313 matches found
CVE-2021-41124
Scrapy-splash is a library which provides Scrapy and JavaScript integration. In affected versions users who use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for Splash authentication will have any non-Splash request expose your credentials to the request target. This includ...
Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS
Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...
RHEL 10 : brotli (RHSA-2026:0008)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0008 advisory. Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffm...
TencentOS Server 4: brotli (TSSA-2025:0957)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0957 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Denial Of Service (DoS)
Scrapy and brotli is vulnerable to Denial Of Service DoS. The vulnerability is due to inadequate protection against brotli decompression bombs, which allows an attacker to send highly compressed data that expands excessively in memory and crashes the client...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: brotli (UTSA-2025-991041)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991041 advisory. Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism...
OESA-2025-2671 brotli security update
Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...
OESA-2025-2670 brotli security update
Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...
OESA-2025-2669 brotli security update
Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...
OESA-2025-2668 brotli security update
Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...
OESA-2025-2667 brotli security update
Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...
python-Scrapy-doc-2.13.3-2.1 on GA media (moderate)
python-Scrapy-doc-2.13.3-2.1 on GA media Announcement ID: openSUSE-SU-2025:15732-1 Rating: moderate Cross-References: CVE-2025-6176 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...
OPENSUSE-SU-2025:15732-1 python-Scrapy-doc-2.13.3-2.1 on GA media
These are all security issues fixed in the python-Scrapy-doc-2.13.3-2.1 package on the GA media of openSUSE Tumbleweed...
OESA-2025-2645 brotli security update
Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...
CVE-2025-6176
Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...
SUSE CVE-2025-6176
Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...
Allocation of Resources Without Limits or Throttling
Overview Scrapy is a high-level web crawling and web scraping framework, used to crawl websites and extract structured data from their pages. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to insufficient protection against decompressi...
article-extract (>=0.1.2 <=0.1.3), athlinks-races (>=0.0.4 <=0.0.7) +53 more potentially affected by CVE-2025-6176 via scrapy (>=1.3.3 <=2.13.4)
scrapy PYPI version =1.3.3, =0.1.2, =0.0.4, =3.4.0, =2.8.3, =0.0.1.dev1, =1.3.0, =1.2.1.20160901, =0.2.0, =0.0.5, =0.2.4, =0.0.2, =0.3.0a0, =0.0.20, =0.0.34 and more Source cves: CVE-2025-6176 Source advisory: SNYK:PYTHON-SCRAPY-13792895...
EUVD-2025-37237
Brotli is vulnerable to a denial of service DoS attack due to decompression...
article-extract (>=0.1.2 <=0.1.3), athlinks-races (>=0.0.4 <=0.0.7) +53 more potentially affected by CVE-2025-6176 via scrapy (>=1.3.3 <=2.13.3)
scrapy PYPI version =1.3.3, =0.1.2, =0.0.4, =3.4.0, =2.8.3, =0.0.1.dev1, =1.3.0, =1.2.1.20160901, =0.2.0, =0.0.5, =0.2.4, =0.0.2, =0.3.0a0, =0.0.20, =0.0.34 and more Source cves: CVE-2025-6176 Source advisory: OSV:GHSA-2QFP-Q593-8484...