Browse all 7 CVE security advisories affecting scrapy. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Scrapy is an open-source web scraping framework primarily used for extracting data from websites. Historically, common vulnerabilities include remote code execution through unsafe deserialization and cross-site scripting via improper input handling. Privilege escalation risks have been identified in authentication mechanisms. The project maintains a moderate security posture with seven CVEs recorded, including a critical RCE flaw in 2021 due to insecure template rendering. While no major incidents have been widely documented, the framework's extensive use in data extraction makes it a potential attack vector for malicious actors if not properly configured and maintained. Regular updates and secure coding practices remain essential for mitigating risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-41125 | HTTP authentication credential leak to target websites in scrapy — scrapyCWE-200 | 5.7 | Medium | 2021-10-06 |
This page lists every published CVE security advisory associated with scrapy. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.