Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/66615?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/66615?format=api", "purl": "pkg:pypi/scrapy@1.1.4", "type": "pypi", "namespace": "", "name": "scrapy", "version": "1.1.4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.14.2", "latest_non_vulnerable_version": "2.14.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211895?format=api", "vulnerability_id": "VCID-1cdj-272n-qfgu", "summary": "Duplicate Advisory: Scrapy leaks the authorization header on same-domain but cross-origin redirects", "references": [ { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1968", "reference_id": "CVE-2024-1968", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1968" }, { "reference_url": "https://github.com/advisories/GHSA-cg34-w3fm-82h3", "reference_id": "GHSA-cg34-w3fm-82h3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cg34-w3fm-82h3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31063?format=api", "purl": "pkg:pypi/scrapy@2.11.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9dkx-sw7r-jkhz" }, { "vulnerability": "VCID-zww5-7cb3-fkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.2" } ], "aliases": [ "GHSA-cg34-w3fm-82h3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1cdj-272n-qfgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197544?format=api", "vulnerability_id": "VCID-2562-r6m9-jbfw", "summary": "information disclosure", "references": [ { "reference_url": "http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41125", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48767", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41125" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41125", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41125" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2021-363.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2021-363.yaml" }, { "reference_url": "https://github.com/scrapy/scrapy", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy" }, { "reference_url": "https://github.com/scrapy/scrapy/commit/b01d69a1bf48060daec8f751368622352d8b85a6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy/commit/b01d69a1bf48060daec8f751368622352d8b85a6" }, { "reference_url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-jwqp-28gf-p498", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-jwqp-28gf-p498" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00021.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41125", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41125" }, { "reference_url": "https://w3lib.readthedocs.io/en/latest/w3lib.html#w3lib.http.basic_auth_header", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://w3lib.readthedocs.io/en/latest/w3lib.html#w3lib.http.basic_auth_header" }, { "reference_url": "https://security.archlinux.org/AVG-2447", "reference_id": "AVG-2447", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2447" }, { "reference_url": "https://github.com/advisories/GHSA-jwqp-28gf-p498", "reference_id": "GHSA-jwqp-28gf-p498", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jwqp-28gf-p498" }, { "reference_url": "https://usn.ubuntu.com/7476-1/", "reference_id": "USN-7476-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7476-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66643?format=api", "purl": "pkg:pypi/scrapy@1.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cdj-272n-qfgu" }, { "vulnerability": "VCID-9dkx-sw7r-jkhz" }, { "vulnerability": "VCID-a9vb-7v47-ybdc" }, { "vulnerability": "VCID-atbn-f4xt-7fdr" }, { "vulnerability": "VCID-ez8c-3cp8-dkd9" }, { "vulnerability": "VCID-nkga-85ed-73d1" }, { "vulnerability": "VCID-q9yh-76fr-ebb1" }, { "vulnerability": "VCID-sbyb-vfh4-23fn" }, { "vulnerability": "VCID-u15g-aqdp-nkgm" }, { "vulnerability": "VCID-v4cu-4n5q-wfhj" }, { "vulnerability": "VCID-xjb6-86c9-3bh4" }, { "vulnerability": "VCID-zww5-7cb3-fkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66644?format=api", "purl": "pkg:pypi/scrapy@2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cdj-272n-qfgu" }, { "vulnerability": "VCID-9dkx-sw7r-jkhz" }, { "vulnerability": "VCID-a9vb-7v47-ybdc" }, { "vulnerability": "VCID-atbn-f4xt-7fdr" }, { "vulnerability": "VCID-ez8c-3cp8-dkd9" }, { "vulnerability": "VCID-nkga-85ed-73d1" }, { "vulnerability": "VCID-q9yh-76fr-ebb1" }, { "vulnerability": "VCID-sbyb-vfh4-23fn" }, { "vulnerability": "VCID-u15g-aqdp-nkgm" }, { "vulnerability": "VCID-v4cu-4n5q-wfhj" }, { "vulnerability": "VCID-xjb6-86c9-3bh4" }, { "vulnerability": "VCID-zww5-7cb3-fkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.5.1" } ], "aliases": [ "CVE-2021-41125", "GHSA-jwqp-28gf-p498", "PYSEC-2021-363" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2562-r6m9-jbfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111274?format=api", "vulnerability_id": "VCID-9dkx-sw7r-jkhz", "summary": "Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6176.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6176.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6176", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10559", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6176" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6176", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6176" }, { "reference_url": "https://github.com/google/brotli", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/google/brotli" }, { "reference_url": "https://github.com/scrapy/scrapy/commit/14737e91edc513967f516fc839cc9c8a4f8d91da", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy/commit/14737e91edc513967f516fc839cc9c8a4f8d91da" }, { "reference_url": "https://github.com/scrapy/scrapy/pull/7134", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy/pull/7134" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408762", "reference_id": "2408762", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408762" }, { "reference_url": "https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0", "reference_id": "2c26a886-5984-47ee-a421-0d5fe1344eb0", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-31T16:15:58Z/" } ], "url": "https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6176", "reference_id": "CVE-2025-6176", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6176" }, { "reference_url": "https://github.com/advisories/GHSA-2qfp-q593-8484", "reference_id": "GHSA-2qfp-q593-8484", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2qfp-q593-8484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0008", "reference_id": "RHSA-2026:0008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0008" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0845", "reference_id": "RHSA-2026:0845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2042", "reference_id": "RHSA-2026:2042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2226", "reference_id": "RHSA-2026:2226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2226" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2227", "reference_id": "RHSA-2026:2227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2228", "reference_id": "RHSA-2026:2228", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2228" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2229", "reference_id": "RHSA-2026:2229", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2229" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2389", "reference_id": "RHSA-2026:2389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2399", "reference_id": "RHSA-2026:2399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2400", "reference_id": "RHSA-2026:2400", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2400" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2401", "reference_id": "RHSA-2026:2401", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2401" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2455", "reference_id": "RHSA-2026:2455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2455" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2737", "reference_id": "RHSA-2026:2737", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2737" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2800", "reference_id": "RHSA-2026:2800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2844", "reference_id": "RHSA-2026:2844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2974", "reference_id": "RHSA-2026:2974", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2974" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2976", "reference_id": "RHSA-2026:2976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3392", "reference_id": "RHSA-2026:3392", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3392" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3406", "reference_id": "RHSA-2026:3406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3406" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3415", "reference_id": "RHSA-2026:3415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3417", "reference_id": "RHSA-2026:3417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3861", "reference_id": "RHSA-2026:3861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4419", "reference_id": "RHSA-2026:4419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4419" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4465", "reference_id": "RHSA-2026:4465", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4465" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5970", "reference_id": "RHSA-2026:5970", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5970" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5971", "reference_id": "RHSA-2026:5971", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5971" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34940?format=api", "purl": "pkg:pypi/scrapy@2.13.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zww5-7cb3-fkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.13.4" } ], "aliases": [ "CVE-2025-6176", "GHSA-2qfp-q593-8484" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9dkx-sw7r-jkhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208316?format=api", "vulnerability_id": "VCID-a9vb-7v47-ybdc", "summary": "Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0577", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43449", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0577" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2022-159.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2022-159.yaml" }, { "reference_url": "https://github.com/scrapy/scrapy", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy" }, { "reference_url": "https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a" }, { "reference_url": "https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00021.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008234", "reference_id": "1008234", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008234" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0577", "reference_id": "CVE-2022-0577", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0577" }, { "reference_url": "https://github.com/advisories/GHSA-cjvr-mfj7-j4j8", "reference_id": "GHSA-cjvr-mfj7-j4j8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cjvr-mfj7-j4j8" }, { "reference_url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-cjvr-mfj7-j4j8", "reference_id": "GHSA-cjvr-mfj7-j4j8", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-cjvr-mfj7-j4j8" }, { "reference_url": "https://usn.ubuntu.com/7476-1/", "reference_id": "USN-7476-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7476-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19537?format=api", "purl": "pkg:pypi/scrapy@1.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cdj-272n-qfgu" }, { "vulnerability": "VCID-9dkx-sw7r-jkhz" }, { "vulnerability": "VCID-a9vb-7v47-ybdc" }, { "vulnerability": "VCID-atbn-f4xt-7fdr" }, { "vulnerability": "VCID-nkga-85ed-73d1" }, { "vulnerability": "VCID-q9yh-76fr-ebb1" }, { "vulnerability": "VCID-sbyb-vfh4-23fn" }, { "vulnerability": "VCID-u15g-aqdp-nkgm" }, { "vulnerability": "VCID-v4cu-4n5q-wfhj" }, { "vulnerability": "VCID-xjb6-86c9-3bh4" }, { "vulnerability": "VCID-zww5-7cb3-fkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/19536?format=api", "purl": "pkg:pypi/scrapy@2.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cdj-272n-qfgu" }, { "vulnerability": "VCID-9dkx-sw7r-jkhz" }, { "vulnerability": "VCID-atbn-f4xt-7fdr" }, { "vulnerability": "VCID-nkga-85ed-73d1" }, { "vulnerability": "VCID-q9yh-76fr-ebb1" }, { "vulnerability": "VCID-sbyb-vfh4-23fn" }, { "vulnerability": "VCID-u15g-aqdp-nkgm" }, { "vulnerability": "VCID-v4cu-4n5q-wfhj" }, { "vulnerability": "VCID-xjb6-86c9-3bh4" }, { "vulnerability": "VCID-zww5-7cb3-fkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.6.1" } ], "aliases": [ "CVE-2022-0577", "GHSA-cjvr-mfj7-j4j8", "PYSEC-2022-159" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a9vb-7v47-ybdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211768?format=api", "vulnerability_id": "VCID-atbn-f4xt-7fdr", "summary": "Scrapy allows redirect following in protocols other than HTTP", "references": [ { "reference_url": "https://github.com/scrapy/scrapy", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy" }, { "reference_url": "https://github.com/scrapy/scrapy/commit/36287cb665ab4b0c65fd53181c9a0ef04990ada6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy/commit/36287cb665ab4b0c65fd53181c9a0ef04990ada6" }, { "reference_url": "https://github.com/scrapy/scrapy/issues/457", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy/issues/457" }, { "reference_url": "https://github.com/advisories/GHSA-23j4-mw76-5v7h", "reference_id": "GHSA-23j4-mw76-5v7h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-23j4-mw76-5v7h" }, { "reference_url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-23j4-mw76-5v7h", "reference_id": "GHSA-23j4-mw76-5v7h", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-23j4-mw76-5v7h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31063?format=api", "purl": "pkg:pypi/scrapy@2.11.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9dkx-sw7r-jkhz" }, { "vulnerability": "VCID-zww5-7cb3-fkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.2" } ], "aliases": [ "GHSA-23j4-mw76-5v7h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-atbn-f4xt-7fdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208319?format=api", "vulnerability_id": "VCID-ez8c-3cp8-dkd9", "summary": "Scrapy cookie-setting is not restricted based on the public suffix list", "references": [ { "reference_url": "https://github.com/scrapy/scrapy", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy" }, { "reference_url": "https://github.com/scrapy/scrapy/commit/e865c4430e58a4faa0e0766b23830f8423d6167a", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy/commit/e865c4430e58a4faa0e0766b23830f8423d6167a" }, { "reference_url": "https://github.com/advisories/GHSA-mfjm-vh54-3f96", "reference_id": "GHSA-mfjm-vh54-3f96", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mfjm-vh54-3f96" }, { "reference_url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-mfjm-vh54-3f96", "reference_id": "GHSA-mfjm-vh54-3f96", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-mfjm-vh54-3f96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19537?format=api", "purl": "pkg:pypi/scrapy@1.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cdj-272n-qfgu" }, { "vulnerability": "VCID-9dkx-sw7r-jkhz" }, { "vulnerability": "VCID-a9vb-7v47-ybdc" }, { "vulnerability": "VCID-atbn-f4xt-7fdr" }, { "vulnerability": "VCID-nkga-85ed-73d1" }, { "vulnerability": "VCID-q9yh-76fr-ebb1" }, { "vulnerability": "VCID-sbyb-vfh4-23fn" }, { "vulnerability": "VCID-u15g-aqdp-nkgm" }, { "vulnerability": "VCID-v4cu-4n5q-wfhj" }, { "vulnerability": "VCID-xjb6-86c9-3bh4" }, { "vulnerability": "VCID-zww5-7cb3-fkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/19538?format=api", "purl": "pkg:pypi/scrapy@2.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cdj-272n-qfgu" }, { "vulnerability": "VCID-9dkx-sw7r-jkhz" }, { "vulnerability": "VCID-a9vb-7v47-ybdc" }, { "vulnerability": "VCID-atbn-f4xt-7fdr" }, { "vulnerability": "VCID-nkga-85ed-73d1" }, { "vulnerability": "VCID-q9yh-76fr-ebb1" }, { "vulnerability": "VCID-sbyb-vfh4-23fn" }, { "vulnerability": "VCID-u15g-aqdp-nkgm" }, { "vulnerability": "VCID-v4cu-4n5q-wfhj" }, { "vulnerability": "VCID-xjb6-86c9-3bh4" }, { "vulnerability": "VCID-zww5-7cb3-fkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.6.0" } ], "aliases": [ "GHSA-mfjm-vh54-3f96", "GMS-2022-230" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ez8c-3cp8-dkd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54742?format=api", "vulnerability_id": "VCID-nkga-85ed-73d1", "summary": "A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker can cause a denial-of-service (DoS) condition. This vulnerability allows for the system to hang and consume significant resources, potentially rendering services that utilize Scrapy for XML processing unresponsive.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1892", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18474", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1892" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1892", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1892" }, { "reference_url": "https://docs.scrapy.org/en/latest/news.html#scrapy-1-8-4-2024-02-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.scrapy.org/en/latest/news.html#scrapy-1-8-4-2024-02-14" }, { "reference_url": "https://docs.scrapy.org/en/latest/news.html#scrapy-2-11-1-2024-02-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.scrapy.org/en/latest/news.html#scrapy-2-11-1-2024-02-14" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2024-162.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2024-162.yaml" }, { "reference_url": "https://github.com/scrapy/scrapy", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy" }, { "reference_url": "https://github.com/scrapy/scrapy/commit/73e7c0ed011a0565a1584b8052ec757b54e5270b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy/commit/73e7c0ed011a0565a1584b8052ec757b54e5270b" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065111", "reference_id": "1065111", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065111" }, { "reference_url": "https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b", "reference_id": "271f94f2-1e05-4616-ac43-41752389e26b", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T16:44:39Z/" } ], "url": "https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b" }, { "reference_url": "https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5", "reference_id": "479619b340f197a8f24c5db45bc068fb8755f2c5", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T16:44:39Z/" } ], "url": "https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1892", "reference_id": "CVE-2024-1892", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1892" }, { "reference_url": "https://github.com/advisories/GHSA-cc65-xxvf-f7r9", "reference_id": "GHSA-cc65-xxvf-f7r9", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cc65-xxvf-f7r9" }, { "reference_url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-cc65-xxvf-f7r9", "reference_id": "GHSA-cc65-xxvf-f7r9", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-cc65-xxvf-f7r9" }, { "reference_url": "https://usn.ubuntu.com/7476-1/", "reference_id": "USN-7476-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7476-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29048?format=api", "purl": "pkg:pypi/scrapy@1.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cdj-272n-qfgu" }, { "vulnerability": "VCID-9dkx-sw7r-jkhz" }, { "vulnerability": "VCID-a9vb-7v47-ybdc" }, { "vulnerability": "VCID-atbn-f4xt-7fdr" }, { "vulnerability": "VCID-nkga-85ed-73d1" }, { "vulnerability": "VCID-u15g-aqdp-nkgm" }, { "vulnerability": "VCID-xjb6-86c9-3bh4" }, { "vulnerability": "VCID-zww5-7cb3-fkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/29050?format=api", "purl": "pkg:pypi/scrapy@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cdj-272n-qfgu" }, { "vulnerability": "VCID-9dkx-sw7r-jkhz" }, { "vulnerability": "VCID-atbn-f4xt-7fdr" }, { "vulnerability": "VCID-u15g-aqdp-nkgm" }, { "vulnerability": "VCID-xjb6-86c9-3bh4" }, { "vulnerability": "VCID-zww5-7cb3-fkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.1" } ], "aliases": [ "CVE-2024-1892", "GHSA-cc65-xxvf-f7r9", "GMS-2024-287", "PYSEC-2024-162" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nkga-85ed-73d1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204882?format=api", "vulnerability_id": "VCID-q9yh-76fr-ebb1", "summary": "Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore.", "references": [ { "reference_url": "http://blog.csdn.net/wangtua/article/details/75228728", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://blog.csdn.net/wangtua/article/details/75228728" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14158", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01495", "scoring_system": "epss", "scoring_elements": "0.81485", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14158" }, { "reference_url": "https://github.com/advisories/GHSA-h7wm-ph43-c39p", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h7wm-ph43-c39p" }, { "reference_url": "https://github.com/pypa/advisory-database/blob/8b7a4d62a95e8f605e5dfb4e0b4f299e6403dc12/vulns/scrapy/PYSEC-2017-83.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/blob/8b7a4d62a95e8f605e5dfb4e0b4f299e6403dc12/vulns/scrapy/PYSEC-2017-83.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2017-83.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2017-83.yaml" }, { "reference_url": "https://github.com/scrapy/scrapy", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy" }, { "reference_url": "https://github.com/scrapy/scrapy/issues/482", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy/issues/482" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14158", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14158" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875947", "reference_id": "875947", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875947" } ], "fixed_packages": [], "aliases": [ "CVE-2017-14158", "GHSA-h7wm-ph43-c39p", "PYSEC-2017-83" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q9yh-76fr-ebb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64686?format=api", "vulnerability_id": "VCID-sbyb-vfh4-23fn", "summary": "The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, or circumvent firewalls by submitting specially crafted XML data.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3572", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.36781", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3572" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3572", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3572" }, { "reference_url": "https://docs.scrapy.org/en/latest/news.html#scrapy-2-11-1-2024-02-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.scrapy.org/en/latest/news.html#scrapy-2-11-1-2024-02-14" }, { "reference_url": "https://github.com/scrapy/scrapy", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy" }, { "reference_url": "https://github.com/scrapy/scrapy/commit/71b8741e3607cfda2833c7624d4ada87071aa8e5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy/commit/71b8741e3607cfda2833c7624d4ada87071aa8e5" }, { "reference_url": "https://github.com/scrapy/scrapy/commit/809bfac4890f75fc73607318a04d2ccba71b3d9f", "reference_id": "809bfac4890f75fc73607318a04d2ccba71b3d9f", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T15:21:44Z/" } ], "url": "https://github.com/scrapy/scrapy/commit/809bfac4890f75fc73607318a04d2ccba71b3d9f" }, { "reference_url": "https://huntr.com/bounties/c4a0fac9-0c5a-4718-9ee4-2d06d58adabb", "reference_id": "c4a0fac9-0c5a-4718-9ee4-2d06d58adabb", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T15:21:44Z/" } ], "url": "https://huntr.com/bounties/c4a0fac9-0c5a-4718-9ee4-2d06d58adabb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3572", "reference_id": "CVE-2024-3572", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3572" }, { "reference_url": "https://github.com/advisories/GHSA-7j7m-v7m3-jqm7", "reference_id": "GHSA-7j7m-v7m3-jqm7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7j7m-v7m3-jqm7" }, { "reference_url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-7j7m-v7m3-jqm7", "reference_id": "GHSA-7j7m-v7m3-jqm7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-7j7m-v7m3-jqm7" }, { "reference_url": "https://usn.ubuntu.com/7476-1/", "reference_id": "USN-7476-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7476-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29048?format=api", "purl": "pkg:pypi/scrapy@1.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cdj-272n-qfgu" }, { "vulnerability": "VCID-9dkx-sw7r-jkhz" }, { "vulnerability": "VCID-a9vb-7v47-ybdc" }, { "vulnerability": "VCID-atbn-f4xt-7fdr" }, { "vulnerability": "VCID-nkga-85ed-73d1" }, { "vulnerability": "VCID-u15g-aqdp-nkgm" }, { "vulnerability": "VCID-xjb6-86c9-3bh4" }, { "vulnerability": "VCID-zww5-7cb3-fkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/29050?format=api", "purl": "pkg:pypi/scrapy@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cdj-272n-qfgu" }, { "vulnerability": "VCID-9dkx-sw7r-jkhz" }, { "vulnerability": "VCID-atbn-f4xt-7fdr" }, { "vulnerability": "VCID-u15g-aqdp-nkgm" }, { "vulnerability": "VCID-xjb6-86c9-3bh4" }, { "vulnerability": "VCID-zww5-7cb3-fkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.1" } ], "aliases": [ "CVE-2024-3572", "GHSA-7j7m-v7m3-jqm7", "GMS-2024-327" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sbyb-vfh4-23fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211767?format=api", "vulnerability_id": "VCID-u15g-aqdp-nkgm", "summary": "Scrapy's redirects ignoring scheme-specific proxy settings", "references": [ { "reference_url": "https://github.com/scrapy/scrapy", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy" }, { "reference_url": "https://github.com/scrapy/scrapy/issues/767", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy/issues/767" }, { "reference_url": "https://github.com/advisories/GHSA-jm3v-qxmh-hxwv", "reference_id": "GHSA-jm3v-qxmh-hxwv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jm3v-qxmh-hxwv" }, { "reference_url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-jm3v-qxmh-hxwv", "reference_id": "GHSA-jm3v-qxmh-hxwv", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-jm3v-qxmh-hxwv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31063?format=api", "purl": "pkg:pypi/scrapy@2.11.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9dkx-sw7r-jkhz" }, { "vulnerability": "VCID-zww5-7cb3-fkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.2" } ], "aliases": [ "GHSA-jm3v-qxmh-hxwv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u15g-aqdp-nkgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64477?format=api", "vulnerability_id": "VCID-v4cu-4n5q-wfhj", "summary": "In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cross-domain redirect. This vulnerability arises from the failure to remove the Authorization header when redirecting across domains. The exposure of the Authorization header to unauthorized actors could potentially allow for account hijacking.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3574", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.30746", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3574" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3574", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3574" }, { "reference_url": "https://github.com/scrapy/scrapy", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy" }, { "reference_url": "https://github.com/scrapy/scrapy/commit/ee7bd9d217fc126063575d5649f00bdeeca2faae", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy/commit/ee7bd9d217fc126063575d5649f00bdeeca2faae" }, { "reference_url": "https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9", "reference_id": "49974321-2718-43e3-a152-62b16eed72a9", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T15:23:27Z/" } ], "url": "https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9" }, { "reference_url": "https://github.com/scrapy/scrapy/commit/5bcb8fd5019c72d05c4a96da78a7fcb6ecb55b75", "reference_id": "5bcb8fd5019c72d05c4a96da78a7fcb6ecb55b75", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T15:23:27Z/" } ], "url": "https://github.com/scrapy/scrapy/commit/5bcb8fd5019c72d05c4a96da78a7fcb6ecb55b75" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3574", "reference_id": "CVE-2024-3574", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3574" }, { "reference_url": "https://github.com/advisories/GHSA-cw9j-q3vf-hrrv", "reference_id": "GHSA-cw9j-q3vf-hrrv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cw9j-q3vf-hrrv" }, { "reference_url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-cw9j-q3vf-hrrv", "reference_id": "GHSA-cw9j-q3vf-hrrv", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-cw9j-q3vf-hrrv" }, { "reference_url": "https://usn.ubuntu.com/7476-1/", "reference_id": "USN-7476-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7476-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29048?format=api", "purl": "pkg:pypi/scrapy@1.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cdj-272n-qfgu" }, { "vulnerability": "VCID-9dkx-sw7r-jkhz" }, { "vulnerability": "VCID-a9vb-7v47-ybdc" }, { "vulnerability": "VCID-atbn-f4xt-7fdr" }, { "vulnerability": "VCID-nkga-85ed-73d1" }, { "vulnerability": "VCID-u15g-aqdp-nkgm" }, { "vulnerability": "VCID-xjb6-86c9-3bh4" }, { "vulnerability": "VCID-zww5-7cb3-fkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/29050?format=api", "purl": "pkg:pypi/scrapy@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cdj-272n-qfgu" }, { "vulnerability": "VCID-9dkx-sw7r-jkhz" }, { "vulnerability": "VCID-atbn-f4xt-7fdr" }, { "vulnerability": "VCID-u15g-aqdp-nkgm" }, { "vulnerability": "VCID-xjb6-86c9-3bh4" }, { "vulnerability": "VCID-zww5-7cb3-fkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.1" } ], "aliases": [ "CVE-2024-3574", "GHSA-cw9j-q3vf-hrrv", "GMS-2024-288" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v4cu-4n5q-wfhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18134?format=api", "vulnerability_id": "VCID-xjb6-86c9-3bh4", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1968", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40765", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1968" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1968", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1968" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/scrapy/scrapy", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy" }, { "reference_url": "https://github.com/scrapy/scrapy/commit/1d0502f25bbe55a22899af915623fda1aaeb9dd8", "reference_id": "1d0502f25bbe55a22899af915623fda1aaeb9dd8", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-18T20:26:27Z/" } ], "url": "https://github.com/scrapy/scrapy/commit/1d0502f25bbe55a22899af915623fda1aaeb9dd8" }, { "reference_url": "https://huntr.com/bounties/27f6a021-a891-446a-ada5-0226d619dd1a", "reference_id": "27f6a021-a891-446a-ada5-0226d619dd1a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-18T20:26:27Z/" } ], "url": "https://huntr.com/bounties/27f6a021-a891-446a-ada5-0226d619dd1a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1968", "reference_id": "CVE-2024-1968", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1968" }, { "reference_url": "https://github.com/advisories/GHSA-4qqq-9vqf-3h3f", "reference_id": "GHSA-4qqq-9vqf-3h3f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4qqq-9vqf-3h3f" }, { "reference_url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-4qqq-9vqf-3h3f", "reference_id": "GHSA-4qqq-9vqf-3h3f", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-4qqq-9vqf-3h3f" }, { "reference_url": "https://usn.ubuntu.com/7476-1/", "reference_id": "USN-7476-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7476-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19535?format=api", "purl": "pkg:pypi/scrapy@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cdj-272n-qfgu" }, { "vulnerability": "VCID-2562-r6m9-jbfw" }, { "vulnerability": "VCID-9dkx-sw7r-jkhz" }, { "vulnerability": "VCID-a9vb-7v47-ybdc" }, { "vulnerability": "VCID-atbn-f4xt-7fdr" }, { "vulnerability": "VCID-ez8c-3cp8-dkd9" }, { "vulnerability": "VCID-nkga-85ed-73d1" }, { "vulnerability": "VCID-q9yh-76fr-ebb1" }, { "vulnerability": "VCID-sbyb-vfh4-23fn" }, { "vulnerability": "VCID-sp4d-d9r7-ekav" }, { "vulnerability": "VCID-u15g-aqdp-nkgm" }, { "vulnerability": "VCID-v4cu-4n5q-wfhj" }, { "vulnerability": "VCID-xjb6-86c9-3bh4" }, { "vulnerability": "VCID-zww5-7cb3-fkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/31063?format=api", "purl": "pkg:pypi/scrapy@2.11.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9dkx-sw7r-jkhz" }, { "vulnerability": "VCID-zww5-7cb3-fkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.2" } ], "aliases": [ "CVE-2024-1968", "GHSA-4qqq-9vqf-3h3f", "PYSEC-2024-258" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xjb6-86c9-3bh4" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.1.4" }