Lucene search
+L

313 matches found

OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-32820 Malicious code in scrapy-doc-zh (npm)

The package scrapy-doc-zh was found to contain malicious code...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/06/14 12:0 a.m.9 views

PT-2025-44569

Name of the Vulnerable Software and Affected Versions Scrapy versions up to 2.13.2 Description Scrapy is susceptible to a denial of service DoS attack stemming from an issue in its brotli decompression implementation. The built-in protection against decompression bombs does not effectively addres...

7.8CVSS7.3AI score0.00509EPSS
Exploits0References63
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/10 3:35 a.m.6 views

Malicious code in scrapy-user-agents (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d8ff2592eed2257896f8765049b3073fd6bb14f2696691bb3ed2f8925b0ea1e6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSV
added 2025/06/10 3:35 a.m.2 views

MAL-2025-4880 Malicious code in scrapy-user-agents (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d8ff2592eed2257896f8765049b3073fd6bb14f2696691bb3ed2f8925b0ea1e6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
OpenVAS
OpenVAS
added 2025/05/06 12:0 a.m.21 views

Ubuntu: Security Advisory (USN-7476-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.1AI score0.01243EPSS
Exploits5References2
Ubuntu
Ubuntu
added 2025/05/05 4:31 p.m.20 views

USN-7476-1: Scrapy vulnerabilities

It was discovered that Scrapy improperly exposed HTTP authentication credentials to request targets, including during redirects. An attacker could use this issue to gain unauthorized access to user accounts. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2021-41125 It was...

8.8CVSS7AI score0.01243EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2025/05/05 12:0 a.m.7 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Scrapy vulnerabilities (USN-7476-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7476-1 advisory. It was discovered that Scrapy improperly exposed HTTP authentication credentials to request targets, including during...

8.8CVSS7.1AI score0.01243EPSS
Exploits5References7
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2024-3572

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The scrapy/scrapy project is vulnerable to XML External Entity XXE attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper...

7.5CVSS7.3AI score0.00807EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2024-3574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party...

7.5CVSS7.2AI score0.00642EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2024-1968

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme e.g., HTTPS to HTTP but...

7.5CVSS7.2AI score0.00682EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2024-1892

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Regular Expression Denial of Service ReDoS vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML...

7.5CVSS6.8AI score0.00553EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/05 10:13 a.m.8 views

CVE-2024-3574

In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cross-domain redirect. This vulnerability arises from the failure to remove the Authorization header when redirecting across...

7.5CVSS6.5AI score0.00642EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 10:7 a.m.10 views

CVE-2024-3572

The scrapy/scrapy project is vulnerable to XML External Entity XXE attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, ...

7.5CVSS6.5AI score0.00807EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 5:20 a.m.3 views

CVE-2024-1892

A Regular Expression Denial of Service ReDoS vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker...

7.5CVSS6.6AI score0.00553EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2024/08/06 12:0 a.m.10 views

Fedora: Security Advisory (FEDORA-2024-c27b82d702)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.00682EPSS
Exploits1References8
OpenVAS
OpenVAS
added 2024/08/06 12:0 a.m.11 views

Fedora: Security Advisory (FEDORA-2024-0bd3b1212e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.00682EPSS
Exploits1References8
Fedora
Fedora
added 2024/07/27 1:49 p.m.20 views

[SECURITY] Fedora 39 Update: python-scrapy-2.11.2-1.fc39

Scrapy is a fast high-level screen scraping and web crawling framework, used to crawl websites and extract structured data from their pages. It can be used for a wide range of purposes, from data mining to monitoring and automated testing...

7.5CVSS6.9AI score0.00682EPSS
Exploits1
Fedora
Fedora
added 2024/07/27 1:47 a.m.37 views

[SECURITY] Fedora 40 Update: python-scrapy-2.11.2-1.fc40

Scrapy is a fast high-level screen scraping and web crawling framework, used to crawl websites and extract structured data from their pages. It can be used for a wide range of purposes, from data mining to monitoring and automated testing...

7.5CVSS6.9AI score0.00682EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/07/27 12:0 a.m.12 views

Fedora 40 : python-scrapy (2024-c27b82d702)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-c27b82d702 advisory. - Update to 2.11.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

7.5CVSS7.5AI score0.00682EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/07/27 12:0 a.m.9 views

Fedora 39 : python-scrapy (2024-0bd3b1212e)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-0bd3b1212e advisory. - Update to 2.11.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

7.5CVSS7.5AI score0.00682EPSS
Exploits1References2
Rows per page
Query Builder