Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

scrapy — Vulnerabilities & Security Advisories 7

Browse all 7 CVE security advisories affecting scrapy. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Scrapy is an open-source web scraping framework primarily used for extracting data from websites. Historically, common vulnerabilities include remote code execution through unsafe deserialization and cross-site scripting via improper input handling. Privilege escalation risks have been identified in authentication mechanisms. The project maintains a moderate security posture with seven CVEs recorded, including a critical RCE flaw in 2021 due to insecure template rendering. While no major incidents have been widely documented, the framework's extensive use in data extraction makes it a potential attack vector for malicious actors if not properly configured and maintained. Regular updates and secure coding practices remain essential for mitigating risks.

Top products by scrapy: scrapy/scrapy scrapy
CVE IDTitleCVSSSeverityPublished
CVE-2025-6176 Brotli decompression bomb DoS in scrapy/scrapy — scrapy/scrapyCWE-400 7.5 -2025-10-31
CVE-2024-1968 Authorization Header Leakage in scrapy/scrapy on Scheme Change Redirects — scrapy/scrapyCWE-200 5.3AIMediumAI2024-05-20
CVE-2024-3574 Authorization Header Leak During Cross-Domain Redirect in scrapy/scrapy — scrapy/scrapyCWE-200 8.1 -2024-04-16
CVE-2024-3572 XML External Entity (XXE) Vulnerability in scrapy/scrapy — scrapy/scrapyCWE-409 9.8 -2024-04-16
CVE-2024-1892 ReDoS Vulnerability in scrapy/scrapy's XMLFeedSpider — scrapy/scrapyCWE-1333 7.5 -2024-02-28
CVE-2022-0577 Exposure of Sensitive Information to an Unauthorized Actor in scrapy/scrapy — scrapy/scrapyCWE-200 7.5 -2022-03-02
CVE-2021-41125 HTTP authentication credential leak to target websites in scrapy — scrapyCWE-200 5.7 Medium2021-10-06

This page lists every published CVE security advisory associated with scrapy. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.