-xkar","summary":"Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0577","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43351","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0577"},{"reference_url":"https://github.com/advisories/GHSA-cjvr-mfj7-j4j8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cjvr-mfj7-j4j8"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2022-159.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2022-159.yaml"},{"reference_url":"https://github.com/scrapy/scrapy","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy"},{"reference_url":"https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a"},{"reference_url":"https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00021.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00021.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008234","reference_id":"1008234","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008234"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0577","reference_id":"CVE-2022-0577","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0577"},{"reference_url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-cjvr-mfj7-j4j8","reference_id":"GHSA-cjvr-mfj7-j4j8","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/security/advisories/GHSA-cjvr-mfj7-j4j8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26825?format=json","purl":"pkg:pypi/scrapy@1.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atnw-pnvj-zkhp"},{"vulnerability":"VCID-jrh5-kjau-xkar"},{"vulnerability":"VCID-meje-5upu-mqen"},{"vulnerability":"VCID-n6z2-awrh-7kbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/26827?format=json","purl":"pkg:pypi/scrapy@2.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-atnw-pnvj-zkhp"},{"vulnerability":"VCID-meje-5upu-mqen"},{"vulnerability":"VCID-n6z2-awrh-7kbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.6.1"}],"aliases":["CVE-2022-0577","GHSA-cjvr-mfj7-j4j8","PYSEC-2022-159"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jrh5-kjau-xkar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35102?format=json","vulnerability_id":"VCID-meje-5upu-mqen","summary":"Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore.","references":[{"reference_url":"http://blog.csdn.net/wangtua/article/details/75228728","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.csdn.net/wangtua/article/details/75228728"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14158","reference_id":"","reference_type":"","scores":[{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66546","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14158"},{"reference_url":"https://github.com/advisories/GHSA-h7wm-ph43-c39p","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h7wm-ph43-c39p"},{"reference_url":"https://github.com/pypa/advisory-database/blob/8b7a4d62a95e8f605e5dfb4e0b4f299e6403dc12/vulns/scrapy/PYSEC-2017-83.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/blob/8b7a4d62a95e8f605e5dfb4e0b4f299e6403dc12/vulns/scrapy/PYSEC-2017-83.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2017-83.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2017-83.yaml"},{"reference_url":"https://github.com/scrapy/scrapy","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy"},{"reference_url":"https://github.com/scrapy/scrapy/issues/482","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/issues/482"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14158","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14158"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875947","reference_id":"875947","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875947"}],"fixed_packages":[],"aliases":["CVE-2017-14158","GHSA-h7wm-ph43-c39p","PYSEC-2017-83"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-meje-5upu-mqen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36795?format=json","vulnerability_id":"VCID-n6z2-awrh-7kbg","summary":"In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme (e.g., HTTPS to HTTP) but remain within the same domain. This behavior contravenes the Fetch standard, which mandates the removal of Authorization headers in cross-origin requests when the scheme, host, or port changes. Consequently, when a redirect downgrades from HTTPS to HTTP, the Authorization header may be inadvertently exposed in plaintext, leading to potential sensitive information disclosure to unauthorized actors. The flaw is located in the _build_redirect_request function of the redirect middleware.","references":[{"reference_url":"https://github.com/scrapy/scrapy/commit/1d0502f25bbe55a22899af915623fda1aaeb9dd8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/scrapy/scrapy/commit/1d0502f25bbe55a22899af915623fda1aaeb9dd8"},{"reference_url":"https://huntr.com/bounties/27f6a021-a891-446a-ada5-0226d619dd1a","reference_id":"","reference_type":"","scores":[],"url":"https://huntr.com/bounties/27f6a021-a891-446a-ada5-0226d619dd1a"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/24022?format=json","purl":"pkg:pypi/scrapy@2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4q2x-51p4-eygm"},{"vulnerability":"VCID-4yce-5hbd-4kbx"},{"vulnerability":"VCID-atnw-pnvj-zkhp"},{"vulnerability":"VCID-eps3-2rkz-r3gf"},{"vulnerability":"VCID-jrh5-kjau-xkar"},{"vulnerability":"VCID-meje-5upu-mqen"},{"vulnerability":"VCID-n6z2-awrh-7kbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/41041?format=json","purl":"pkg:pypi/scrapy@2.11.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.2"}],"aliases":["CVE-2024-1968","PYSEC-2024-258"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n6z2-awrh-7kbg"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.1.2"}