Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/scrapy@0.16.1

Type pypi

Namespace

Name scrapy

Version 0.16.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.14.2

Latest_non_vulnerable_version 2.14.2

Affected_by_vulnerabilities

url VCID-1cdj-272n-qfgu

vulnerability_id VCID-1cdj-272n-qfgu

summary Duplicate Advisory: Scrapy leaks the authorization header on same-domain but cross-origin redirects

references

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-1968

reference_id

CVE-2024-1968

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-1968

reference_url

https://github.com/advisories/GHSA-cg34-w3fm-82h3

reference_id

GHSA-cg34-w3fm-82h3

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cg34-w3fm-82h3

fixed_packages

url pkg:pypi/scrapy@2.11.2

purl pkg:pypi/scrapy@2.11.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9dkx-sw7r-jkhz

vulnerability	VCID-zww5-7cb3-fkfx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.2

aliases GHSA-cg34-w3fm-82h3

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1cdj-272n-qfgu

url VCID-2562-r6m9-jbfw

vulnerability_id VCID-2562-r6m9-jbfw

summary information disclosure

references

reference_url

http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41125

reference_id

reference_type

scores

value	0.00251
scoring_system	epss
scoring_elements	0.48767
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41125

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41125
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41125

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2021-363.yaml

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2021-363.yaml

reference_url

https://github.com/scrapy/scrapy

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy

reference_url

https://github.com/scrapy/scrapy/commit/b01d69a1bf48060daec8f751368622352d8b85a6

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy/commit/b01d69a1bf48060daec8f751368622352d8b85a6

reference_url

https://github.com/scrapy/scrapy/security/advisories/GHSA-jwqp-28gf-p498

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy/security/advisories/GHSA-jwqp-28gf-p498

reference_url

https://lists.debian.org/debian-lts-announce/2022/03/msg00021.html

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/03/msg00021.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-41125

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-41125

reference_url

https://w3lib.readthedocs.io/en/latest/w3lib.html#w3lib.http.basic_auth_header

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://w3lib.readthedocs.io/en/latest/w3lib.html#w3lib.http.basic_auth_header

reference_url

https://security.archlinux.org/AVG-2447

reference_id

AVG-2447

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2447

reference_url

https://github.com/advisories/GHSA-jwqp-28gf-p498

reference_id

GHSA-jwqp-28gf-p498

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jwqp-28gf-p498

reference_url	https://usn.ubuntu.com/7476-1/
reference_id	USN-7476-1
reference_type
scores
url	https://usn.ubuntu.com/7476-1/

fixed_packages

url pkg:pypi/scrapy@1.8.1

purl pkg:pypi/scrapy@1.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cdj-272n-qfgu

vulnerability	VCID-9dkx-sw7r-jkhz

vulnerability	VCID-a9vb-7v47-ybdc

vulnerability	VCID-atbn-f4xt-7fdr

vulnerability	VCID-ez8c-3cp8-dkd9

vulnerability	VCID-nkga-85ed-73d1

vulnerability	VCID-q9yh-76fr-ebb1

vulnerability	VCID-sbyb-vfh4-23fn

vulnerability	VCID-u15g-aqdp-nkgm

vulnerability	VCID-v4cu-4n5q-wfhj

vulnerability	VCID-xjb6-86c9-3bh4

vulnerability	VCID-zww5-7cb3-fkfx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.1

url pkg:pypi/scrapy@2.5.1

purl pkg:pypi/scrapy@2.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cdj-272n-qfgu

vulnerability	VCID-9dkx-sw7r-jkhz

vulnerability	VCID-a9vb-7v47-ybdc

vulnerability	VCID-atbn-f4xt-7fdr

vulnerability	VCID-ez8c-3cp8-dkd9

vulnerability	VCID-nkga-85ed-73d1

vulnerability	VCID-q9yh-76fr-ebb1

vulnerability	VCID-sbyb-vfh4-23fn

vulnerability	VCID-u15g-aqdp-nkgm

vulnerability	VCID-v4cu-4n5q-wfhj

vulnerability	VCID-xjb6-86c9-3bh4

vulnerability	VCID-zww5-7cb3-fkfx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.5.1

aliases CVE-2021-41125, GHSA-jwqp-28gf-p498, PYSEC-2021-363

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2562-r6m9-jbfw

url VCID-9dkx-sw7r-jkhz

vulnerability_id VCID-9dkx-sw7r-jkhz

summary Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6176.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6176.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6176

reference_id

reference_type

scores

value	0.00034
scoring_system	epss
scoring_elements	0.10559
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6176

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6176
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6176

reference_url

https://github.com/google/brotli

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/google/brotli

reference_url

https://github.com/scrapy/scrapy/commit/14737e91edc513967f516fc839cc9c8a4f8d91da

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy/commit/14737e91edc513967f516fc839cc9c8a4f8d91da

reference_url

https://github.com/scrapy/scrapy/pull/7134

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy/pull/7134

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2408762
reference_id	2408762
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2408762

reference_url

https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0

reference_id

2c26a886-5984-47ee-a421-0d5fe1344eb0

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-31T16:15:58Z/

url

https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-6176

reference_id

CVE-2025-6176

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-6176

reference_url

https://github.com/advisories/GHSA-2qfp-q593-8484

reference_id

GHSA-2qfp-q593-8484

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2qfp-q593-8484

reference_url	https://access.redhat.com/errata/RHSA-2026:0008
reference_id	RHSA-2026:0008
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0008

reference_url	https://access.redhat.com/errata/RHSA-2026:0845
reference_id	RHSA-2026:0845
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0845

reference_url	https://access.redhat.com/errata/RHSA-2026:2042
reference_id	RHSA-2026:2042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2042

reference_url	https://access.redhat.com/errata/RHSA-2026:2226
reference_id	RHSA-2026:2226
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2226

reference_url	https://access.redhat.com/errata/RHSA-2026:2227
reference_id	RHSA-2026:2227
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2227

reference_url	https://access.redhat.com/errata/RHSA-2026:2228
reference_id	RHSA-2026:2228
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2228

reference_url	https://access.redhat.com/errata/RHSA-2026:2229
reference_id	RHSA-2026:2229
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2229

reference_url	https://access.redhat.com/errata/RHSA-2026:2389
reference_id	RHSA-2026:2389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2389

reference_url	https://access.redhat.com/errata/RHSA-2026:2399
reference_id	RHSA-2026:2399
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2399

reference_url	https://access.redhat.com/errata/RHSA-2026:2400
reference_id	RHSA-2026:2400
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2400

reference_url	https://access.redhat.com/errata/RHSA-2026:2401
reference_id	RHSA-2026:2401
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2401

reference_url	https://access.redhat.com/errata/RHSA-2026:2455
reference_id	RHSA-2026:2455
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2455

reference_url	https://access.redhat.com/errata/RHSA-2026:2737
reference_id	RHSA-2026:2737
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2737

reference_url	https://access.redhat.com/errata/RHSA-2026:2800
reference_id	RHSA-2026:2800
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2800

reference_url	https://access.redhat.com/errata/RHSA-2026:2844
reference_id	RHSA-2026:2844
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2844

reference_url	https://access.redhat.com/errata/RHSA-2026:2974
reference_id	RHSA-2026:2974
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2974

reference_url	https://access.redhat.com/errata/RHSA-2026:2976
reference_id	RHSA-2026:2976
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2976

reference_url	https://access.redhat.com/errata/RHSA-2026:3392
reference_id	RHSA-2026:3392
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3392

reference_url	https://access.redhat.com/errata/RHSA-2026:3406
reference_id	RHSA-2026:3406
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3406

reference_url	https://access.redhat.com/errata/RHSA-2026:3415
reference_id	RHSA-2026:3415
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3415

reference_url	https://access.redhat.com/errata/RHSA-2026:3417
reference_id	RHSA-2026:3417
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3417

reference_url	https://access.redhat.com/errata/RHSA-2026:3861
reference_id	RHSA-2026:3861
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3861

reference_url	https://access.redhat.com/errata/RHSA-2026:4419
reference_id	RHSA-2026:4419
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4419

reference_url	https://access.redhat.com/errata/RHSA-2026:4465
reference_id	RHSA-2026:4465
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4465

reference_url	https://access.redhat.com/errata/RHSA-2026:5970
reference_id	RHSA-2026:5970
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5970

reference_url	https://access.redhat.com/errata/RHSA-2026:5971
reference_id	RHSA-2026:5971
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5971

fixed_packages

url pkg:pypi/scrapy@2.13.4

purl pkg:pypi/scrapy@2.13.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zww5-7cb3-fkfx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.13.4

aliases CVE-2025-6176, GHSA-2qfp-q593-8484

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9dkx-sw7r-jkhz

url VCID-a9vb-7v47-ybdc

vulnerability_id VCID-a9vb-7v47-ybdc

summary Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0577

reference_id

reference_type

scores

value	0.00209
scoring_system	epss
scoring_elements	0.43449
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0577

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2022-159.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2022-159.yaml

reference_url

https://github.com/scrapy/scrapy

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy

reference_url

https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a

reference_url

https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585

reference_url

https://lists.debian.org/debian-lts-announce/2022/03/msg00021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/03/msg00021.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008234
reference_id	1008234
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008234

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-0577

reference_id

CVE-2022-0577

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-0577

reference_url

https://github.com/advisories/GHSA-cjvr-mfj7-j4j8

reference_id

GHSA-cjvr-mfj7-j4j8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cjvr-mfj7-j4j8

reference_url

https://github.com/scrapy/scrapy/security/advisories/GHSA-cjvr-mfj7-j4j8

reference_id

GHSA-cjvr-mfj7-j4j8

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy/security/advisories/GHSA-cjvr-mfj7-j4j8

reference_url	https://usn.ubuntu.com/7476-1/
reference_id	USN-7476-1
reference_type
scores
url	https://usn.ubuntu.com/7476-1/

fixed_packages

url pkg:pypi/scrapy@1.8.2

purl pkg:pypi/scrapy@1.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cdj-272n-qfgu

vulnerability	VCID-9dkx-sw7r-jkhz

vulnerability	VCID-a9vb-7v47-ybdc

vulnerability	VCID-atbn-f4xt-7fdr

vulnerability	VCID-nkga-85ed-73d1

vulnerability	VCID-q9yh-76fr-ebb1

vulnerability	VCID-sbyb-vfh4-23fn

vulnerability	VCID-u15g-aqdp-nkgm

vulnerability	VCID-v4cu-4n5q-wfhj

vulnerability	VCID-xjb6-86c9-3bh4

vulnerability	VCID-zww5-7cb3-fkfx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.2

url pkg:pypi/scrapy@2.6.1

purl pkg:pypi/scrapy@2.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cdj-272n-qfgu

vulnerability	VCID-9dkx-sw7r-jkhz

vulnerability	VCID-atbn-f4xt-7fdr

vulnerability	VCID-nkga-85ed-73d1

vulnerability	VCID-q9yh-76fr-ebb1

vulnerability	VCID-sbyb-vfh4-23fn

vulnerability	VCID-u15g-aqdp-nkgm

vulnerability	VCID-v4cu-4n5q-wfhj

vulnerability	VCID-xjb6-86c9-3bh4

vulnerability	VCID-zww5-7cb3-fkfx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.6.1

aliases CVE-2022-0577, GHSA-cjvr-mfj7-j4j8, PYSEC-2022-159

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a9vb-7v47-ybdc

url VCID-atbn-f4xt-7fdr

vulnerability_id VCID-atbn-f4xt-7fdr

summary Scrapy allows redirect following in protocols other than HTTP

references

reference_url

https://github.com/scrapy/scrapy

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy

reference_url

https://github.com/scrapy/scrapy/commit/36287cb665ab4b0c65fd53181c9a0ef04990ada6

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy/commit/36287cb665ab4b0c65fd53181c9a0ef04990ada6

reference_url

https://github.com/scrapy/scrapy/issues/457

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy/issues/457

reference_url

https://github.com/advisories/GHSA-23j4-mw76-5v7h

reference_id

GHSA-23j4-mw76-5v7h

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-23j4-mw76-5v7h

reference_url

https://github.com/scrapy/scrapy/security/advisories/GHSA-23j4-mw76-5v7h

reference_id

GHSA-23j4-mw76-5v7h

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy/security/advisories/GHSA-23j4-mw76-5v7h

fixed_packages

url pkg:pypi/scrapy@2.11.2

purl pkg:pypi/scrapy@2.11.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9dkx-sw7r-jkhz

vulnerability	VCID-zww5-7cb3-fkfx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.2

aliases GHSA-23j4-mw76-5v7h

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-atbn-f4xt-7fdr

url VCID-ez8c-3cp8-dkd9

vulnerability_id VCID-ez8c-3cp8-dkd9

summary Scrapy cookie-setting is not restricted based on the public suffix list

references

reference_url

https://github.com/scrapy/scrapy

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy

reference_url

https://github.com/scrapy/scrapy/commit/e865c4430e58a4faa0e0766b23830f8423d6167a

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy/commit/e865c4430e58a4faa0e0766b23830f8423d6167a

reference_url

https://github.com/advisories/GHSA-mfjm-vh54-3f96

reference_id

GHSA-mfjm-vh54-3f96

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mfjm-vh54-3f96

reference_url

https://github.com/scrapy/scrapy/security/advisories/GHSA-mfjm-vh54-3f96

reference_id

GHSA-mfjm-vh54-3f96

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy/security/advisories/GHSA-mfjm-vh54-3f96

fixed_packages

url pkg:pypi/scrapy@1.8.2

purl pkg:pypi/scrapy@1.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cdj-272n-qfgu

vulnerability	VCID-9dkx-sw7r-jkhz

vulnerability	VCID-a9vb-7v47-ybdc

vulnerability	VCID-atbn-f4xt-7fdr

vulnerability	VCID-nkga-85ed-73d1

vulnerability	VCID-q9yh-76fr-ebb1

vulnerability	VCID-sbyb-vfh4-23fn

vulnerability	VCID-u15g-aqdp-nkgm

vulnerability	VCID-v4cu-4n5q-wfhj

vulnerability	VCID-xjb6-86c9-3bh4

vulnerability	VCID-zww5-7cb3-fkfx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.2

url pkg:pypi/scrapy@2.6.0

purl pkg:pypi/scrapy@2.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cdj-272n-qfgu

vulnerability	VCID-9dkx-sw7r-jkhz

vulnerability	VCID-a9vb-7v47-ybdc

vulnerability	VCID-atbn-f4xt-7fdr

vulnerability	VCID-nkga-85ed-73d1

vulnerability	VCID-q9yh-76fr-ebb1

vulnerability	VCID-sbyb-vfh4-23fn

vulnerability	VCID-u15g-aqdp-nkgm

vulnerability	VCID-v4cu-4n5q-wfhj

vulnerability	VCID-xjb6-86c9-3bh4

vulnerability	VCID-zww5-7cb3-fkfx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.6.0

aliases GHSA-mfjm-vh54-3f96, GMS-2022-230

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ez8c-3cp8-dkd9

url VCID-nkga-85ed-73d1

vulnerability_id VCID-nkga-85ed-73d1

summary A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker can cause a denial-of-service (DoS) condition. This vulnerability allows for the system to hang and consume significant resources, potentially rendering services that utilize Scrapy for XML processing unresponsive.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-1892

reference_id

reference_type

scores

value	0.00058
scoring_system	epss
scoring_elements	0.18474
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-1892

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1892
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1892

reference_url

https://docs.scrapy.org/en/latest/news.html#scrapy-1-8-4-2024-02-14

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://docs.scrapy.org/en/latest/news.html#scrapy-1-8-4-2024-02-14

reference_url

https://docs.scrapy.org/en/latest/news.html#scrapy-2-11-1-2024-02-14

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://docs.scrapy.org/en/latest/news.html#scrapy-2-11-1-2024-02-14

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2024-162.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2024-162.yaml

reference_url

https://github.com/scrapy/scrapy

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy

reference_url

https://github.com/scrapy/scrapy/commit/73e7c0ed011a0565a1584b8052ec757b54e5270b

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy/commit/73e7c0ed011a0565a1584b8052ec757b54e5270b

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065111
reference_id	1065111
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065111

reference_url

https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b

reference_id

271f94f2-1e05-4616-ac43-41752389e26b

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T16:44:39Z/

url

https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b

reference_url

https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5

reference_id

479619b340f197a8f24c5db45bc068fb8755f2c5

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T16:44:39Z/

url

https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-1892
reference_id	CVE-2024-1892
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-1892

reference_url

https://github.com/advisories/GHSA-cc65-xxvf-f7r9

reference_id

GHSA-cc65-xxvf-f7r9

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cc65-xxvf-f7r9

reference_url

https://github.com/scrapy/scrapy/security/advisories/GHSA-cc65-xxvf-f7r9

reference_id

GHSA-cc65-xxvf-f7r9

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy/security/advisories/GHSA-cc65-xxvf-f7r9

reference_url	https://usn.ubuntu.com/7476-1/
reference_id	USN-7476-1
reference_type
scores
url	https://usn.ubuntu.com/7476-1/

fixed_packages

url pkg:pypi/scrapy@1.8.4

purl pkg:pypi/scrapy@1.8.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cdj-272n-qfgu

vulnerability	VCID-9dkx-sw7r-jkhz

vulnerability	VCID-a9vb-7v47-ybdc

vulnerability	VCID-atbn-f4xt-7fdr

vulnerability	VCID-nkga-85ed-73d1

vulnerability	VCID-u15g-aqdp-nkgm

vulnerability	VCID-xjb6-86c9-3bh4

vulnerability	VCID-zww5-7cb3-fkfx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.4

url pkg:pypi/scrapy@2.11.1

purl pkg:pypi/scrapy@2.11.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cdj-272n-qfgu

vulnerability	VCID-9dkx-sw7r-jkhz

vulnerability	VCID-atbn-f4xt-7fdr

vulnerability	VCID-u15g-aqdp-nkgm

vulnerability	VCID-xjb6-86c9-3bh4

vulnerability	VCID-zww5-7cb3-fkfx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.1

aliases CVE-2024-1892, GHSA-cc65-xxvf-f7r9, GMS-2024-287, PYSEC-2024-162

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nkga-85ed-73d1

url VCID-q9yh-76fr-ebb1

vulnerability_id VCID-q9yh-76fr-ebb1

summary Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore.

references

reference_url

http://blog.csdn.net/wangtua/article/details/75228728

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://blog.csdn.net/wangtua/article/details/75228728

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-14158

reference_id

reference_type

scores

value	0.01495
scoring_system	epss
scoring_elements	0.81485
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-14158

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14158

reference_url	https://github.com/advisories/GHSA-h7wm-ph43-c39p
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-h7wm-ph43-c39p

reference_url

https://github.com/pypa/advisory-database/blob/8b7a4d62a95e8f605e5dfb4e0b4f299e6403dc12/vulns/scrapy/PYSEC-2017-83.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/blob/8b7a4d62a95e8f605e5dfb4e0b4f299e6403dc12/vulns/scrapy/PYSEC-2017-83.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2017-83.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2017-83.yaml

reference_url

https://github.com/scrapy/scrapy

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy

reference_url

https://github.com/scrapy/scrapy/issues/482

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy/issues/482

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-14158

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-14158

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875947
reference_id	875947
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875947

fixed_packages

aliases CVE-2017-14158, GHSA-h7wm-ph43-c39p, PYSEC-2017-83

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q9yh-76fr-ebb1

url VCID-sbyb-vfh4-23fn

vulnerability_id VCID-sbyb-vfh4-23fn

summary The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, or circumvent firewalls by submitting specially crafted XML data.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-3572

reference_id

reference_type

scores

value	0.00161
scoring_system	epss
scoring_elements	0.36781
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-3572

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3572
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3572

reference_url

https://docs.scrapy.org/en/latest/news.html#scrapy-2-11-1-2024-02-14

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://docs.scrapy.org/en/latest/news.html#scrapy-2-11-1-2024-02-14

reference_url

https://github.com/scrapy/scrapy

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy

reference_url

https://github.com/scrapy/scrapy/commit/71b8741e3607cfda2833c7624d4ada87071aa8e5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy/commit/71b8741e3607cfda2833c7624d4ada87071aa8e5

reference_url

https://github.com/scrapy/scrapy/commit/809bfac4890f75fc73607318a04d2ccba71b3d9f

reference_id

809bfac4890f75fc73607318a04d2ccba71b3d9f

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T15:21:44Z/

url

https://github.com/scrapy/scrapy/commit/809bfac4890f75fc73607318a04d2ccba71b3d9f

reference_url

https://huntr.com/bounties/c4a0fac9-0c5a-4718-9ee4-2d06d58adabb

reference_id

c4a0fac9-0c5a-4718-9ee4-2d06d58adabb

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T15:21:44Z/

url

https://huntr.com/bounties/c4a0fac9-0c5a-4718-9ee4-2d06d58adabb

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-3572

reference_id

CVE-2024-3572

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-3572

reference_url

https://github.com/advisories/GHSA-7j7m-v7m3-jqm7

reference_id

GHSA-7j7m-v7m3-jqm7

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7j7m-v7m3-jqm7

reference_url

https://github.com/scrapy/scrapy/security/advisories/GHSA-7j7m-v7m3-jqm7

reference_id

GHSA-7j7m-v7m3-jqm7

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy/security/advisories/GHSA-7j7m-v7m3-jqm7

reference_url	https://usn.ubuntu.com/7476-1/
reference_id	USN-7476-1
reference_type
scores
url	https://usn.ubuntu.com/7476-1/

fixed_packages

url pkg:pypi/scrapy@1.8.4

purl pkg:pypi/scrapy@1.8.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cdj-272n-qfgu

vulnerability	VCID-9dkx-sw7r-jkhz

vulnerability	VCID-a9vb-7v47-ybdc

vulnerability	VCID-atbn-f4xt-7fdr

vulnerability	VCID-nkga-85ed-73d1

vulnerability	VCID-u15g-aqdp-nkgm

vulnerability	VCID-xjb6-86c9-3bh4

vulnerability	VCID-zww5-7cb3-fkfx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.4

url pkg:pypi/scrapy@2.11.1

purl pkg:pypi/scrapy@2.11.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cdj-272n-qfgu

vulnerability	VCID-9dkx-sw7r-jkhz

vulnerability	VCID-atbn-f4xt-7fdr

vulnerability	VCID-u15g-aqdp-nkgm

vulnerability	VCID-xjb6-86c9-3bh4

vulnerability	VCID-zww5-7cb3-fkfx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.1

aliases CVE-2024-3572, GHSA-7j7m-v7m3-jqm7, GMS-2024-327

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sbyb-vfh4-23fn

url VCID-u15g-aqdp-nkgm

vulnerability_id VCID-u15g-aqdp-nkgm

summary Scrapy's redirects ignoring scheme-specific proxy settings

references

reference_url

https://github.com/scrapy/scrapy

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy

reference_url

https://github.com/scrapy/scrapy/issues/767

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy/issues/767

reference_url

https://github.com/advisories/GHSA-jm3v-qxmh-hxwv

reference_id

GHSA-jm3v-qxmh-hxwv

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jm3v-qxmh-hxwv

reference_url

https://github.com/scrapy/scrapy/security/advisories/GHSA-jm3v-qxmh-hxwv

reference_id

GHSA-jm3v-qxmh-hxwv

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy/security/advisories/GHSA-jm3v-qxmh-hxwv

fixed_packages

url pkg:pypi/scrapy@2.11.2

purl pkg:pypi/scrapy@2.11.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9dkx-sw7r-jkhz

vulnerability	VCID-zww5-7cb3-fkfx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.2

aliases GHSA-jm3v-qxmh-hxwv

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u15g-aqdp-nkgm

url VCID-v4cu-4n5q-wfhj

vulnerability_id VCID-v4cu-4n5q-wfhj

summary In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cross-domain redirect. This vulnerability arises from the failure to remove the Authorization header when redirecting across domains. The exposure of the Authorization header to unauthorized actors could potentially allow for account hijacking.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-3574

reference_id

reference_type

scores

value	0.00121
scoring_system	epss
scoring_elements	0.30746
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-3574

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3574
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3574

reference_url

https://github.com/scrapy/scrapy

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy

reference_url

https://github.com/scrapy/scrapy/commit/ee7bd9d217fc126063575d5649f00bdeeca2faae

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy/commit/ee7bd9d217fc126063575d5649f00bdeeca2faae

reference_url

https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9

reference_id

49974321-2718-43e3-a152-62b16eed72a9

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T15:23:27Z/

url

https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9

reference_url

https://github.com/scrapy/scrapy/commit/5bcb8fd5019c72d05c4a96da78a7fcb6ecb55b75

reference_id

5bcb8fd5019c72d05c4a96da78a7fcb6ecb55b75

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T15:23:27Z/

url

https://github.com/scrapy/scrapy/commit/5bcb8fd5019c72d05c4a96da78a7fcb6ecb55b75

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-3574

reference_id

CVE-2024-3574

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-3574

reference_url

https://github.com/advisories/GHSA-cw9j-q3vf-hrrv

reference_id

GHSA-cw9j-q3vf-hrrv

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cw9j-q3vf-hrrv

reference_url

https://github.com/scrapy/scrapy/security/advisories/GHSA-cw9j-q3vf-hrrv

reference_id

GHSA-cw9j-q3vf-hrrv

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy/security/advisories/GHSA-cw9j-q3vf-hrrv

reference_url	https://usn.ubuntu.com/7476-1/
reference_id	USN-7476-1
reference_type
scores
url	https://usn.ubuntu.com/7476-1/

fixed_packages

url pkg:pypi/scrapy@1.8.4

purl pkg:pypi/scrapy@1.8.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cdj-272n-qfgu

vulnerability	VCID-9dkx-sw7r-jkhz

vulnerability	VCID-a9vb-7v47-ybdc

vulnerability	VCID-atbn-f4xt-7fdr

vulnerability	VCID-nkga-85ed-73d1

vulnerability	VCID-u15g-aqdp-nkgm

vulnerability	VCID-xjb6-86c9-3bh4

vulnerability	VCID-zww5-7cb3-fkfx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.4

url pkg:pypi/scrapy@2.11.1

purl pkg:pypi/scrapy@2.11.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cdj-272n-qfgu

vulnerability	VCID-9dkx-sw7r-jkhz

vulnerability	VCID-atbn-f4xt-7fdr

vulnerability	VCID-u15g-aqdp-nkgm

vulnerability	VCID-xjb6-86c9-3bh4

vulnerability	VCID-zww5-7cb3-fkfx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.1

aliases CVE-2024-3574, GHSA-cw9j-q3vf-hrrv, GMS-2024-288

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v4cu-4n5q-wfhj

url VCID-xjb6-86c9-3bh4

vulnerability_id VCID-xjb6-86c9-3bh4

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-1968

reference_id

reference_type

scores

value	0.0019
scoring_system	epss
scoring_elements	0.40765
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-1968

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1968
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1968

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/scrapy/scrapy

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy

reference_url

https://github.com/scrapy/scrapy/commit/1d0502f25bbe55a22899af915623fda1aaeb9dd8

reference_id

1d0502f25bbe55a22899af915623fda1aaeb9dd8

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-18T20:26:27Z/

url

https://github.com/scrapy/scrapy/commit/1d0502f25bbe55a22899af915623fda1aaeb9dd8

reference_url

https://huntr.com/bounties/27f6a021-a891-446a-ada5-0226d619dd1a

reference_id

27f6a021-a891-446a-ada5-0226d619dd1a

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-18T20:26:27Z/

url

https://huntr.com/bounties/27f6a021-a891-446a-ada5-0226d619dd1a

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-1968
reference_id	CVE-2024-1968
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-1968

reference_url

https://github.com/advisories/GHSA-4qqq-9vqf-3h3f

reference_id

GHSA-4qqq-9vqf-3h3f

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4qqq-9vqf-3h3f

reference_url

https://github.com/scrapy/scrapy/security/advisories/GHSA-4qqq-9vqf-3h3f

reference_id

GHSA-4qqq-9vqf-3h3f

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/scrapy/scrapy/security/advisories/GHSA-4qqq-9vqf-3h3f

reference_url	https://usn.ubuntu.com/7476-1/
reference_id	USN-7476-1
reference_type
scores
url	https://usn.ubuntu.com/7476-1/

fixed_packages

url pkg:pypi/scrapy@2.0.0

purl pkg:pypi/scrapy@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cdj-272n-qfgu

vulnerability	VCID-2562-r6m9-jbfw

vulnerability	VCID-9dkx-sw7r-jkhz

vulnerability	VCID-a9vb-7v47-ybdc

vulnerability	VCID-atbn-f4xt-7fdr

vulnerability	VCID-ez8c-3cp8-dkd9

vulnerability	VCID-nkga-85ed-73d1

vulnerability	VCID-q9yh-76fr-ebb1

vulnerability	VCID-sbyb-vfh4-23fn

vulnerability	VCID-sp4d-d9r7-ekav

vulnerability	VCID-u15g-aqdp-nkgm

vulnerability	VCID-v4cu-4n5q-wfhj

vulnerability	VCID-xjb6-86c9-3bh4

vulnerability	VCID-zww5-7cb3-fkfx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.0.0

url pkg:pypi/scrapy@2.11.2

purl pkg:pypi/scrapy@2.11.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9dkx-sw7r-jkhz

vulnerability	VCID-zww5-7cb3-fkfx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.2

aliases CVE-2024-1968, GHSA-4qqq-9vqf-3h3f, PYSEC-2024-258

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xjb6-86c9-3bh4

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@0.16.1

Package Instance