| CVE-2025-6176 |
high |
— |
8.0 |
|
|
|
7mo ago |
RHSA-2026:2389: brotli security update (Important) |
| CVE-2017-14158 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files … |
| CVE-2021-41125 |
medium |
— |
5.5 |
|
|
|
5y ago |
Scrapy is a high-level web crawling and scraping framework for Python. If you use `HttpAuthMiddleware` (i.e. the `http_user` and `http_pass` spider attributes) for HTTP authentication, all requests w… |
| CVE-2024-1968 |
unknown |
— |
— |
|
|
|
2y ago |
In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme (e.g., HTTPS to HTTP) but remain within the same domain. This beha… |
| CVE-2024-3572 |
unknown |
— |
— |
|
|
|
2y ago |
The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allow… |
| CVE-2024-3574 |
unknown |
— |
— |
|
|
|
2y ago |
Scrapy authorization header leakage on cross-domain redirect |
| CVE-2024-1892 |
unknown |
— |
— |
|
|
|
2y ago |
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML cont… |
| CVE-2022-0577 |
unknown |
— |
— |
|
|
|
4y ago |
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1. |
