Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-cwxj-rr6w-m6w7
  • PyPI/scrapy
 Scrapy: Arbitrary Module Import via Referrer-Policy Header in RefererMiddleware 13 Mar
  • Fix available
  • Severity - 7.5 (High)
GHSA-2qfp-q593-8484
  • PyPI/brotli
  • PyPI/scrapy
 Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation 31 Oct 2025
  • Fix available
  • Severity - 7.5 (High)
PYSEC-2024-258
  • PyPI/scrapy
  • github.com/scrapy/scrapy
 See record for full details 20 May 2024
  • Fix available
GHSA-23j4-mw76-5v7h
  • PyPI/scrapy
 Scrapy allows redirect following in protocols other than HTTP 14 May 2024
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-jm3v-qxmh-hxwv
  • PyPI/scrapy
 Scrapy's redirects ignoring scheme-specific proxy settings 14 May 2024
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-4qqq-9vqf-3h3f
  • PyPI/scrapy
 Scrapy leaks the authorization header on same-domain but cross-origin redirects 14 May 2024
  • Fix available
  • Severity - 5.9 (Medium)
PYSEC-2024-162
  • PyPI/scrapy
  • github.com/scrapy/scrapy
 See record for full details 28 Feb 2024
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-7j7m-v7m3-jqm7
  • PyPI/scrapy
 Scrapy decompression bomb vulnerability 16 Feb 2024
  • Fix available
  • Severity - 7.5 (High)
GHSA-cw9j-q3vf-hrrv
  • PyPI/scrapy
 Scrapy authorization header leakage on cross-domain redirect 15 Feb 2024
  • Fix available
  • Severity - 7.5 (High)
GHSA-cc65-xxvf-f7r9
  • PyPI/scrapy
 Scrapy vulnerable to ReDoS via XMLFeedSpider 15 Feb 2024
  • Fix available
  • Severity - 7.5 (High)
GHSA-9x8m-2xpf-crp3
  • PyPI/scrapy
 Scrapy before 2.6.2 and 1.8.3 vulnerable to one proxy sending credentials to another 29 Jul 2022
  • Fix available
GHSA-h7wm-ph43-c39p
  • PyPI/scrapy
 Scrapy denial of service vulnerability 17 May 2022
  • No fix available
  • Severity - 7.5 (High)
PYSEC-2022-159
  • PyPI/scrapy
  • github.com/scrapy/scrapy
 See record for full details 02 Mar 2022
  • Fix available
GHSA-mfjm-vh54-3f96
  • PyPI/scrapy
 Scrapy cookie-setting is not restricted based on the public suffix list 01 Mar 2022
  • Fix available
GHSA-cjvr-mfj7-j4j8
  • PyPI/scrapy
 Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy 01 Mar 2022
  • Fix available
  • Severity - 6.5 (Medium)
PYSEC-2021-363
  • PyPI/scrapy
  • github.com/scrapy/scrapy
 See record for full details 06 Oct 2021
  • Fix available
Load more...(1 page left)