Live data from GitHub and PyPI, updated daily.
Data last fetched: 2026-05-15
10 active CVEs reported via OSV.dev
Scrapy allows redirect following in protocols other than HTTP
Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation
Scrapy leaks the authorization header on same-domain but cross-origin redirects
Scrapy decompression bomb vulnerability
Scrapy before 2.6.2 and 1.8.3 vulnerable to one proxy sending credentials to another
Scrapy vulnerable to ReDoS via XMLFeedSpider
Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy
Scrapy authorization header leakage on cross-domain redirect
Scrapy: Arbitrary Module Import via Referrer-Policy Header in RefererMiddleware
Scrapy denial of service vulnerability
Other Developer Tools projects in the Python ecosystem worth evaluating.
Get SLA-backed support, security patches, and direct access to senior engineers for Scrapy โ without relying on volunteer maintainers.
Talk to an Expert โ