MEDIUM 6.5 PyPI
GHSA-23j4-mw76-5v7h Scrapy allows redirect following in protocols other than HTTP
Modified: 11/28/2024
package
PyPI / scrapy
pkg:pypi/scrapy
HIGH 7.5 PyPI
GHSA-2qfp-q593-8484 · CVE-2025-6176 Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation
Modified: 2/4/2026
MEDIUM 5.9 PyPI
GHSA-4qqq-9vqf-3h3f · CVE-2024-1968, PYSEC-2024-258 Scrapy leaks the authorization header on same-domain but cross-origin redirects
Modified: 7/15/2025
HIGH 7.5 PyPI
GHSA-7j7m-v7m3-jqm7 · CVE-2024-3572 Scrapy decompression bomb vulnerability
Modified: 4/16/2024
MEDIUM PyPI
GHSA-9x8m-2xpf-crp3 Scrapy before 2.6.2 and 1.8.3 vulnerable to one proxy sending credentials to another
Modified: 11/28/2024
HIGH 7.5 PyPI
GHSA-cc65-xxvf-f7r9 · CVE-2024-1892, PYSEC-2024-162 Scrapy vulnerable to ReDoS via XMLFeedSpider
Modified: 1/14/2025
MEDIUM 6.5 PyPI
GHSA-cjvr-mfj7-j4j8 · CVE-2022-0577, PYSEC-2022-159 Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy
Modified: 10/22/2024
HIGH 7.5 PyPI
GHSA-cw9j-q3vf-hrrv · CVE-2024-3574 Scrapy authorization header leakage on cross-domain redirect
Modified: 4/16/2024
HIGH 7.5 PyPI
GHSA-cwxj-rr6w-m6w7 Scrapy: Arbitrary Module Import via Referrer-Policy Header in RefererMiddleware
Modified: 3/14/2026
HIGH 7.5 PyPI
GHSA-h7wm-ph43-c39p · CVE-2017-14158, PYSEC-2017-83 Scrapy denial of service vulnerability
Modified: 5/20/2026
MEDIUM 4.3 PyPI
GHSA-jm3v-qxmh-hxwv Scrapy's redirects ignoring scheme-specific proxy settings
Modified: 11/28/2024
MEDIUM 5.7 PyPI
GHSA-jwqp-28gf-p498 · CVE-2021-41125, PYSEC-2021-363 Scrapy HTTP authentication credentials potentially leaked to target websites
Modified: 3/13/2026
MEDIUM PyPI
GHSA-mfjm-vh54-3f96 Scrapy cookie-setting is not restricted based on the public suffix list
Modified: 12/7/2024
— PyPI
PYSEC-2017-83 · CVE-2017-14158, GHSA-h7wm-ph43-c39p Modified: 10/9/2025
— PyPI
PYSEC-2021-363 · CVE-2021-41125, GHSA-jwqp-28gf-p498 Modified: 11/8/2023
— PyPI
PYSEC-2022-159 · CVE-2022-0577, GHSA-cjvr-mfj7-j4j8 Modified: 10/9/2025
MEDIUM 6.5 PyPI
PYSEC-2024-162 · CVE-2024-1892, GHSA-cc65-xxvf-f7r9 Modified: 6/10/2026
— PyPI
PYSEC-2024-258 · CVE-2024-1968, GHSA-4qqq-9vqf-3h3f Modified: 6/10/2026