VulnerableCode.io REST API

Lookup for vulnerable packages by Package URL.

GET /api/packages/936813?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/936813?format=api",
    "purl": "pkg:deb/debian/python-scrapy@2.11.1-1?distro=trixie",
    "type": "deb",
    "namespace": "debian",
    "name": "python-scrapy",
    "version": "2.11.1-1",
    "qualifiers": {
        "distro": "trixie"
    },
    "subpath": "",
    "is_vulnerable": false,
    "next_non_vulnerable_version": "2.11.2-1",
    "latest_non_vulnerable_version": "2.15.1-1",
    "affected_by_vulnerabilities": [],
    "fixing_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15210?format=api",
            "vulnerability_id": "VCID-385b-344t-23es",
            "summary": "Scrapy decompression bomb vulnerability\n### Impact\n\nScrapy limits allowed response sizes by default through the [`DOWNLOAD_MAXSIZE`](https://docs.scrapy.org/en/latest/topics/settings.html#download-maxsize) and [`DOWNLOAD_WARNSIZE`](https://docs.scrapy.org/en/latest/topics/settings.html#download-warnsize) settings.\n\nHowever, those limits were only being enforced during the download of the raw, usually-compressed response bodies, and not during decompression, making Scrapy vulnerable to [decompression bombs](https://cwe.mitre.org/data/definitions/409.html).\n\nA malicious website being scraped could send a small response that, on decompression, could exhaust the memory available to the Scrapy process, potentially affecting any other process sharing that memory, and affecting disk usage in case of uncompressed response caching.\n\n### Patches\n\nUpgrade to Scrapy 2.11.1.\n\nIf you are using Scrapy 1.8 or a lower version, and upgrading to Scrapy 2.11.1 is not an option, you may upgrade to Scrapy 1.8.4 instead.\n\n### Workarounds\n\nThere is no easy workaround.\n\nDisabling HTTP decompression altogether is impractical, as HTTP compression is a rather common practice.\n\nHowever, it is technically possible to manually backport the 2.11.1 or 1.8.4 fix, replacing the corresponding components of an unpatched version of Scrapy with patched versions copied into your own code.\n\n### Acknowledgements\n\nThis security issue was reported by @dmandefy  [through huntr.com](https://huntr.com/bounties/c4a0fac9-0c5a-4718-9ee4-2d06d58adabb/).",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3572",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00157",
                            "scoring_system": "epss",
                            "scoring_elements": "0.36643",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.00157",
                            "scoring_system": "epss",
                            "scoring_elements": "0.36556",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00157",
                            "scoring_system": "epss",
                            "scoring_elements": "0.3659",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.00157",
                            "scoring_system": "epss",
                            "scoring_elements": "0.36584",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00157",
                            "scoring_system": "epss",
                            "scoring_elements": "0.36565",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00157",
                            "scoring_system": "epss",
                            "scoring_elements": "0.36513",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00157",
                            "scoring_system": "epss",
                            "scoring_elements": "0.36675",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00157",
                            "scoring_system": "epss",
                            "scoring_elements": "0.36157",
                            "published_at": "2026-04-29T12:55:00Z"
                        },
                        {
                            "value": "0.00157",
                            "scoring_system": "epss",
                            "scoring_elements": "0.36243",
                            "published_at": "2026-04-26T12:55:00Z"
                        },
                        {
                            "value": "0.00157",
                            "scoring_system": "epss",
                            "scoring_elements": "0.36274",
                            "published_at": "2026-04-24T12:55:00Z"
                        },
                        {
                            "value": "0.00157",
                            "scoring_system": "epss",
                            "scoring_elements": "0.36503",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.00157",
                            "scoring_system": "epss",
                            "scoring_elements": "0.36559",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00157",
                            "scoring_system": "epss",
                            "scoring_elements": "0.36576",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00157",
                            "scoring_system": "epss",
                            "scoring_elements": "0.36532",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00161",
                            "scoring_system": "epss",
                            "scoring_elements": "0.3653",
                            "published_at": "2026-05-07T12:55:00Z"
                        },
                        {
                            "value": "0.00161",
                            "scoring_system": "epss",
                            "scoring_elements": "0.36459",
                            "published_at": "2026-05-05T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3572"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3572",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3572"
                },
                {
                    "reference_url": "https://docs.scrapy.org/en/latest/news.html#scrapy-2-11-1-2024-02-14",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://docs.scrapy.org/en/latest/news.html#scrapy-2-11-1-2024-02-14"
                },
                {
                    "reference_url": "https://github.com/scrapy/scrapy",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/scrapy/scrapy"
                },
                {
                    "reference_url": "https://github.com/scrapy/scrapy/commit/71b8741e3607cfda2833c7624d4ada87071aa8e5",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/scrapy/scrapy/commit/71b8741e3607cfda2833c7624d4ada87071aa8e5"
                },
                {
                    "reference_url": "https://github.com/scrapy/scrapy/commit/809bfac4890f75fc73607318a04d2ccba71b3d9f",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T15:21:44Z/"
                        }
                    ],
                    "url": "https://github.com/scrapy/scrapy/commit/809bfac4890f75fc73607318a04d2ccba71b3d9f"
                },
                {
                    "reference_url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-7j7m-v7m3-jqm7",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-7j7m-v7m3-jqm7"
                },
                {
                    "reference_url": "https://huntr.com/bounties/c4a0fac9-0c5a-4718-9ee4-2d06d58adabb",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T15:21:44Z/"
                        }
                    ],
                    "url": "https://huntr.com/bounties/c4a0fac9-0c5a-4718-9ee4-2d06d58adabb"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3572",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3572"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-7j7m-v7m3-jqm7",
                    "reference_id": "GHSA-7j7m-v7m3-jqm7",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-7j7m-v7m3-jqm7"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/7476-1/",
                    "reference_id": "USN-7476-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/7476-1/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/936813?format=api",
                    "purl": "pkg:deb/debian/python-scrapy@2.11.1-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.11.1-1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/936811?format=api",
                    "purl": "pkg:deb/debian/python-scrapy@2.12.0-2?distro=trixie",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-dc1m-rt7j-w3af"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.12.0-2%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/936810?format=api",
                    "purl": "pkg:deb/debian/python-scrapy@2.14.2-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.14.2-1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/1081569?format=api",
                    "purl": "pkg:deb/debian/python-scrapy@2.15.1-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.15.1-1%3Fdistro=trixie"
                }
            ],
            "aliases": [
                "CVE-2024-3572",
                "GHSA-7j7m-v7m3-jqm7",
                "GMS-2024-327"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-385b-344t-23es"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12569?format=api",
            "vulnerability_id": "VCID-64nx-aruy-q7gy",
            "summary": "A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker can cause a denial-of-service (DoS) condition. This vulnerability allows for the system to hang and consume significant resources, potentially rendering services that utilize Scrapy for XML processing unresponsive.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1892",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00058",
                            "scoring_system": "epss",
                            "scoring_elements": "0.18415",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00058",
                            "scoring_system": "epss",
                            "scoring_elements": "0.17953",
                            "published_at": "2026-05-07T12:55:00Z"
                        },
                        {
                            "value": "0.00058",
                            "scoring_system": "epss",
                            "scoring_elements": "0.1786",
                            "published_at": "2026-05-05T12:55:00Z"
                        },
                        {
                            "value": "0.00058",
                            "scoring_system": "epss",
                            "scoring_elements": "0.18257",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00058",
                            "scoring_system": "epss",
                            "scoring_elements": "0.18203",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00058",
                            "scoring_system": "epss",
                            "scoring_elements": "0.18118",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00058",
                            "scoring_system": "epss",
                            "scoring_elements": "0.1836",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.00058",
                            "scoring_system": "epss",
                            "scoring_elements": "0.18005",
                            "published_at": "2026-04-29T12:55:00Z"
                        },
                        {
                            "value": "0.00058",
                            "scoring_system": "epss",
                            "scoring_elements": "0.1804",
                            "published_at": "2026-04-26T12:55:00Z"
                        },
                        {
                            "value": "0.00058",
                            "scoring_system": "epss",
                            "scoring_elements": "0.18063",
                            "published_at": "2026-04-24T12:55:00Z"
                        },
                        {
                            "value": "0.00058",
                            "scoring_system": "epss",
                            "scoring_elements": "0.1815",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.00058",
                            "scoring_system": "epss",
                            "scoring_elements": "0.18106",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00058",
                            "scoring_system": "epss",
                            "scoring_elements": "0.18161",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00058",
                            "scoring_system": "epss",
                            "scoring_elements": "0.18213",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00058",
                            "scoring_system": "epss",
                            "scoring_elements": "0.18259",
                            "published_at": "2026-04-11T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1892"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1892",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1892"
                },
                {
                    "reference_url": "https://docs.scrapy.org/en/latest/news.html#scrapy-1-8-4-2024-02-14",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://docs.scrapy.org/en/latest/news.html#scrapy-1-8-4-2024-02-14"
                },
                {
                    "reference_url": "https://docs.scrapy.org/en/latest/news.html#scrapy-2-11-1-2024-02-14",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://docs.scrapy.org/en/latest/news.html#scrapy-2-11-1-2024-02-14"
                },
                {
                    "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2024-162.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/pypa/advisory-database/tree/main/vulns/scrapy/PYSEC-2024-162.yaml"
                },
                {
                    "reference_url": "https://github.com/scrapy/scrapy",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/scrapy/scrapy"
                },
                {
                    "reference_url": "https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T16:44:39Z/"
                        }
                    ],
                    "url": "https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5"
                },
                {
                    "reference_url": "https://github.com/scrapy/scrapy/commit/73e7c0ed011a0565a1584b8052ec757b54e5270b",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/scrapy/scrapy/commit/73e7c0ed011a0565a1584b8052ec757b54e5270b"
                },
                {
                    "reference_url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-cc65-xxvf-f7r9",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-cc65-xxvf-f7r9"
                },
                {
                    "reference_url": "https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T16:44:39Z/"
                        }
                    ],
                    "url": "https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065111",
                    "reference_id": "1065111",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065111"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-cc65-xxvf-f7r9",
                    "reference_id": "GHSA-cc65-xxvf-f7r9",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-cc65-xxvf-f7r9"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/7476-1/",
                    "reference_id": "USN-7476-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/7476-1/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/936813?format=api",
                    "purl": "pkg:deb/debian/python-scrapy@2.11.1-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.11.1-1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/936811?format=api",
                    "purl": "pkg:deb/debian/python-scrapy@2.12.0-2?distro=trixie",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-dc1m-rt7j-w3af"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.12.0-2%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/936810?format=api",
                    "purl": "pkg:deb/debian/python-scrapy@2.14.2-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.14.2-1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/1081569?format=api",
                    "purl": "pkg:deb/debian/python-scrapy@2.15.1-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.15.1-1%3Fdistro=trixie"
                }
            ],
            "aliases": [
                "CVE-2024-1892",
                "GHSA-cc65-xxvf-f7r9",
                "GMS-2024-287",
                "PYSEC-2024-162"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-64nx-aruy-q7gy"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15539?format=api",
            "vulnerability_id": "VCID-kgf5-wu3r-pqc6",
            "summary": "Scrapy authorization header leakage on cross-domain redirect\n### Impact\n\nWhen you send a request with the `Authorization` header to one domain, and the response asks to redirect to a different domain, Scrapy’s built-in redirect middleware creates a follow-up redirect request that keeps the original `Authorization` header, leaking its content to that second domain.\n\nThe [right behavior](https://fetch.spec.whatwg.org/#ref-for-cors-non-wildcard-request-header-name) would be to drop the `Authorization` header instead, in this scenario.\n\n### Patches\n\nUpgrade to Scrapy 2.11.1.\n\nIf you are using Scrapy 1.8 or a lower version, and upgrading to Scrapy 2.11.1 is not an option, you may upgrade to Scrapy 1.8.4 instead.\n\n### Workarounds\n\nIf you cannot upgrade, make sure that you are not using the `Authentication` header, either directly or through some third-party plugin.\n\nIf you need to use that header in some requests, add `\"dont_redirect\": True` to the `request.meta` dictionary of those requests to disable following redirects for them.\n\nIf you need to keep (same domain) redirect support on those requests, make sure you trust the target website not to redirect your requests to a different domain.\n\n### Acknowledgements\n\nThis security issue was reported by @ranjit-git  [through huntr.com](https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9/).",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3574",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00121",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31172",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00121",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31255",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00121",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31311",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.00121",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31352",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00121",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31225",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00121",
                            "scoring_system": "epss",
                            "scoring_elements": "0.3071",
                            "published_at": "2026-05-07T12:55:00Z"
                        },
                        {
                            "value": "0.00121",
                            "scoring_system": "epss",
                            "scoring_elements": "0.30641",
                            "published_at": "2026-05-05T12:55:00Z"
                        },
                        {
                            "value": "0.00121",
                            "scoring_system": "epss",
                            "scoring_elements": "0.3079",
                            "published_at": "2026-04-29T12:55:00Z"
                        },
                        {
                            "value": "0.00121",
                            "scoring_system": "epss",
                            "scoring_elements": "0.30875",
                            "published_at": "2026-04-26T12:55:00Z"
                        },
                        {
                            "value": "0.00121",
                            "scoring_system": "epss",
                            "scoring_elements": "0.30996",
                            "published_at": "2026-04-24T12:55:00Z"
                        },
                        {
                            "value": "0.00121",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31157",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.00121",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31187",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00121",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31206",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00121",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31216",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00121",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31259",
                            "published_at": "2026-04-11T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3574"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3574",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3574"
                },
                {
                    "reference_url": "https://github.com/scrapy/scrapy",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/scrapy/scrapy"
                },
                {
                    "reference_url": "https://github.com/scrapy/scrapy/commit/ee7bd9d217fc126063575d5649f00bdeeca2faae",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/scrapy/scrapy/commit/ee7bd9d217fc126063575d5649f00bdeeca2faae"
                },
                {
                    "reference_url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-cw9j-q3vf-hrrv",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/scrapy/scrapy/security/advisories/GHSA-cw9j-q3vf-hrrv"
                },
                {
                    "reference_url": "https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T15:23:27Z/"
                        }
                    ],
                    "url": "https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3574",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3574"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/7476-1/",
                    "reference_id": "USN-7476-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/7476-1/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/936813?format=api",
                    "purl": "pkg:deb/debian/python-scrapy@2.11.1-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.11.1-1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/936811?format=api",
                    "purl": "pkg:deb/debian/python-scrapy@2.12.0-2?distro=trixie",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-dc1m-rt7j-w3af"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.12.0-2%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/936810?format=api",
                    "purl": "pkg:deb/debian/python-scrapy@2.14.2-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.14.2-1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/1081569?format=api",
                    "purl": "pkg:deb/debian/python-scrapy@2.15.1-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.15.1-1%3Fdistro=trixie"
                }
            ],
            "aliases": [
                "CVE-2024-3574",
                "GHSA-cw9j-q3vf-hrrv",
                "GMS-2024-288"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kgf5-wu3r-pqc6"
        }
    ],
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-scrapy@2.11.1-1%3Fdistro=trixie"
}

Package Instance