scrapy vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-CWXJ-RR6W-M6W7HighScrapy: Scrapy: Arbitrary Module Import via Referrer-Policy Header in RefererMiddlewareCVE-2025-6176Highbrotli: Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementationGHSA-23J4-MW76-5V7HMediumScrapy: Scrapy allows redirect following in protocols other than HTTPGHSA-JM3V-QXMH-HXWVMediumScrapy: Scrapy's redirects ignoring scheme-specific proxy settingsCVE-2024-1968MediumScrapy: Scrapy leaks the authorization header on same-domain but cross-origin redirectsCVE-2024-3572Highscrapy: Scrapy decompression bomb vulnerabilityCVE-2024-3574Highscrapy: Scrapy authorization header leakage on cross-domain redirectCVE-2024-1892Highscrapy: Scrapy vulnerable to ReDoS via XMLFeedSpiderGHSA-9X8M-2XPF-CRP3Mediumscrapy: Scrapy before 2.6.2 and 1.8.3 vulnerable to one proxy sending credentials to anotherCVE-2017-14158Highscrapy: Scrapy denial of service vulnerabilityGHSA-MFJM-VH54-3F96Mediumscrapy: Scrapy cookie-setting is not restricted based on the public suffix listCVE-2022-0577Mediumscrapy: Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapyCVE-2021-41125MediumScrapy: Scrapy HTTP authentication credentials potentially leaked to target websites

Stop the waste.
Protect your environment with Kodem.