Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pillow@8.1.1
Typepypi
Namespace
Namepillow
Version8.1.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version12.1.1
Latest_non_vulnerable_version12.2.0
Affected_by_vulnerabilities
0
url VCID-19e1-19hk-duet
vulnerability_id VCID-19e1-19hk-duet
summary Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-45198
reference_id
reference_type
scores
0
value 0.0028
scoring_system epss
scoring_elements 0.5136
published_at 2026-04-04T12:55:00Z
1
value 0.0028
scoring_system epss
scoring_elements 0.5141
published_at 2026-04-21T12:55:00Z
2
value 0.0028
scoring_system epss
scoring_elements 0.5143
published_at 2026-04-18T12:55:00Z
3
value 0.0028
scoring_system epss
scoring_elements 0.51422
published_at 2026-04-16T12:55:00Z
4
value 0.0028
scoring_system epss
scoring_elements 0.51379
published_at 2026-04-13T12:55:00Z
5
value 0.0028
scoring_system epss
scoring_elements 0.51393
published_at 2026-04-12T12:55:00Z
6
value 0.0028
scoring_system epss
scoring_elements 0.51414
published_at 2026-04-11T12:55:00Z
7
value 0.0028
scoring_system epss
scoring_elements 0.51371
published_at 2026-04-09T12:55:00Z
8
value 0.0028
scoring_system epss
scoring_elements 0.51373
published_at 2026-04-08T12:55:00Z
9
value 0.0028
scoring_system epss
scoring_elements 0.51319
published_at 2026-04-07T12:55:00Z
10
value 0.00297
scoring_system epss
scoring_elements 0.53076
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-45198
1
reference_url https://bugs.gentoo.org/855683
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.gentoo.org/855683
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45198
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45198
3
reference_url https://cwe.mitre.org/data/definitions/409.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwe.mitre.org/data/definitions/409.html
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-42979.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-42979.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4
8
reference_url https://github.com/python-pillow/Pillow/pull/6402
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/6402
9
reference_url https://github.com/python-pillow/Pillow/pull/6402/commits/c9f1b35e981075110a23487a8d4a6cbb59a588ea
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/6402/commits/c9f1b35e981075110a23487a8d4a6cbb59a588ea
10
reference_url https://github.com/python-pillow/Pillow/releases/tag/9.2.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/releases/tag/9.2.0
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-45198
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-45198
12
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202211-10
13
reference_url https://github.com/advisories/GHSA-m2vv-5vj5-2hm7
reference_id GHSA-m2vv-5vj5-2hm7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m2vv-5vj5-2hm7
14
reference_url https://usn.ubuntu.com/5777-1/
reference_id USN-5777-1
reference_type
scores
url https://usn.ubuntu.com/5777-1/
15
reference_url https://usn.ubuntu.com/USN-5777-2/
reference_id USN-USN-5777-2
reference_type
scores
url https://usn.ubuntu.com/USN-5777-2/
fixed_packages
0
url pkg:pypi/pillow@9.2.0
purl pkg:pypi/pillow@9.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4n96-uzyf-tud6
1
vulnerability VCID-5rv4-k1q9-zue2
2
vulnerability VCID-64n5-pugj-vue8
3
vulnerability VCID-9ckw-ra54-z3b7
4
vulnerability VCID-d7uf-zdbv-sba1
5
vulnerability VCID-n1hp-atex-ubh4
6
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.2.0
aliases BIT-pillow-2022-45198, CVE-2022-45198, GHSA-m2vv-5vj5-2hm7, PYSEC-2022-42979
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-19e1-19hk-duet
1
url VCID-1vt7-c6e3-7qc8
vulnerability_id VCID-1vt7-c6e3-7qc8
summary The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23437.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23437.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-23437
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45314
published_at 2026-04-01T12:55:00Z
1
value 0.00226
scoring_system epss
scoring_elements 0.45402
published_at 2026-04-21T12:55:00Z
2
value 0.00226
scoring_system epss
scoring_elements 0.45452
published_at 2026-04-18T12:55:00Z
3
value 0.00226
scoring_system epss
scoring_elements 0.45456
published_at 2026-04-16T12:55:00Z
4
value 0.00226
scoring_system epss
scoring_elements 0.45405
published_at 2026-04-13T12:55:00Z
5
value 0.00226
scoring_system epss
scoring_elements 0.45404
published_at 2026-04-12T12:55:00Z
6
value 0.00226
scoring_system epss
scoring_elements 0.45434
published_at 2026-04-11T12:55:00Z
7
value 0.00226
scoring_system epss
scoring_elements 0.45412
published_at 2026-04-09T12:55:00Z
8
value 0.00226
scoring_system epss
scoring_elements 0.45357
published_at 2026-04-07T12:55:00Z
9
value 0.00226
scoring_system epss
scoring_elements 0.45414
published_at 2026-04-04T12:55:00Z
10
value 0.00226
scoring_system epss
scoring_elements 0.45394
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-23437
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-98vv-pw6r-q6q4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-98vv-pw6r-q6q4
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-317.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-317.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b
8
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html
14
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202211-10
15
reference_url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2001907
reference_id 2001907
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2001907
17
reference_url https://security.archlinux.org/AVG-2366
reference_id AVG-2366
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2366
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23437
reference_id CVE-2021-23437
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-23437
19
reference_url https://usn.ubuntu.com/5227-1/
reference_id USN-5227-1
reference_type
scores
url https://usn.ubuntu.com/5227-1/
20
reference_url https://usn.ubuntu.com/5227-2/
reference_id USN-5227-2
reference_type
scores
url https://usn.ubuntu.com/5227-2/
fixed_packages
0
url pkg:pypi/pillow@8.3.2
purl pkg:pypi/pillow@8.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-5rv4-k1q9-zue2
2
vulnerability VCID-64n5-pugj-vue8
3
vulnerability VCID-9ckw-ra54-z3b7
4
vulnerability VCID-brp2-dtrf-jyfr
5
vulnerability VCID-d7uf-zdbv-sba1
6
vulnerability VCID-df4x-jt3h-17hx
7
vulnerability VCID-dpc3-td9q-dyee
8
vulnerability VCID-g46h-p8jk-cuhc
9
vulnerability VCID-n1hp-atex-ubh4
10
vulnerability VCID-q4bb-qnxe-8bfa
11
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.3.2
aliases BIT-pillow-2021-23437, CVE-2021-23437, GHSA-98vv-pw6r-q6q4, PYSEC-2021-317, SNYK-PYTHON-PILLOW-1319443
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1vt7-c6e3-7qc8
2
url VCID-3qb5-8p8w-gkad
vulnerability_id VCID-3qb5-8p8w-gkad
summary Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27921.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27921.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27921
reference_id
reference_type
scores
0
value 0.00419
scoring_system epss
scoring_elements 0.61759
published_at 2026-04-01T12:55:00Z
1
value 0.00419
scoring_system epss
scoring_elements 0.61937
published_at 2026-04-18T12:55:00Z
2
value 0.00419
scoring_system epss
scoring_elements 0.61933
published_at 2026-04-16T12:55:00Z
3
value 0.00419
scoring_system epss
scoring_elements 0.61889
published_at 2026-04-13T12:55:00Z
4
value 0.00419
scoring_system epss
scoring_elements 0.61909
published_at 2026-04-12T12:55:00Z
5
value 0.00419
scoring_system epss
scoring_elements 0.61921
published_at 2026-04-11T12:55:00Z
6
value 0.00419
scoring_system epss
scoring_elements 0.619
published_at 2026-04-09T12:55:00Z
7
value 0.00419
scoring_system epss
scoring_elements 0.61885
published_at 2026-04-08T12:55:00Z
8
value 0.00419
scoring_system epss
scoring_elements 0.61835
published_at 2026-04-07T12:55:00Z
9
value 0.00419
scoring_system epss
scoring_elements 0.61864
published_at 2026-04-04T12:55:00Z
10
value 0.00419
scoring_system epss
scoring_elements 0.61833
published_at 2026-04-02T12:55:00Z
11
value 0.00425
scoring_system epss
scoring_elements 0.62258
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27921
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27921
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27921
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-f4w8-cv6p-x6r5
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f4w8-cv6p-x6r5
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-40.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-40.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27921
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27921
18
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
19
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
20
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1935384
reference_id 1935384
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1935384
22
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
23
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
24
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
25
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.2
purl pkg:pypi/pillow@8.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3uk9-eds5-rkgc
3
vulnerability VCID-5rv4-k1q9-zue2
4
vulnerability VCID-64n5-pugj-vue8
5
vulnerability VCID-9ckw-ra54-z3b7
6
vulnerability VCID-aubw-tsmn-ffcq
7
vulnerability VCID-brp2-dtrf-jyfr
8
vulnerability VCID-d7uf-zdbv-sba1
9
vulnerability VCID-df4x-jt3h-17hx
10
vulnerability VCID-dpc3-td9q-dyee
11
vulnerability VCID-g46h-p8jk-cuhc
12
vulnerability VCID-n1hp-atex-ubh4
13
vulnerability VCID-n1w5-f5p7-xuhb
14
vulnerability VCID-q4bb-qnxe-8bfa
15
vulnerability VCID-ue18-zzau-x7hy
16
vulnerability VCID-vdzj-kqfy-d3b7
17
vulnerability VCID-vwbu-ruxm-tbh4
18
vulnerability VCID-vyzt-df2u-h3cc
19
vulnerability VCID-w9uy-fnpm-cbak
20
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2
aliases BIT-pillow-2021-27921, CVE-2021-27921, GHSA-f4w8-cv6p-x6r5, PYSEC-2021-40
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3qb5-8p8w-gkad
3
url VCID-3uk9-eds5-rkgc
vulnerability_id VCID-3uk9-eds5-rkgc
summary An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28675.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28675.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28675
reference_id
reference_type
scores
0
value 0.00115
scoring_system epss
scoring_elements 0.30183
published_at 2026-04-01T12:55:00Z
1
value 0.00115
scoring_system epss
scoring_elements 0.3008
published_at 2026-04-18T12:55:00Z
2
value 0.00115
scoring_system epss
scoring_elements 0.301
published_at 2026-04-16T12:55:00Z
3
value 0.00115
scoring_system epss
scoring_elements 0.30086
published_at 2026-04-13T12:55:00Z
4
value 0.00115
scoring_system epss
scoring_elements 0.30135
published_at 2026-04-12T12:55:00Z
5
value 0.00115
scoring_system epss
scoring_elements 0.30179
published_at 2026-04-11T12:55:00Z
6
value 0.00115
scoring_system epss
scoring_elements 0.30176
published_at 2026-04-09T12:55:00Z
7
value 0.00115
scoring_system epss
scoring_elements 0.3014
published_at 2026-04-08T12:55:00Z
8
value 0.00115
scoring_system epss
scoring_elements 0.30081
published_at 2026-04-07T12:55:00Z
9
value 0.00115
scoring_system epss
scoring_elements 0.30263
published_at 2026-04-04T12:55:00Z
10
value 0.00115
scoring_system epss
scoring_elements 0.30214
published_at 2026-04-02T12:55:00Z
11
value 0.00148
scoring_system epss
scoring_elements 0.35257
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28675
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28675
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28675
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-g6rj-rv7j-xwp4
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-g6rj-rv7j-xwp4
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-139.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-139.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/pull/5377/commits/22e9bee4ef225c0edbb9323f94c26cee0c623497
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5377/commits/22e9bee4ef225c0edbb9323f94c26cee0c623497
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28675
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28675
11
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
12
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1958240
reference_id 1958240
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1958240
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
reference_id 989062
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
15
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
16
reference_url https://usn.ubuntu.com/4963-1/
reference_id USN-4963-1
reference_type
scores
url https://usn.ubuntu.com/4963-1/
17
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-5rv4-k1q9-zue2
3
vulnerability VCID-64n5-pugj-vue8
4
vulnerability VCID-9ckw-ra54-z3b7
5
vulnerability VCID-brp2-dtrf-jyfr
6
vulnerability VCID-d7uf-zdbv-sba1
7
vulnerability VCID-df4x-jt3h-17hx
8
vulnerability VCID-dpc3-td9q-dyee
9
vulnerability VCID-g46h-p8jk-cuhc
10
vulnerability VCID-n1hp-atex-ubh4
11
vulnerability VCID-q4bb-qnxe-8bfa
12
vulnerability VCID-vdzj-kqfy-d3b7
13
vulnerability VCID-w9uy-fnpm-cbak
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases BIT-pillow-2021-28675, CVE-2021-28675, GHSA-g6rj-rv7j-xwp4, PYSEC-2021-139
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3uk9-eds5-rkgc
4
url VCID-53ac-ceq4-qkhf
vulnerability_id VCID-53ac-ceq4-qkhf
summary Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27922.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27922.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27922
reference_id
reference_type
scores
0
value 0.00145
scoring_system epss
scoring_elements 0.34909
published_at 2026-04-02T12:55:00Z
1
value 0.00145
scoring_system epss
scoring_elements 0.34859
published_at 2026-04-08T12:55:00Z
2
value 0.00145
scoring_system epss
scoring_elements 0.34701
published_at 2026-04-01T12:55:00Z
3
value 0.00145
scoring_system epss
scoring_elements 0.34814
published_at 2026-04-07T12:55:00Z
4
value 0.00145
scoring_system epss
scoring_elements 0.34936
published_at 2026-04-04T12:55:00Z
5
value 0.00145
scoring_system epss
scoring_elements 0.34853
published_at 2026-04-18T12:55:00Z
6
value 0.00145
scoring_system epss
scoring_elements 0.34869
published_at 2026-04-16T12:55:00Z
7
value 0.00145
scoring_system epss
scoring_elements 0.3483
published_at 2026-04-13T12:55:00Z
8
value 0.00145
scoring_system epss
scoring_elements 0.34854
published_at 2026-04-12T12:55:00Z
9
value 0.00145
scoring_system epss
scoring_elements 0.34891
published_at 2026-04-11T12:55:00Z
10
value 0.00145
scoring_system epss
scoring_elements 0.34887
published_at 2026-04-09T12:55:00Z
11
value 0.00315
scoring_system epss
scoring_elements 0.54591
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27922
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27922
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27922
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-3wvg-mj6g-m9cv
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3wvg-mj6g-m9cv
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-41.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-41.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27922
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27922
18
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
19
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
20
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1935396
reference_id 1935396
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1935396
22
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
23
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
24
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
25
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.2
purl pkg:pypi/pillow@8.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3uk9-eds5-rkgc
3
vulnerability VCID-5rv4-k1q9-zue2
4
vulnerability VCID-64n5-pugj-vue8
5
vulnerability VCID-9ckw-ra54-z3b7
6
vulnerability VCID-aubw-tsmn-ffcq
7
vulnerability VCID-brp2-dtrf-jyfr
8
vulnerability VCID-d7uf-zdbv-sba1
9
vulnerability VCID-df4x-jt3h-17hx
10
vulnerability VCID-dpc3-td9q-dyee
11
vulnerability VCID-g46h-p8jk-cuhc
12
vulnerability VCID-n1hp-atex-ubh4
13
vulnerability VCID-n1w5-f5p7-xuhb
14
vulnerability VCID-q4bb-qnxe-8bfa
15
vulnerability VCID-ue18-zzau-x7hy
16
vulnerability VCID-vdzj-kqfy-d3b7
17
vulnerability VCID-vwbu-ruxm-tbh4
18
vulnerability VCID-vyzt-df2u-h3cc
19
vulnerability VCID-w9uy-fnpm-cbak
20
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2
aliases BIT-pillow-2021-27922, CVE-2021-27922, GHSA-3wvg-mj6g-m9cv, PYSEC-2021-41
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-53ac-ceq4-qkhf
5
url VCID-5rv4-k1q9-zue2
vulnerability_id VCID-5rv4-k1q9-zue2
summary Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.
references
0
reference_url https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
reference_id
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5129
reference_id
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-5129
fixed_packages
0
url pkg:pypi/pillow@10.0.1
purl pkg:pypi/pillow@10.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-64n5-pugj-vue8
1
vulnerability VCID-9ckw-ra54-z3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.1
aliases PYSEC-2023-175
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5rv4-k1q9-zue2
6
url VCID-64n5-pugj-vue8
vulnerability_id VCID-64n5-pugj-vue8
summary 
Pillow buffer overflow vulnerability
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28219.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28219.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28219
reference_id
reference_type
scores
0
value 0.00261
scoring_system epss
scoring_elements 0.49512
published_at 2026-04-21T12:55:00Z
1
value 0.00261
scoring_system epss
scoring_elements 0.49541
published_at 2026-04-18T12:55:00Z
2
value 0.00261
scoring_system epss
scoring_elements 0.49543
published_at 2026-04-16T12:55:00Z
3
value 0.00261
scoring_system epss
scoring_elements 0.49496
published_at 2026-04-13T12:55:00Z
4
value 0.00261
scoring_system epss
scoring_elements 0.49494
published_at 2026-04-12T12:55:00Z
5
value 0.00261
scoring_system epss
scoring_elements 0.49522
published_at 2026-04-11T12:55:00Z
6
value 0.00261
scoring_system epss
scoring_elements 0.49505
published_at 2026-04-09T12:55:00Z
7
value 0.00261
scoring_system epss
scoring_elements 0.49509
published_at 2026-04-08T12:55:00Z
8
value 0.00261
scoring_system epss
scoring_elements 0.49454
published_at 2026-04-07T12:55:00Z
9
value 0.00261
scoring_system epss
scoring_elements 0.49502
published_at 2026-04-04T12:55:00Z
10
value 0.00261
scoring_system epss
scoring_elements 0.49475
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28219
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061
8
reference_url https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:R
2
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-03T18:09:55Z/
url https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28219
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28219
11
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:R
1
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-03T18:09:55Z/
url https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2272563
reference_id 2272563
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2272563
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M/
reference_id 4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:R
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-03T18:09:55Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M/
14
reference_url https://github.com/advisories/GHSA-44wm-f244-xhp3
reference_id GHSA-44wm-f244-xhp3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-44wm-f244-xhp3
15
reference_url https://security.gentoo.org/glsa/202411-07
reference_id GLSA-202411-07
reference_type
scores
url https://security.gentoo.org/glsa/202411-07
16
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
17
reference_url https://access.redhat.com/errata/RHSA-2024:4227
reference_id RHSA-2024:4227
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4227
18
reference_url https://access.redhat.com/errata/RHSA-2024:5662
reference_id RHSA-2024:5662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5662
19
reference_url https://usn.ubuntu.com/6744-1/
reference_id USN-6744-1
reference_type
scores
url https://usn.ubuntu.com/6744-1/
20
reference_url https://usn.ubuntu.com/6744-2/
reference_id USN-6744-2
reference_type
scores
url https://usn.ubuntu.com/6744-2/
21
reference_url https://usn.ubuntu.com/6744-3/
reference_id USN-6744-3
reference_type
scores
url https://usn.ubuntu.com/6744-3/
fixed_packages
0
url pkg:pypi/pillow@10.3.0
purl pkg:pypi/pillow@10.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-67yw-ej31-8ub1
1
vulnerability VCID-ca8h-871t-t3dd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.3.0
aliases CVE-2024-28219, GHSA-44wm-f244-xhp3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-64n5-pugj-vue8
7
url VCID-9ckw-ra54-z3b7
vulnerability_id VCID-9ckw-ra54-z3b7
summary 
Arbitrary Code Execution in Pillow
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50447.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50447.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-50447
reference_id
reference_type
scores
0
value 0.00713
scoring_system epss
scoring_elements 0.72354
published_at 2026-04-21T12:55:00Z
1
value 0.00754
scoring_system epss
scoring_elements 0.73261
published_at 2026-04-16T12:55:00Z
2
value 0.00754
scoring_system epss
scoring_elements 0.73218
published_at 2026-04-13T12:55:00Z
3
value 0.00754
scoring_system epss
scoring_elements 0.73225
published_at 2026-04-12T12:55:00Z
4
value 0.00754
scoring_system epss
scoring_elements 0.73244
published_at 2026-04-11T12:55:00Z
5
value 0.00754
scoring_system epss
scoring_elements 0.73219
published_at 2026-04-09T12:55:00Z
6
value 0.00754
scoring_system epss
scoring_elements 0.7327
published_at 2026-04-18T12:55:00Z
7
value 0.00775
scoring_system epss
scoring_elements 0.73555
published_at 2026-04-02T12:55:00Z
8
value 0.00775
scoring_system epss
scoring_elements 0.73586
published_at 2026-04-08T12:55:00Z
9
value 0.00775
scoring_system epss
scoring_elements 0.7355
published_at 2026-04-07T12:55:00Z
10
value 0.00775
scoring_system epss
scoring_elements 0.73578
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-50447
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219
5
reference_url https://devhub.checkmarx.com/cve-details/CVE-2023-50447
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://devhub.checkmarx.com/cve-details/CVE-2023-50447
6
reference_url https://duartecsantos.github.io/2023-01-02-CVE-2023-50447
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://duartecsantos.github.io/2023-01-02-CVE-2023-50447
7
reference_url https://duartecsantos.github.io/2024-01-02-CVE-2023-50447
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://duartecsantos.github.io/2024-01-02-CVE-2023-50447
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
10
reference_url https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a
11
reference_url https://github.com/python-pillow/Pillow/releases
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/
url https://github.com/python-pillow/Pillow/releases
12
reference_url https://lists.debian.org/debian-lts-announce/2024/01/msg00019.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/
url https://lists.debian.org/debian-lts-announce/2024/01/msg00019.html
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50447
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-50447
14
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#security
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#security
15
reference_url http://www.openwall.com/lists/oss-security/2024/01/20/1
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/
url http://www.openwall.com/lists/oss-security/2024/01/20/1
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061172
reference_id 1061172
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061172
17
reference_url https://duartecsantos.github.io/2024-01-02-CVE-2023-50447/
reference_id 2024-01-02-CVE-2023-50447
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/
url https://duartecsantos.github.io/2024-01-02-CVE-2023-50447/
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2259479
reference_id 2259479
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2259479
19
reference_url https://devhub.checkmarx.com/cve-details/CVE-2023-50447/
reference_id CVE-2023-50447
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/
url https://devhub.checkmarx.com/cve-details/CVE-2023-50447/
20
reference_url https://github.com/advisories/GHSA-3f63-hfp8-52jq
reference_id GHSA-3f63-hfp8-52jq
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3f63-hfp8-52jq
21
reference_url https://security.gentoo.org/glsa/202405-12
reference_id GLSA-202405-12
reference_type
scores
url https://security.gentoo.org/glsa/202405-12
22
reference_url https://access.redhat.com/errata/RHSA-2024:0754
reference_id RHSA-2024:0754
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0754
23
reference_url https://access.redhat.com/errata/RHSA-2024:0857
reference_id RHSA-2024:0857
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0857
24
reference_url https://access.redhat.com/errata/RHSA-2024:0893
reference_id RHSA-2024:0893
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0893
25
reference_url https://access.redhat.com/errata/RHSA-2024:1058
reference_id RHSA-2024:1058
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1058
26
reference_url https://access.redhat.com/errata/RHSA-2024:1059
reference_id RHSA-2024:1059
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1059
27
reference_url https://access.redhat.com/errata/RHSA-2024:1060
reference_id RHSA-2024:1060
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1060
28
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
29
reference_url https://usn.ubuntu.com/6618-1/
reference_id USN-6618-1
reference_type
scores
url https://usn.ubuntu.com/6618-1/
30
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@10.2.0
purl pkg:pypi/pillow@10.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-64n5-pugj-vue8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.2.0
aliases CVE-2023-50447, GHSA-3f63-hfp8-52jq
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ckw-ra54-z3b7
8
url VCID-aubw-tsmn-ffcq
vulnerability_id VCID-aubw-tsmn-ffcq
summary An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28677.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28677.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28677
reference_id
reference_type
scores
0
value 0.00263
scoring_system epss
scoring_elements 0.49763
published_at 2026-04-18T12:55:00Z
1
value 0.00263
scoring_system epss
scoring_elements 0.49716
published_at 2026-04-13T12:55:00Z
2
value 0.00263
scoring_system epss
scoring_elements 0.49715
published_at 2026-04-12T12:55:00Z
3
value 0.00263
scoring_system epss
scoring_elements 0.49743
published_at 2026-04-11T12:55:00Z
4
value 0.00263
scoring_system epss
scoring_elements 0.49731
published_at 2026-04-08T12:55:00Z
5
value 0.00263
scoring_system epss
scoring_elements 0.49676
published_at 2026-04-07T12:55:00Z
6
value 0.00263
scoring_system epss
scoring_elements 0.49726
published_at 2026-04-09T12:55:00Z
7
value 0.00263
scoring_system epss
scoring_elements 0.49698
published_at 2026-04-02T12:55:00Z
8
value 0.00263
scoring_system epss
scoring_elements 0.49667
published_at 2026-04-01T12:55:00Z
9
value 0.00271
scoring_system epss
scoring_elements 0.5057
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28677
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28677
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28677
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-q5hq-fp76-qmrc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-q5hq-fp76-qmrc
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-93.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-93.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92
8
reference_url https://github.com/python-pillow/Pillow/pull/5377
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5377
9
reference_url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28677
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28677
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open
14
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1958257
reference_id 1958257
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1958257
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
reference_id 989062
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
17
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
18
reference_url https://usn.ubuntu.com/4963-1/
reference_id USN-4963-1
reference_type
scores
url https://usn.ubuntu.com/4963-1/
19
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-5rv4-k1q9-zue2
3
vulnerability VCID-64n5-pugj-vue8
4
vulnerability VCID-9ckw-ra54-z3b7
5
vulnerability VCID-brp2-dtrf-jyfr
6
vulnerability VCID-d7uf-zdbv-sba1
7
vulnerability VCID-df4x-jt3h-17hx
8
vulnerability VCID-dpc3-td9q-dyee
9
vulnerability VCID-g46h-p8jk-cuhc
10
vulnerability VCID-n1hp-atex-ubh4
11
vulnerability VCID-q4bb-qnxe-8bfa
12
vulnerability VCID-vdzj-kqfy-d3b7
13
vulnerability VCID-w9uy-fnpm-cbak
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases BIT-pillow-2021-28677, CVE-2021-28677, GHSA-q5hq-fp76-qmrc, PYSEC-2021-93
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aubw-tsmn-ffcq
9
url VCID-brp2-dtrf-jyfr
vulnerability_id VCID-brp2-dtrf-jyfr
summary Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24303.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24303.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24303
reference_id
reference_type
scores
0
value 0.01428
scoring_system epss
scoring_elements 0.8067
published_at 2026-04-21T12:55:00Z
1
value 0.01428
scoring_system epss
scoring_elements 0.80668
published_at 2026-04-18T12:55:00Z
2
value 0.01428
scoring_system epss
scoring_elements 0.80666
published_at 2026-04-16T12:55:00Z
3
value 0.01428
scoring_system epss
scoring_elements 0.80637
published_at 2026-04-13T12:55:00Z
4
value 0.01428
scoring_system epss
scoring_elements 0.80645
published_at 2026-04-12T12:55:00Z
5
value 0.01428
scoring_system epss
scoring_elements 0.80658
published_at 2026-04-11T12:55:00Z
6
value 0.01428
scoring_system epss
scoring_elements 0.80642
published_at 2026-04-09T12:55:00Z
7
value 0.01428
scoring_system epss
scoring_elements 0.80632
published_at 2026-04-08T12:55:00Z
8
value 0.01428
scoring_system epss
scoring_elements 0.80605
published_at 2026-04-07T12:55:00Z
9
value 0.01428
scoring_system epss
scoring_elements 0.80612
published_at 2026-04-04T12:55:00Z
10
value 0.01428
scoring_system epss
scoring_elements 0.8059
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24303
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24303
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-9j59-75qj-795w
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-9j59-75qj-795w
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-168.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-168.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1172
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1172
8
reference_url https://github.com/python-pillow/Pillow/commit/10c4f75aaa383bd9671e923e3b91d391ea12d781
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/10c4f75aaa383bd9671e923e3b91d391ea12d781
9
reference_url https://github.com/python-pillow/Pillow/commit/143032103c9f2d55a0a7960bd3e630cb72549e8a
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/143032103c9f2d55a0a7960bd3e630cb72549e8a
10
reference_url https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26
11
reference_url https://github.com/python-pillow/Pillow/pull/3450
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/3450
12
reference_url https://github.com/python-pillow/Pillow/pull/6010
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/6010
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W4ZUXPKEX72O3E5IHBPVY5ZCPMJ4GHHV
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W4ZUXPKEX72O3E5IHBPVY5ZCPMJ4GHHV
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XR6UP2XONXOVXI4446VY72R63YRO2YTP
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XR6UP2XONXOVXI4446VY72R63YRO2YTP
15
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
16
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202211-10
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2052682
reference_id 2052682
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2052682
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24303
reference_id CVE-2022-24303
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24303
19
reference_url https://usn.ubuntu.com/5777-1/
reference_id USN-5777-1
reference_type
scores
url https://usn.ubuntu.com/5777-1/
20
reference_url https://usn.ubuntu.com/USN-5777-2/
reference_id USN-USN-5777-2
reference_type
scores
url https://usn.ubuntu.com/USN-5777-2/
fixed_packages
0
url pkg:pypi/pillow@9.0.1
purl pkg:pypi/pillow@9.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-5rv4-k1q9-zue2
2
vulnerability VCID-64n5-pugj-vue8
3
vulnerability VCID-9ckw-ra54-z3b7
4
vulnerability VCID-d7uf-zdbv-sba1
5
vulnerability VCID-n1hp-atex-ubh4
6
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.1
aliases BIT-pillow-2022-24303, CVE-2022-24303, GHSA-9j59-75qj-795w, GMS-2022-348, PYSEC-2022-168
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-brp2-dtrf-jyfr
10
url VCID-d7uf-zdbv-sba1
vulnerability_id VCID-d7uf-zdbv-sba1
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-175.yaml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-175.yaml
1
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
2
reference_url https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5129
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5129
5
reference_url https://github.com/advisories/GHSA-56pw-mpj4-fxww
reference_id GHSA-56pw-mpj4-fxww
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-56pw-mpj4-fxww
fixed_packages
0
url pkg:pypi/pillow@10.0.1
purl pkg:pypi/pillow@10.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-64n5-pugj-vue8
1
vulnerability VCID-9ckw-ra54-z3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.1
aliases GHSA-56pw-mpj4-fxww, GMS-2023-3137
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d7uf-zdbv-sba1
11
url VCID-df4x-jt3h-17hx
vulnerability_id VCID-df4x-jt3h-17hx
summary path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22816.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22816.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22816
reference_id
reference_type
scores
0
value 0.00137
scoring_system epss
scoring_elements 0.3348
published_at 2026-04-21T12:55:00Z
1
value 0.00137
scoring_system epss
scoring_elements 0.33514
published_at 2026-04-18T12:55:00Z
2
value 0.00137
scoring_system epss
scoring_elements 0.33537
published_at 2026-04-16T12:55:00Z
3
value 0.00137
scoring_system epss
scoring_elements 0.33656
published_at 2026-04-04T12:55:00Z
4
value 0.00137
scoring_system epss
scoring_elements 0.33623
published_at 2026-04-02T12:55:00Z
5
value 0.00137
scoring_system epss
scoring_elements 0.33501
published_at 2026-04-13T12:55:00Z
6
value 0.00137
scoring_system epss
scoring_elements 0.33525
published_at 2026-04-12T12:55:00Z
7
value 0.00137
scoring_system epss
scoring_elements 0.33567
published_at 2026-04-11T12:55:00Z
8
value 0.00137
scoring_system epss
scoring_elements 0.33573
published_at 2026-04-09T12:55:00Z
9
value 0.00137
scoring_system epss
scoring_elements 0.33539
published_at 2026-04-08T12:55:00Z
10
value 0.00137
scoring_system epss
scoring_elements 0.33495
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22816
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-xrcv-f9gm-v42c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-xrcv-f9gm-v42c
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-9.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-9.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
10
reference_url https://github.com/python-pillow/Pillow/commit/5543e4e2d409cd9e409bc64cdc77be0af007a31f
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/5543e4e2d409cd9e409bc64cdc77be0af007a31f
11
reference_url https://github.com/python-pillow/Pillow/pull/5920
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5920
12
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
14
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202211-10
15
reference_url https://www.debian.org/security/2022/dsa-5053
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5053
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2042522
reference_id 2042522
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2042522
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22816
reference_id CVE-2022-22816
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22816
18
reference_url https://access.redhat.com/errata/RHSA-2022:0609
reference_id RHSA-2022:0609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0609
19
reference_url https://access.redhat.com/errata/RHSA-2022:0643
reference_id RHSA-2022:0643
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0643
20
reference_url https://access.redhat.com/errata/RHSA-2022:0665
reference_id RHSA-2022:0665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0665
21
reference_url https://access.redhat.com/errata/RHSA-2022:0667
reference_id RHSA-2022:0667
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0667
22
reference_url https://access.redhat.com/errata/RHSA-2022:0669
reference_id RHSA-2022:0669
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0669
23
reference_url https://usn.ubuntu.com/5227-1/
reference_id USN-5227-1
reference_type
scores
url https://usn.ubuntu.com/5227-1/
24
reference_url https://usn.ubuntu.com/5227-2/
reference_id USN-5227-2
reference_type
scores
url https://usn.ubuntu.com/5227-2/
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-5rv4-k1q9-zue2
2
vulnerability VCID-64n5-pugj-vue8
3
vulnerability VCID-9ckw-ra54-z3b7
4
vulnerability VCID-brp2-dtrf-jyfr
5
vulnerability VCID-d7uf-zdbv-sba1
6
vulnerability VCID-n1hp-atex-ubh4
7
vulnerability VCID-q4bb-qnxe-8bfa
8
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
aliases BIT-pillow-2022-22816, CVE-2022-22816, GHSA-xrcv-f9gm-v42c, PYSEC-2022-9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-df4x-jt3h-17hx
12
url VCID-dpc3-td9q-dyee
vulnerability_id VCID-dpc3-td9q-dyee
summary path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22815.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22815.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22815
reference_id
reference_type
scores
0
value 0.00095
scoring_system epss
scoring_elements 0.26277
published_at 2026-04-21T12:55:00Z
1
value 0.00095
scoring_system epss
scoring_elements 0.26314
published_at 2026-04-18T12:55:00Z
2
value 0.00095
scoring_system epss
scoring_elements 0.2634
published_at 2026-04-16T12:55:00Z
3
value 0.00095
scoring_system epss
scoring_elements 0.26332
published_at 2026-04-13T12:55:00Z
4
value 0.00095
scoring_system epss
scoring_elements 0.2639
published_at 2026-04-12T12:55:00Z
5
value 0.00095
scoring_system epss
scoring_elements 0.26436
published_at 2026-04-11T12:55:00Z
6
value 0.00095
scoring_system epss
scoring_elements 0.26428
published_at 2026-04-09T12:55:00Z
7
value 0.00095
scoring_system epss
scoring_elements 0.26377
published_at 2026-04-08T12:55:00Z
8
value 0.00095
scoring_system epss
scoring_elements 0.2631
published_at 2026-04-07T12:55:00Z
9
value 0.00095
scoring_system epss
scoring_elements 0.26529
published_at 2026-04-04T12:55:00Z
10
value 0.00095
scoring_system epss
scoring_elements 0.26486
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22815
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-pw3c-h7wp-cvhx
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-pw3c-h7wp-cvhx
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-8.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-8.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
10
reference_url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1187
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1187
11
reference_url https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c
12
reference_url https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c
13
reference_url https://github.com/python-pillow/Pillow/pull/5920
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5920
14
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
15
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
16
reference_url https://www.debian.org/security/2022/dsa-5053
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5053
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2042511
reference_id 2042511
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2042511
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22815
reference_id CVE-2022-22815
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22815
19
reference_url https://access.redhat.com/errata/RHSA-2022:0643
reference_id RHSA-2022:0643
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0643
20
reference_url https://usn.ubuntu.com/5227-1/
reference_id USN-5227-1
reference_type
scores
url https://usn.ubuntu.com/5227-1/
21
reference_url https://usn.ubuntu.com/5227-2/
reference_id USN-5227-2
reference_type
scores
url https://usn.ubuntu.com/5227-2/
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-5rv4-k1q9-zue2
2
vulnerability VCID-64n5-pugj-vue8
3
vulnerability VCID-9ckw-ra54-z3b7
4
vulnerability VCID-brp2-dtrf-jyfr
5
vulnerability VCID-d7uf-zdbv-sba1
6
vulnerability VCID-n1hp-atex-ubh4
7
vulnerability VCID-q4bb-qnxe-8bfa
8
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
aliases BIT-pillow-2022-22815, CVE-2022-22815, GHSA-pw3c-h7wp-cvhx, PYSEC-2022-8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dpc3-td9q-dyee
13
url VCID-g46h-p8jk-cuhc
vulnerability_id VCID-g46h-p8jk-cuhc
summary 
Infinite loop in Pillow
JpegImagePlugin may append an EOF marker to the end of a truncated file, so that the last segment of the data will still be processed by the decoder.

If the EOF marker is not detected as such however, this could lead to an infinite loop where JpegImagePlugin keeps trying to end the file.
references
0
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
1
reference_url https://github.com/python-pillow/Pillow/commit/baae9ec4b67c68e3adaf1208cf54e8de5e38a6fd
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/baae9ec4b67c68e3adaf1208cf54e8de5e38a6fd
2
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#ensure-jpegimageplugin-stops-at-the-end-of-a-truncated-file
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#ensure-jpegimageplugin-stops-at-the-end-of-a-truncated-file
3
reference_url https://github.com/advisories/GHSA-4fx9-vc88-q2xc
reference_id GHSA-4fx9-vc88-q2xc
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4fx9-vc88-q2xc
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-5rv4-k1q9-zue2
2
vulnerability VCID-64n5-pugj-vue8
3
vulnerability VCID-9ckw-ra54-z3b7
4
vulnerability VCID-brp2-dtrf-jyfr
5
vulnerability VCID-d7uf-zdbv-sba1
6
vulnerability VCID-n1hp-atex-ubh4
7
vulnerability VCID-q4bb-qnxe-8bfa
8
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
aliases GHSA-4fx9-vc88-q2xc, GMS-2022-347
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g46h-p8jk-cuhc
14
url VCID-gvjw-funa-sqak
vulnerability_id VCID-gvjw-funa-sqak
summary Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27923.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27923.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27923
reference_id
reference_type
scores
0
value 0.00419
scoring_system epss
scoring_elements 0.61835
published_at 2026-04-07T12:55:00Z
1
value 0.00419
scoring_system epss
scoring_elements 0.61885
published_at 2026-04-08T12:55:00Z
2
value 0.00419
scoring_system epss
scoring_elements 0.61759
published_at 2026-04-01T12:55:00Z
3
value 0.00419
scoring_system epss
scoring_elements 0.61833
published_at 2026-04-02T12:55:00Z
4
value 0.00419
scoring_system epss
scoring_elements 0.61864
published_at 2026-04-04T12:55:00Z
5
value 0.00419
scoring_system epss
scoring_elements 0.61937
published_at 2026-04-18T12:55:00Z
6
value 0.00419
scoring_system epss
scoring_elements 0.61933
published_at 2026-04-16T12:55:00Z
7
value 0.00419
scoring_system epss
scoring_elements 0.61889
published_at 2026-04-13T12:55:00Z
8
value 0.00419
scoring_system epss
scoring_elements 0.61909
published_at 2026-04-12T12:55:00Z
9
value 0.00419
scoring_system epss
scoring_elements 0.61921
published_at 2026-04-11T12:55:00Z
10
value 0.00419
scoring_system epss
scoring_elements 0.619
published_at 2026-04-09T12:55:00Z
11
value 0.00425
scoring_system epss
scoring_elements 0.62258
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27923
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27923
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27923
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-95q3-8gr9-gm8w
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-95q3-8gr9-gm8w
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-42.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-42.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27923
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27923
18
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
19
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
20
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1935401
reference_id 1935401
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1935401
22
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
23
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
24
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
25
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.2
purl pkg:pypi/pillow@8.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3uk9-eds5-rkgc
3
vulnerability VCID-5rv4-k1q9-zue2
4
vulnerability VCID-64n5-pugj-vue8
5
vulnerability VCID-9ckw-ra54-z3b7
6
vulnerability VCID-aubw-tsmn-ffcq
7
vulnerability VCID-brp2-dtrf-jyfr
8
vulnerability VCID-d7uf-zdbv-sba1
9
vulnerability VCID-df4x-jt3h-17hx
10
vulnerability VCID-dpc3-td9q-dyee
11
vulnerability VCID-g46h-p8jk-cuhc
12
vulnerability VCID-n1hp-atex-ubh4
13
vulnerability VCID-n1w5-f5p7-xuhb
14
vulnerability VCID-q4bb-qnxe-8bfa
15
vulnerability VCID-ue18-zzau-x7hy
16
vulnerability VCID-vdzj-kqfy-d3b7
17
vulnerability VCID-vwbu-ruxm-tbh4
18
vulnerability VCID-vyzt-df2u-h3cc
19
vulnerability VCID-w9uy-fnpm-cbak
20
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2
aliases BIT-pillow-2021-27923, CVE-2021-27923, GHSA-95q3-8gr9-gm8w, PYSEC-2021-42
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gvjw-funa-sqak
15
url VCID-n1hp-atex-ubh4
vulnerability_id VCID-n1hp-atex-ubh4
summary An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44271.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44271.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-44271
reference_id
reference_type
scores
0
value 0.00218
scoring_system epss
scoring_elements 0.44438
published_at 2026-04-18T12:55:00Z
1
value 0.00218
scoring_system epss
scoring_elements 0.44447
published_at 2026-04-16T12:55:00Z
2
value 0.00218
scoring_system epss
scoring_elements 0.44392
published_at 2026-04-12T12:55:00Z
3
value 0.00218
scoring_system epss
scoring_elements 0.44391
published_at 2026-04-13T12:55:00Z
4
value 0.00218
scoring_system epss
scoring_elements 0.44406
published_at 2026-04-09T12:55:00Z
5
value 0.00218
scoring_system epss
scoring_elements 0.44399
published_at 2026-04-08T12:55:00Z
6
value 0.00218
scoring_system epss
scoring_elements 0.44347
published_at 2026-04-07T12:55:00Z
7
value 0.00218
scoring_system epss
scoring_elements 0.44413
published_at 2026-04-04T12:55:00Z
8
value 0.00218
scoring_system epss
scoring_elements 0.44423
published_at 2026-04-11T12:55:00Z
9
value 0.00224
scoring_system epss
scoring_elements 0.45083
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-44271
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219
5
reference_url https://devhub.checkmarx.com/cve-details/CVE-2023-44271/
reference_id
reference_type
scores
url https://devhub.checkmarx.com/cve-details/CVE-2023-44271/
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-227.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-227.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7
10
reference_url https://github.com/python-pillow/Pillow/pull/7244
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/7244
11
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2247820
reference_id 2247820
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2247820
14
reference_url https://devhub.checkmarx.com/cve-details/CVE-2023-44271
reference_id CVE-2023-44271
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://devhub.checkmarx.com/cve-details/CVE-2023-44271
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-44271
reference_id CVE-2023-44271
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-44271
16
reference_url https://github.com/advisories/GHSA-8ghj-p4vj-mr35
reference_id GHSA-8ghj-p4vj-mr35
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8ghj-p4vj-mr35
17
reference_url https://security.gentoo.org/glsa/202405-12
reference_id GLSA-202405-12
reference_type
scores
url https://security.gentoo.org/glsa/202405-12
18
reference_url https://access.redhat.com/errata/RHSA-2024:0345
reference_id RHSA-2024:0345
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0345
19
reference_url https://access.redhat.com/errata/RHSA-2024:1057
reference_id RHSA-2024:1057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1057
20
reference_url https://access.redhat.com/errata/RHSA-2024:3005
reference_id RHSA-2024:3005
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3005
21
reference_url https://usn.ubuntu.com/6618-1/
reference_id USN-6618-1
reference_type
scores
url https://usn.ubuntu.com/6618-1/
22
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@10.0.0
purl pkg:pypi/pillow@10.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5rv4-k1q9-zue2
1
vulnerability VCID-64n5-pugj-vue8
2
vulnerability VCID-9ckw-ra54-z3b7
3
vulnerability VCID-d7uf-zdbv-sba1
4
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.0
aliases BIT-pillow-2023-44271, CVE-2023-44271, GHSA-8ghj-p4vj-mr35, PYSEC-2023-227
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n1hp-atex-ubh4
16
url VCID-n1w5-f5p7-xuhb
vulnerability_id VCID-n1w5-f5p7-xuhb
summary An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25287.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25287.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25287
reference_id
reference_type
scores
0
value 0.00343
scoring_system epss
scoring_elements 0.57007
published_at 2026-04-18T12:55:00Z
1
value 0.00343
scoring_system epss
scoring_elements 0.5701
published_at 2026-04-16T12:55:00Z
2
value 0.00343
scoring_system epss
scoring_elements 0.56981
published_at 2026-04-13T12:55:00Z
3
value 0.00343
scoring_system epss
scoring_elements 0.57005
published_at 2026-04-12T12:55:00Z
4
value 0.00343
scoring_system epss
scoring_elements 0.57025
published_at 2026-04-11T12:55:00Z
5
value 0.00343
scoring_system epss
scoring_elements 0.57014
published_at 2026-04-09T12:55:00Z
6
value 0.00343
scoring_system epss
scoring_elements 0.57011
published_at 2026-04-08T12:55:00Z
7
value 0.00343
scoring_system epss
scoring_elements 0.56963
published_at 2026-04-02T12:55:00Z
8
value 0.00343
scoring_system epss
scoring_elements 0.56961
published_at 2026-04-07T12:55:00Z
9
value 0.00343
scoring_system epss
scoring_elements 0.56985
published_at 2026-04-04T12:55:00Z
10
value 0.00343
scoring_system epss
scoring_elements 0.56866
published_at 2026-04-01T12:55:00Z
11
value 0.00353
scoring_system epss
scoring_elements 0.57699
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25287
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-77gc-v2xv-rvvh
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-77gc-v2xv-rvvh
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-137.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-137.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
8
reference_url https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
9
reference_url https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25287
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25287
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
14
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1958226
reference_id 1958226
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1958226
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
reference_id 989062
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
17
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
18
reference_url https://usn.ubuntu.com/4963-1/
reference_id USN-4963-1
reference_type
scores
url https://usn.ubuntu.com/4963-1/
19
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-5rv4-k1q9-zue2
3
vulnerability VCID-64n5-pugj-vue8
4
vulnerability VCID-9ckw-ra54-z3b7
5
vulnerability VCID-brp2-dtrf-jyfr
6
vulnerability VCID-d7uf-zdbv-sba1
7
vulnerability VCID-df4x-jt3h-17hx
8
vulnerability VCID-dpc3-td9q-dyee
9
vulnerability VCID-g46h-p8jk-cuhc
10
vulnerability VCID-n1hp-atex-ubh4
11
vulnerability VCID-q4bb-qnxe-8bfa
12
vulnerability VCID-vdzj-kqfy-d3b7
13
vulnerability VCID-w9uy-fnpm-cbak
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases BIT-pillow-2021-25287, CVE-2021-25287, GHSA-77gc-v2xv-rvvh, PYSEC-2021-137
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n1w5-f5p7-xuhb
17
url VCID-q4bb-qnxe-8bfa
vulnerability_id VCID-q4bb-qnxe-8bfa
summary PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22817.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22817.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22817
reference_id
reference_type
scores
0
value 0.02781
scoring_system epss
scoring_elements 0.86079
published_at 2026-04-21T12:55:00Z
1
value 0.02781
scoring_system epss
scoring_elements 0.86086
published_at 2026-04-18T12:55:00Z
2
value 0.02781
scoring_system epss
scoring_elements 0.86081
published_at 2026-04-16T12:55:00Z
3
value 0.02781
scoring_system epss
scoring_elements 0.86064
published_at 2026-04-13T12:55:00Z
4
value 0.02781
scoring_system epss
scoring_elements 0.86068
published_at 2026-04-12T12:55:00Z
5
value 0.02781
scoring_system epss
scoring_elements 0.86071
published_at 2026-04-11T12:55:00Z
6
value 0.02781
scoring_system epss
scoring_elements 0.86057
published_at 2026-04-09T12:55:00Z
7
value 0.02781
scoring_system epss
scoring_elements 0.86047
published_at 2026-04-08T12:55:00Z
8
value 0.02781
scoring_system epss
scoring_elements 0.86027
published_at 2026-04-07T12:55:00Z
9
value 0.02781
scoring_system epss
scoring_elements 0.86028
published_at 2026-04-04T12:55:00Z
10
value 0.02781
scoring_system epss
scoring_elements 0.86011
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22817
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-8vj2-vxx3-667w
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-8vj2-vxx3-667w
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-10.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-10.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11
10
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
11
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
12
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
14
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://security.gentoo.org/glsa/202211-10
15
reference_url https://www.debian.org/security/2022/dsa-5053
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://www.debian.org/security/2022/dsa-5053
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2042527
reference_id 2042527
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2042527
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22817
reference_id CVE-2022-22817
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22817
18
reference_url https://access.redhat.com/errata/RHSA-2022:0609
reference_id RHSA-2022:0609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0609
19
reference_url https://access.redhat.com/errata/RHSA-2022:0643
reference_id RHSA-2022:0643
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0643
20
reference_url https://access.redhat.com/errata/RHSA-2022:0665
reference_id RHSA-2022:0665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0665
21
reference_url https://access.redhat.com/errata/RHSA-2022:0667
reference_id RHSA-2022:0667
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0667
22
reference_url https://access.redhat.com/errata/RHSA-2022:0669
reference_id RHSA-2022:0669
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0669
23
reference_url https://usn.ubuntu.com/5227-1/
reference_id USN-5227-1
reference_type
scores
url https://usn.ubuntu.com/5227-1/
24
reference_url https://usn.ubuntu.com/5227-2/
reference_id USN-5227-2
reference_type
scores
url https://usn.ubuntu.com/5227-2/
25
reference_url https://usn.ubuntu.com/5227-3/
reference_id USN-5227-3
reference_type
scores
url https://usn.ubuntu.com/5227-3/
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-5rv4-k1q9-zue2
2
vulnerability VCID-64n5-pugj-vue8
3
vulnerability VCID-9ckw-ra54-z3b7
4
vulnerability VCID-brp2-dtrf-jyfr
5
vulnerability VCID-d7uf-zdbv-sba1
6
vulnerability VCID-n1hp-atex-ubh4
7
vulnerability VCID-q4bb-qnxe-8bfa
8
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
1
url pkg:pypi/pillow@9.0.1
purl pkg:pypi/pillow@9.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-5rv4-k1q9-zue2
2
vulnerability VCID-64n5-pugj-vue8
3
vulnerability VCID-9ckw-ra54-z3b7
4
vulnerability VCID-d7uf-zdbv-sba1
5
vulnerability VCID-n1hp-atex-ubh4
6
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.1
aliases BIT-pillow-2022-22817, CVE-2022-22817, GHSA-8vj2-vxx3-667w, PYSEC-2022-10
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q4bb-qnxe-8bfa
18
url VCID-ue18-zzau-x7hy
vulnerability_id VCID-ue18-zzau-x7hy
summary An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25288.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25288.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25288
reference_id
reference_type
scores
0
value 0.00267
scoring_system epss
scoring_elements 0.50231
published_at 2026-04-18T12:55:00Z
1
value 0.00267
scoring_system epss
scoring_elements 0.5023
published_at 2026-04-16T12:55:00Z
2
value 0.00267
scoring_system epss
scoring_elements 0.50186
published_at 2026-04-13T12:55:00Z
3
value 0.00267
scoring_system epss
scoring_elements 0.50224
published_at 2026-04-11T12:55:00Z
4
value 0.00267
scoring_system epss
scoring_elements 0.50196
published_at 2026-04-09T12:55:00Z
5
value 0.00267
scoring_system epss
scoring_elements 0.50203
published_at 2026-04-08T12:55:00Z
6
value 0.00267
scoring_system epss
scoring_elements 0.50149
published_at 2026-04-07T12:55:00Z
7
value 0.00267
scoring_system epss
scoring_elements 0.50125
published_at 2026-04-01T12:55:00Z
8
value 0.00267
scoring_system epss
scoring_elements 0.50198
published_at 2026-04-12T12:55:00Z
9
value 0.00267
scoring_system epss
scoring_elements 0.50171
published_at 2026-04-02T12:55:00Z
10
value 0.00274
scoring_system epss
scoring_elements 0.50917
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25288
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25288
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25288
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-rwv7-3v45-hg29
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rwv7-3v45-hg29
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-138.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-138.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
8
reference_url https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25288
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25288
12
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
13
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1958231
reference_id 1958231
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1958231
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
reference_id 989062
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
16
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
17
reference_url https://usn.ubuntu.com/4963-1/
reference_id USN-4963-1
reference_type
scores
url https://usn.ubuntu.com/4963-1/
18
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-5rv4-k1q9-zue2
3
vulnerability VCID-64n5-pugj-vue8
4
vulnerability VCID-9ckw-ra54-z3b7
5
vulnerability VCID-brp2-dtrf-jyfr
6
vulnerability VCID-d7uf-zdbv-sba1
7
vulnerability VCID-df4x-jt3h-17hx
8
vulnerability VCID-dpc3-td9q-dyee
9
vulnerability VCID-g46h-p8jk-cuhc
10
vulnerability VCID-n1hp-atex-ubh4
11
vulnerability VCID-q4bb-qnxe-8bfa
12
vulnerability VCID-vdzj-kqfy-d3b7
13
vulnerability VCID-w9uy-fnpm-cbak
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases BIT-pillow-2021-25288, CVE-2021-25288, GHSA-rwv7-3v45-hg29, PYSEC-2021-138
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ue18-zzau-x7hy
19
url VCID-vdzj-kqfy-d3b7
vulnerability_id VCID-vdzj-kqfy-d3b7
summary 
libwebp: OOB write in BuildHuffmanTable
Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4863.json
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4863.json
1
reference_url https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway
2
reference_url https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-4863
reference_id
reference_type
scores
0
value 0.93606
scoring_system epss
scoring_elements 0.99837
published_at 2026-04-18T12:55:00Z
1
value 0.93606
scoring_system epss
scoring_elements 0.99835
published_at 2026-04-07T12:55:00Z
2
value 0.93606
scoring_system epss
scoring_elements 0.99836
published_at 2026-04-13T12:55:00Z
3
value 0.94083
scoring_system epss
scoring_elements 0.99905
published_at 2026-04-12T12:55:00Z
4
value 0.94117
scoring_system epss
scoring_elements 0.99911
published_at 2026-04-21T12:55:00Z
5
value 0.94117
scoring_system epss
scoring_elements 0.99909
published_at 2026-04-04T12:55:00Z
6
value 0.94117
scoring_system epss
scoring_elements 0.9991
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-4863
4
reference_url https://blog.isosceles.com/the-webp-0day
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.isosceles.com/the-webp-0day
5
reference_url https://bugzilla.suse.com/show_bug.cgi?id=1215231
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://bugzilla.suse.com/show_bug.cgi?id=1215231
6
reference_url https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
7
reference_url https://crbug.com/1479274
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://crbug.com/1479274
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863
9
reference_url https://en.bandisoft.com/honeyview/history
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://en.bandisoft.com/honeyview/history
10
reference_url https://en.bandisoft.com/honeyview/history/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://en.bandisoft.com/honeyview/history/
11
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
12
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0
13
reference_url https://github.com/electron/electron/pull/39823
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/39823
14
reference_url https://github.com/electron/electron/pull/39825
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/39825
15
reference_url https://github.com/electron/electron/pull/39826
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/39826
16
reference_url https://github.com/electron/electron/pull/39827
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/39827
17
reference_url https://github.com/electron/electron/pull/39828
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/39828
18
reference_url https://github.com/ImageMagick/ImageMagick/discussions/6664
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/discussions/6664
19
reference_url https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc
20
reference_url https://github.com/jaredforth/webp/pull/30
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jaredforth/webp/pull/30
21
reference_url https://github.com/python-pillow/Pillow/pull/7395
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/7395
22
reference_url https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b
23
reference_url https://github.com/qnighy/libwebp-sys2-rs/pull/21
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/qnighy/libwebp-sys2-rs/pull/21
24
reference_url https://github.com/webmproject/libwebp
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/webmproject/libwebp
25
reference_url https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a
26
reference_url https://github.com/webmproject/libwebp/releases/tag/v1.3.2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://github.com/webmproject/libwebp/releases/tag/v1.3.2
27
reference_url https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html
28
reference_url https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html
29
reference_url https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html
30
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT
31
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/
32
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645
33
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/
34
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/
37
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX
38
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/
39
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB
40
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/
41
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I
42
reference_url https://news.ycombinator.com/item?id=37478403
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://news.ycombinator.com/item?id=37478403
43
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
44
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security
45
reference_url https://rustsec.org/advisories/RUSTSEC-2023-0060.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2023-0060.html
46
reference_url https://rustsec.org/advisories/RUSTSEC-2023-0061.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2023-0061.html
47
reference_url https://security.gentoo.org/glsa/202309-05
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://security.gentoo.org/glsa/202309-05
48
reference_url https://security.gentoo.org/glsa/202401-10
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://security.gentoo.org/glsa/202401-10
49
reference_url https://security.netapp.com/advisory/ntap-20230929-0011
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230929-0011
50
reference_url https://sethmlarson.dev/security-developer-in-residence-weekly-report-16
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://sethmlarson.dev/security-developer-in-residence-weekly-report-16
51
reference_url https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863
52
reference_url https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/
53
reference_url https://www.bentley.com/advisories/be-2023-0001
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.bentley.com/advisories/be-2023-0001
54
reference_url https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks
55
reference_url https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/
56
reference_url https://www.debian.org/security/2023/dsa-5496
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://www.debian.org/security/2023/dsa-5496
57
reference_url https://www.debian.org/security/2023/dsa-5497
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://www.debian.org/security/2023/dsa-5497
58
reference_url https://www.debian.org/security/2023/dsa-5498
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://www.debian.org/security/2023/dsa-5498
59
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2023-40
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value critical
scoring_system generic_textual
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2023-40
60
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
61
reference_url https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863
62
reference_url http://www.openwall.com/lists/oss-security/2023/09/21/4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/21/4
63
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/1
64
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/3
65
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/4
66
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/5
67
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/6
68
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/7
69
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/8
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/8
70
reference_url http://www.openwall.com/lists/oss-security/2023/09/26/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/26/1
71
reference_url http://www.openwall.com/lists/oss-security/2023/09/26/7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/26/7
72
reference_url http://www.openwall.com/lists/oss-security/2023/09/28/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/28/1
73
reference_url http://www.openwall.com/lists/oss-security/2023/09/28/2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/28/2
74
reference_url http://www.openwall.com/lists/oss-security/2023/09/28/4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/28/4
75
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051787
reference_id 1051787
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051787
76
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2238431
reference_id 2238431
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2238431
77
reference_url https://www.bentley.com/advisories/be-2023-0001/
reference_id be-2023-0001
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://www.bentley.com/advisories/be-2023-0001/
78
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863
reference_id CVE-2023-4863
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863
79
reference_url https://security-tracker.debian.org/tracker/CVE-2023-4863
reference_id CVE-2023-4863
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://security-tracker.debian.org/tracker/CVE-2023-4863
80
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/
reference_id KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/
81
reference_url https://security.netapp.com/advisory/ntap-20230929-0011/
reference_id ntap-20230929-0011
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://security.netapp.com/advisory/ntap-20230929-0011/
82
reference_url https://access.redhat.com/errata/RHSA-2023:5183
reference_id RHSA-2023:5183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5183
83
reference_url https://access.redhat.com/errata/RHSA-2023:5184
reference_id RHSA-2023:5184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5184
84
reference_url https://access.redhat.com/errata/RHSA-2023:5185
reference_id RHSA-2023:5185
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5185
85
reference_url https://access.redhat.com/errata/RHSA-2023:5186
reference_id RHSA-2023:5186
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5186
86
reference_url https://access.redhat.com/errata/RHSA-2023:5187
reference_id RHSA-2023:5187
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5187
87
reference_url https://access.redhat.com/errata/RHSA-2023:5188
reference_id RHSA-2023:5188
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5188
88
reference_url https://access.redhat.com/errata/RHSA-2023:5189
reference_id RHSA-2023:5189
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5189
89
reference_url https://access.redhat.com/errata/RHSA-2023:5190
reference_id RHSA-2023:5190
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5190
90
reference_url https://access.redhat.com/errata/RHSA-2023:5191
reference_id RHSA-2023:5191
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5191
91
reference_url https://access.redhat.com/errata/RHSA-2023:5192
reference_id RHSA-2023:5192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5192
92
reference_url https://access.redhat.com/errata/RHSA-2023:5197
reference_id RHSA-2023:5197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5197
93
reference_url https://access.redhat.com/errata/RHSA-2023:5198
reference_id RHSA-2023:5198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5198
94
reference_url https://access.redhat.com/errata/RHSA-2023:5200
reference_id RHSA-2023:5200
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5200
95
reference_url https://access.redhat.com/errata/RHSA-2023:5201
reference_id RHSA-2023:5201
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5201
96
reference_url https://access.redhat.com/errata/RHSA-2023:5202
reference_id RHSA-2023:5202
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5202
97
reference_url https://access.redhat.com/errata/RHSA-2023:5204
reference_id RHSA-2023:5204
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5204
98
reference_url https://access.redhat.com/errata/RHSA-2023:5205
reference_id RHSA-2023:5205
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5205
99
reference_url https://access.redhat.com/errata/RHSA-2023:5214
reference_id RHSA-2023:5214
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5214
100
reference_url https://access.redhat.com/errata/RHSA-2023:5222
reference_id RHSA-2023:5222
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5222
101
reference_url https://access.redhat.com/errata/RHSA-2023:5223
reference_id RHSA-2023:5223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5223
102
reference_url https://access.redhat.com/errata/RHSA-2023:5224
reference_id RHSA-2023:5224
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5224
103
reference_url https://access.redhat.com/errata/RHSA-2023:5236
reference_id RHSA-2023:5236
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5236
104
reference_url https://access.redhat.com/errata/RHSA-2023:5309
reference_id RHSA-2023:5309
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5309
105
reference_url https://usn.ubuntu.com/6367-1/
reference_id USN-6367-1
reference_type
scores
url https://usn.ubuntu.com/6367-1/
106
reference_url https://usn.ubuntu.com/6368-1/
reference_id USN-6368-1
reference_type
scores
url https://usn.ubuntu.com/6368-1/
107
reference_url https://usn.ubuntu.com/6369-1/
reference_id USN-6369-1
reference_type
scores
url https://usn.ubuntu.com/6369-1/
108
reference_url https://usn.ubuntu.com/6369-2/
reference_id USN-6369-2
reference_type
scores
url https://usn.ubuntu.com/6369-2/
fixed_packages
0
url pkg:pypi/pillow@10.0.1
purl pkg:pypi/pillow@10.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-64n5-pugj-vue8
1
vulnerability VCID-9ckw-ra54-z3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.1
aliases CVE-2023-4863, GHSA-j7hp-h8jx-5ppr
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vdzj-kqfy-d3b7
20
url VCID-vwbu-ruxm-tbh4
vulnerability_id VCID-vwbu-ruxm-tbh4
summary An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25291.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25291.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25291
reference_id
reference_type
scores
0
value 0.00536
scoring_system epss
scoring_elements 0.67398
published_at 2026-04-01T12:55:00Z
1
value 0.00536
scoring_system epss
scoring_elements 0.67503
published_at 2026-04-21T12:55:00Z
2
value 0.00536
scoring_system epss
scoring_elements 0.67524
published_at 2026-04-18T12:55:00Z
3
value 0.00536
scoring_system epss
scoring_elements 0.67512
published_at 2026-04-16T12:55:00Z
4
value 0.00536
scoring_system epss
scoring_elements 0.67476
published_at 2026-04-13T12:55:00Z
5
value 0.00536
scoring_system epss
scoring_elements 0.6751
published_at 2026-04-12T12:55:00Z
6
value 0.00536
scoring_system epss
scoring_elements 0.67523
published_at 2026-04-11T12:55:00Z
7
value 0.00536
scoring_system epss
scoring_elements 0.675
published_at 2026-04-09T12:55:00Z
8
value 0.00536
scoring_system epss
scoring_elements 0.67486
published_at 2026-04-08T12:55:00Z
9
value 0.00536
scoring_system epss
scoring_elements 0.67455
published_at 2026-04-04T12:55:00Z
10
value 0.00536
scoring_system epss
scoring_elements 0.67434
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25291
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25291
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25291
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-mvg9-xffr-p774
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-mvg9-xffr-p774
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-37.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-37.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/8b8076bdcb3815be0ef0d279651d8d1342b8ea61
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/8b8076bdcb3815be0ef0d279651d8d1342b8ea61
8
reference_url https://github.com/python-pillow/Pillow/commit/cbdce6c5d054fccaf4af34b47f212355c64ace7a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/cbdce6c5d054fccaf4af34b47f212355c64ace7a
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25291
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25291
10
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
11
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1934692
reference_id 1934692
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1934692
13
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
14
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
15
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-5rv4-k1q9-zue2
3
vulnerability VCID-64n5-pugj-vue8
4
vulnerability VCID-9ckw-ra54-z3b7
5
vulnerability VCID-brp2-dtrf-jyfr
6
vulnerability VCID-d7uf-zdbv-sba1
7
vulnerability VCID-df4x-jt3h-17hx
8
vulnerability VCID-dpc3-td9q-dyee
9
vulnerability VCID-g46h-p8jk-cuhc
10
vulnerability VCID-n1hp-atex-ubh4
11
vulnerability VCID-q4bb-qnxe-8bfa
12
vulnerability VCID-vdzj-kqfy-d3b7
13
vulnerability VCID-w9uy-fnpm-cbak
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases BIT-pillow-2021-25291, CVE-2021-25291, GHSA-mvg9-xffr-p774, PYSEC-2021-37
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vwbu-ruxm-tbh4
21
url VCID-vyzt-df2u-h3cc
vulnerability_id VCID-vyzt-df2u-h3cc
summary An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28678.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28678.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28678
reference_id
reference_type
scores
0
value 0.0011
scoring_system epss
scoring_elements 0.29345
published_at 2026-04-21T12:55:00Z
1
value 0.0011
scoring_system epss
scoring_elements 0.2939
published_at 2026-04-18T12:55:00Z
2
value 0.0011
scoring_system epss
scoring_elements 0.29417
published_at 2026-04-16T12:55:00Z
3
value 0.0011
scoring_system epss
scoring_elements 0.29397
published_at 2026-04-13T12:55:00Z
4
value 0.0011
scoring_system epss
scoring_elements 0.29449
published_at 2026-04-12T12:55:00Z
5
value 0.0011
scoring_system epss
scoring_elements 0.29494
published_at 2026-04-11T12:55:00Z
6
value 0.0011
scoring_system epss
scoring_elements 0.29453
published_at 2026-04-01T12:55:00Z
7
value 0.0011
scoring_system epss
scoring_elements 0.29492
published_at 2026-04-09T12:55:00Z
8
value 0.0011
scoring_system epss
scoring_elements 0.29451
published_at 2026-04-08T12:55:00Z
9
value 0.0011
scoring_system epss
scoring_elements 0.29388
published_at 2026-04-07T12:55:00Z
10
value 0.0011
scoring_system epss
scoring_elements 0.29567
published_at 2026-04-04T12:55:00Z
11
value 0.0011
scoring_system epss
scoring_elements 0.29518
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28678
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28678
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28678
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-hjfx-8p6c-g7gx
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hjfx-8p6c-g7gx
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-94.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-94.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/pull/5377
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5377
8
reference_url https://github.com/python-pillow/Pillow/pull/5377/commits/496245aa4365d0827390bd0b6fbd11287453b3a1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5377/commits/496245aa4365d0827390bd0b6fbd11287453b3a1
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28678
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28678
12
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
13
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1958263
reference_id 1958263
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1958263
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
reference_id 989062
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
16
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
17
reference_url https://usn.ubuntu.com/4963-1/
reference_id USN-4963-1
reference_type
scores
url https://usn.ubuntu.com/4963-1/
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-5rv4-k1q9-zue2
3
vulnerability VCID-64n5-pugj-vue8
4
vulnerability VCID-9ckw-ra54-z3b7
5
vulnerability VCID-brp2-dtrf-jyfr
6
vulnerability VCID-d7uf-zdbv-sba1
7
vulnerability VCID-df4x-jt3h-17hx
8
vulnerability VCID-dpc3-td9q-dyee
9
vulnerability VCID-g46h-p8jk-cuhc
10
vulnerability VCID-n1hp-atex-ubh4
11
vulnerability VCID-q4bb-qnxe-8bfa
12
vulnerability VCID-vdzj-kqfy-d3b7
13
vulnerability VCID-w9uy-fnpm-cbak
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases BIT-pillow-2021-28678, CVE-2021-28678, GHSA-hjfx-8p6c-g7gx, PYSEC-2021-94
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vyzt-df2u-h3cc
22
url VCID-w9uy-fnpm-cbak
vulnerability_id VCID-w9uy-fnpm-cbak
summary Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34552.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34552.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-34552
reference_id
reference_type
scores
0
value 0.00337
scoring_system epss
scoring_elements 0.56536
published_at 2026-04-21T12:55:00Z
1
value 0.00337
scoring_system epss
scoring_elements 0.56566
published_at 2026-04-18T12:55:00Z
2
value 0.00337
scoring_system epss
scoring_elements 0.56532
published_at 2026-04-13T12:55:00Z
3
value 0.00337
scoring_system epss
scoring_elements 0.56551
published_at 2026-04-12T12:55:00Z
4
value 0.00337
scoring_system epss
scoring_elements 0.56575
published_at 2026-04-11T12:55:00Z
5
value 0.00337
scoring_system epss
scoring_elements 0.56565
published_at 2026-04-16T12:55:00Z
6
value 0.00337
scoring_system epss
scoring_elements 0.5656
published_at 2026-04-08T12:55:00Z
7
value 0.00337
scoring_system epss
scoring_elements 0.5651
published_at 2026-04-07T12:55:00Z
8
value 0.00337
scoring_system epss
scoring_elements 0.5653
published_at 2026-04-04T12:55:00Z
9
value 0.00337
scoring_system epss
scoring_elements 0.56508
published_at 2026-04-02T12:55:00Z
10
value 0.00337
scoring_system epss
scoring_elements 0.5641
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-34552
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34552
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34552
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-7534-mm45-c74v
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-7534-mm45-c74v
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-331.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-331.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/31c473898c29d1b7cb6555ce67d9503a4906b83f
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/31c473898c29d1b7cb6555ce67d9503a4906b83f
8
reference_url https://github.com/python-pillow/Pillow/pull/5567
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5567
9
reference_url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/
14
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow
15
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
16
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202211-10
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1982378
reference_id 1982378
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1982378
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991293
reference_id 991293
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991293
19
reference_url https://security.archlinux.org/ASA-202107-26
reference_id ASA-202107-26
reference_type
scores
url https://security.archlinux.org/ASA-202107-26
20
reference_url https://security.archlinux.org/AVG-2150
reference_id AVG-2150
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2150
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-34552
reference_id CVE-2021-34552
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-34552
22
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
23
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
24
reference_url https://usn.ubuntu.com/5227-1/
reference_id USN-5227-1
reference_type
scores
url https://usn.ubuntu.com/5227-1/
25
reference_url https://usn.ubuntu.com/5227-2/
reference_id USN-5227-2
reference_type
scores
url https://usn.ubuntu.com/5227-2/
fixed_packages
0
url pkg:pypi/pillow@8.3.0
purl pkg:pypi/pillow@8.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-5rv4-k1q9-zue2
3
vulnerability VCID-64n5-pugj-vue8
4
vulnerability VCID-9ckw-ra54-z3b7
5
vulnerability VCID-brp2-dtrf-jyfr
6
vulnerability VCID-d7uf-zdbv-sba1
7
vulnerability VCID-df4x-jt3h-17hx
8
vulnerability VCID-dpc3-td9q-dyee
9
vulnerability VCID-g46h-p8jk-cuhc
10
vulnerability VCID-n1hp-atex-ubh4
11
vulnerability VCID-q4bb-qnxe-8bfa
12
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.3.0
aliases BIT-pillow-2021-34552, CVE-2021-34552, GHSA-7534-mm45-c74v, PYSEC-2021-331
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w9uy-fnpm-cbak
23
url VCID-xesd-d294-7fcx
vulnerability_id VCID-xesd-d294-7fcx
summary An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28676.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28676.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28676
reference_id
reference_type
scores
0
value 0.00366
scoring_system epss
scoring_elements 0.58516
published_at 2026-04-01T12:55:00Z
1
value 0.00366
scoring_system epss
scoring_elements 0.58665
published_at 2026-04-18T12:55:00Z
2
value 0.00366
scoring_system epss
scoring_elements 0.5866
published_at 2026-04-16T12:55:00Z
3
value 0.00366
scoring_system epss
scoring_elements 0.58627
published_at 2026-04-13T12:55:00Z
4
value 0.00366
scoring_system epss
scoring_elements 0.58647
published_at 2026-04-12T12:55:00Z
5
value 0.00366
scoring_system epss
scoring_elements 0.58666
published_at 2026-04-11T12:55:00Z
6
value 0.00366
scoring_system epss
scoring_elements 0.58648
published_at 2026-04-09T12:55:00Z
7
value 0.00366
scoring_system epss
scoring_elements 0.58642
published_at 2026-04-08T12:55:00Z
8
value 0.00366
scoring_system epss
scoring_elements 0.5859
published_at 2026-04-07T12:55:00Z
9
value 0.00366
scoring_system epss
scoring_elements 0.58621
published_at 2026-04-04T12:55:00Z
10
value 0.00366
scoring_system epss
scoring_elements 0.586
published_at 2026-04-02T12:55:00Z
11
value 0.00377
scoring_system epss
scoring_elements 0.59261
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28676
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28676
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28676
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-7r7m-5h27-29hp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-7r7m-5h27-29hp
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-92.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-92.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856
8
reference_url https://github.com/python-pillow/Pillow/pull/5377
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5377
9
reference_url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28676
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28676
14
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos
15
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1958252
reference_id 1958252
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1958252
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
reference_id 989062
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
18
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
19
reference_url https://usn.ubuntu.com/4963-1/
reference_id USN-4963-1
reference_type
scores
url https://usn.ubuntu.com/4963-1/
20
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-5rv4-k1q9-zue2
3
vulnerability VCID-64n5-pugj-vue8
4
vulnerability VCID-9ckw-ra54-z3b7
5
vulnerability VCID-brp2-dtrf-jyfr
6
vulnerability VCID-d7uf-zdbv-sba1
7
vulnerability VCID-df4x-jt3h-17hx
8
vulnerability VCID-dpc3-td9q-dyee
9
vulnerability VCID-g46h-p8jk-cuhc
10
vulnerability VCID-n1hp-atex-ubh4
11
vulnerability VCID-q4bb-qnxe-8bfa
12
vulnerability VCID-vdzj-kqfy-d3b7
13
vulnerability VCID-w9uy-fnpm-cbak
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases BIT-pillow-2021-28676, CVE-2021-28676, GHSA-7r7m-5h27-29hp, PYSEC-2021-92
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xesd-d294-7fcx
Fixing_vulnerabilities
0
url VCID-3qb5-8p8w-gkad
vulnerability_id VCID-3qb5-8p8w-gkad
summary Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27921.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27921.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27921
reference_id
reference_type
scores
0
value 0.00419
scoring_system epss
scoring_elements 0.61759
published_at 2026-04-01T12:55:00Z
1
value 0.00419
scoring_system epss
scoring_elements 0.61937
published_at 2026-04-18T12:55:00Z
2
value 0.00419
scoring_system epss
scoring_elements 0.61933
published_at 2026-04-16T12:55:00Z
3
value 0.00419
scoring_system epss
scoring_elements 0.61889
published_at 2026-04-13T12:55:00Z
4
value 0.00419
scoring_system epss
scoring_elements 0.61909
published_at 2026-04-12T12:55:00Z
5
value 0.00419
scoring_system epss
scoring_elements 0.61921
published_at 2026-04-11T12:55:00Z
6
value 0.00419
scoring_system epss
scoring_elements 0.619
published_at 2026-04-09T12:55:00Z
7
value 0.00419
scoring_system epss
scoring_elements 0.61885
published_at 2026-04-08T12:55:00Z
8
value 0.00419
scoring_system epss
scoring_elements 0.61835
published_at 2026-04-07T12:55:00Z
9
value 0.00419
scoring_system epss
scoring_elements 0.61864
published_at 2026-04-04T12:55:00Z
10
value 0.00419
scoring_system epss
scoring_elements 0.61833
published_at 2026-04-02T12:55:00Z
11
value 0.00425
scoring_system epss
scoring_elements 0.62258
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27921
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27921
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27921
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-f4w8-cv6p-x6r5
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f4w8-cv6p-x6r5
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-40.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-40.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27921
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27921
18
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
19
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
20
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1935384
reference_id 1935384
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1935384
22
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
23
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
24
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
25
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-9ckw-ra54-z3b7
8
vulnerability VCID-aubw-tsmn-ffcq
9
vulnerability VCID-brp2-dtrf-jyfr
10
vulnerability VCID-d7uf-zdbv-sba1
11
vulnerability VCID-df4x-jt3h-17hx
12
vulnerability VCID-dpc3-td9q-dyee
13
vulnerability VCID-g46h-p8jk-cuhc
14
vulnerability VCID-gvjw-funa-sqak
15
vulnerability VCID-n1hp-atex-ubh4
16
vulnerability VCID-n1w5-f5p7-xuhb
17
vulnerability VCID-q4bb-qnxe-8bfa
18
vulnerability VCID-ue18-zzau-x7hy
19
vulnerability VCID-vdzj-kqfy-d3b7
20
vulnerability VCID-vwbu-ruxm-tbh4
21
vulnerability VCID-vyzt-df2u-h3cc
22
vulnerability VCID-w9uy-fnpm-cbak
23
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
1
url pkg:pypi/pillow@8.1.2
purl pkg:pypi/pillow@8.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3uk9-eds5-rkgc
3
vulnerability VCID-5rv4-k1q9-zue2
4
vulnerability VCID-64n5-pugj-vue8
5
vulnerability VCID-9ckw-ra54-z3b7
6
vulnerability VCID-aubw-tsmn-ffcq
7
vulnerability VCID-brp2-dtrf-jyfr
8
vulnerability VCID-d7uf-zdbv-sba1
9
vulnerability VCID-df4x-jt3h-17hx
10
vulnerability VCID-dpc3-td9q-dyee
11
vulnerability VCID-g46h-p8jk-cuhc
12
vulnerability VCID-n1hp-atex-ubh4
13
vulnerability VCID-n1w5-f5p7-xuhb
14
vulnerability VCID-q4bb-qnxe-8bfa
15
vulnerability VCID-ue18-zzau-x7hy
16
vulnerability VCID-vdzj-kqfy-d3b7
17
vulnerability VCID-vwbu-ruxm-tbh4
18
vulnerability VCID-vyzt-df2u-h3cc
19
vulnerability VCID-w9uy-fnpm-cbak
20
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2
aliases BIT-pillow-2021-27921, CVE-2021-27921, GHSA-f4w8-cv6p-x6r5, PYSEC-2021-40
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3qb5-8p8w-gkad
1
url VCID-53ac-ceq4-qkhf
vulnerability_id VCID-53ac-ceq4-qkhf
summary Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27922.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27922.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27922
reference_id
reference_type
scores
0
value 0.00145
scoring_system epss
scoring_elements 0.34909
published_at 2026-04-02T12:55:00Z
1
value 0.00145
scoring_system epss
scoring_elements 0.34859
published_at 2026-04-08T12:55:00Z
2
value 0.00145
scoring_system epss
scoring_elements 0.34701
published_at 2026-04-01T12:55:00Z
3
value 0.00145
scoring_system epss
scoring_elements 0.34814
published_at 2026-04-07T12:55:00Z
4
value 0.00145
scoring_system epss
scoring_elements 0.34936
published_at 2026-04-04T12:55:00Z
5
value 0.00145
scoring_system epss
scoring_elements 0.34853
published_at 2026-04-18T12:55:00Z
6
value 0.00145
scoring_system epss
scoring_elements 0.34869
published_at 2026-04-16T12:55:00Z
7
value 0.00145
scoring_system epss
scoring_elements 0.3483
published_at 2026-04-13T12:55:00Z
8
value 0.00145
scoring_system epss
scoring_elements 0.34854
published_at 2026-04-12T12:55:00Z
9
value 0.00145
scoring_system epss
scoring_elements 0.34891
published_at 2026-04-11T12:55:00Z
10
value 0.00145
scoring_system epss
scoring_elements 0.34887
published_at 2026-04-09T12:55:00Z
11
value 0.00315
scoring_system epss
scoring_elements 0.54591
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27922
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27922
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27922
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-3wvg-mj6g-m9cv
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3wvg-mj6g-m9cv
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-41.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-41.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27922
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27922
18
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
19
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
20
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1935396
reference_id 1935396
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1935396
22
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
23
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
24
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
25
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-9ckw-ra54-z3b7
8
vulnerability VCID-aubw-tsmn-ffcq
9
vulnerability VCID-brp2-dtrf-jyfr
10
vulnerability VCID-d7uf-zdbv-sba1
11
vulnerability VCID-df4x-jt3h-17hx
12
vulnerability VCID-dpc3-td9q-dyee
13
vulnerability VCID-g46h-p8jk-cuhc
14
vulnerability VCID-gvjw-funa-sqak
15
vulnerability VCID-n1hp-atex-ubh4
16
vulnerability VCID-n1w5-f5p7-xuhb
17
vulnerability VCID-q4bb-qnxe-8bfa
18
vulnerability VCID-ue18-zzau-x7hy
19
vulnerability VCID-vdzj-kqfy-d3b7
20
vulnerability VCID-vwbu-ruxm-tbh4
21
vulnerability VCID-vyzt-df2u-h3cc
22
vulnerability VCID-w9uy-fnpm-cbak
23
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
1
url pkg:pypi/pillow@8.1.2
purl pkg:pypi/pillow@8.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3uk9-eds5-rkgc
3
vulnerability VCID-5rv4-k1q9-zue2
4
vulnerability VCID-64n5-pugj-vue8
5
vulnerability VCID-9ckw-ra54-z3b7
6
vulnerability VCID-aubw-tsmn-ffcq
7
vulnerability VCID-brp2-dtrf-jyfr
8
vulnerability VCID-d7uf-zdbv-sba1
9
vulnerability VCID-df4x-jt3h-17hx
10
vulnerability VCID-dpc3-td9q-dyee
11
vulnerability VCID-g46h-p8jk-cuhc
12
vulnerability VCID-n1hp-atex-ubh4
13
vulnerability VCID-n1w5-f5p7-xuhb
14
vulnerability VCID-q4bb-qnxe-8bfa
15
vulnerability VCID-ue18-zzau-x7hy
16
vulnerability VCID-vdzj-kqfy-d3b7
17
vulnerability VCID-vwbu-ruxm-tbh4
18
vulnerability VCID-vyzt-df2u-h3cc
19
vulnerability VCID-w9uy-fnpm-cbak
20
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2
aliases BIT-pillow-2021-27922, CVE-2021-27922, GHSA-3wvg-mj6g-m9cv, PYSEC-2021-41
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-53ac-ceq4-qkhf
2
url VCID-en6t-uxtq-bfek
vulnerability_id VCID-en6t-uxtq-bfek
summary An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25289.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25289.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25289
reference_id
reference_type
scores
0
value 0.00206
scoring_system epss
scoring_elements 0.42926
published_at 2026-04-01T12:55:00Z
1
value 0.00206
scoring_system epss
scoring_elements 0.43036
published_at 2026-04-18T12:55:00Z
2
value 0.00206
scoring_system epss
scoring_elements 0.43048
published_at 2026-04-16T12:55:00Z
3
value 0.00206
scoring_system epss
scoring_elements 0.42988
published_at 2026-04-13T12:55:00Z
4
value 0.00206
scoring_system epss
scoring_elements 0.43005
published_at 2026-04-12T12:55:00Z
5
value 0.00206
scoring_system epss
scoring_elements 0.4304
published_at 2026-04-11T12:55:00Z
6
value 0.00206
scoring_system epss
scoring_elements 0.43017
published_at 2026-04-09T12:55:00Z
7
value 0.00206
scoring_system epss
scoring_elements 0.43004
published_at 2026-04-08T12:55:00Z
8
value 0.00206
scoring_system epss
scoring_elements 0.42954
published_at 2026-04-07T12:55:00Z
9
value 0.00206
scoring_system epss
scoring_elements 0.43018
published_at 2026-04-04T12:55:00Z
10
value 0.00206
scoring_system epss
scoring_elements 0.4299
published_at 2026-04-02T12:55:00Z
11
value 0.00762
scoring_system epss
scoring_elements 0.73401
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25289
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25289
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25289
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-57h3-9rgr-c24m
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-57h3-9rgr-c24m
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-35.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-35.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/3fee28eb9479bf7d59e0fa08068f9cc4a6e2f04c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/3fee28eb9479bf7d59e0fa08068f9cc4a6e2f04c
8
reference_url https://github.com/python-pillow/Pillow/commit/cbfdde7b1f2295059a20a539ee9960f0bec7b299
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/cbfdde7b1f2295059a20a539ee9960f0bec7b299
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25289
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25289
10
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
11
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1934680
reference_id 1934680
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1934680
13
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
14
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
15
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-9ckw-ra54-z3b7
8
vulnerability VCID-aubw-tsmn-ffcq
9
vulnerability VCID-brp2-dtrf-jyfr
10
vulnerability VCID-d7uf-zdbv-sba1
11
vulnerability VCID-df4x-jt3h-17hx
12
vulnerability VCID-dpc3-td9q-dyee
13
vulnerability VCID-g46h-p8jk-cuhc
14
vulnerability VCID-gvjw-funa-sqak
15
vulnerability VCID-n1hp-atex-ubh4
16
vulnerability VCID-n1w5-f5p7-xuhb
17
vulnerability VCID-q4bb-qnxe-8bfa
18
vulnerability VCID-ue18-zzau-x7hy
19
vulnerability VCID-vdzj-kqfy-d3b7
20
vulnerability VCID-vwbu-ruxm-tbh4
21
vulnerability VCID-vyzt-df2u-h3cc
22
vulnerability VCID-w9uy-fnpm-cbak
23
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases BIT-pillow-2021-25289, CVE-2021-25289, GHSA-57h3-9rgr-c24m, PYSEC-2021-35
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-en6t-uxtq-bfek
3
url VCID-gvjw-funa-sqak
vulnerability_id VCID-gvjw-funa-sqak
summary Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27923.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27923.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27923
reference_id
reference_type
scores
0
value 0.00419
scoring_system epss
scoring_elements 0.61835
published_at 2026-04-07T12:55:00Z
1
value 0.00419
scoring_system epss
scoring_elements 0.61885
published_at 2026-04-08T12:55:00Z
2
value 0.00419
scoring_system epss
scoring_elements 0.61759
published_at 2026-04-01T12:55:00Z
3
value 0.00419
scoring_system epss
scoring_elements 0.61833
published_at 2026-04-02T12:55:00Z
4
value 0.00419
scoring_system epss
scoring_elements 0.61864
published_at 2026-04-04T12:55:00Z
5
value 0.00419
scoring_system epss
scoring_elements 0.61937
published_at 2026-04-18T12:55:00Z
6
value 0.00419
scoring_system epss
scoring_elements 0.61933
published_at 2026-04-16T12:55:00Z
7
value 0.00419
scoring_system epss
scoring_elements 0.61889
published_at 2026-04-13T12:55:00Z
8
value 0.00419
scoring_system epss
scoring_elements 0.61909
published_at 2026-04-12T12:55:00Z
9
value 0.00419
scoring_system epss
scoring_elements 0.61921
published_at 2026-04-11T12:55:00Z
10
value 0.00419
scoring_system epss
scoring_elements 0.619
published_at 2026-04-09T12:55:00Z
11
value 0.00425
scoring_system epss
scoring_elements 0.62258
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27923
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27923
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27923
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-95q3-8gr9-gm8w
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-95q3-8gr9-gm8w
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-42.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-42.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27923
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27923
18
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
19
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
20
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1935401
reference_id 1935401
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1935401
22
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
23
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
24
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
25
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-9ckw-ra54-z3b7
8
vulnerability VCID-aubw-tsmn-ffcq
9
vulnerability VCID-brp2-dtrf-jyfr
10
vulnerability VCID-d7uf-zdbv-sba1
11
vulnerability VCID-df4x-jt3h-17hx
12
vulnerability VCID-dpc3-td9q-dyee
13
vulnerability VCID-g46h-p8jk-cuhc
14
vulnerability VCID-gvjw-funa-sqak
15
vulnerability VCID-n1hp-atex-ubh4
16
vulnerability VCID-n1w5-f5p7-xuhb
17
vulnerability VCID-q4bb-qnxe-8bfa
18
vulnerability VCID-ue18-zzau-x7hy
19
vulnerability VCID-vdzj-kqfy-d3b7
20
vulnerability VCID-vwbu-ruxm-tbh4
21
vulnerability VCID-vyzt-df2u-h3cc
22
vulnerability VCID-w9uy-fnpm-cbak
23
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
1
url pkg:pypi/pillow@8.1.2
purl pkg:pypi/pillow@8.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3uk9-eds5-rkgc
3
vulnerability VCID-5rv4-k1q9-zue2
4
vulnerability VCID-64n5-pugj-vue8
5
vulnerability VCID-9ckw-ra54-z3b7
6
vulnerability VCID-aubw-tsmn-ffcq
7
vulnerability VCID-brp2-dtrf-jyfr
8
vulnerability VCID-d7uf-zdbv-sba1
9
vulnerability VCID-df4x-jt3h-17hx
10
vulnerability VCID-dpc3-td9q-dyee
11
vulnerability VCID-g46h-p8jk-cuhc
12
vulnerability VCID-n1hp-atex-ubh4
13
vulnerability VCID-n1w5-f5p7-xuhb
14
vulnerability VCID-q4bb-qnxe-8bfa
15
vulnerability VCID-ue18-zzau-x7hy
16
vulnerability VCID-vdzj-kqfy-d3b7
17
vulnerability VCID-vwbu-ruxm-tbh4
18
vulnerability VCID-vyzt-df2u-h3cc
19
vulnerability VCID-w9uy-fnpm-cbak
20
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2
aliases BIT-pillow-2021-27923, CVE-2021-27923, GHSA-95q3-8gr9-gm8w, PYSEC-2021-42
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gvjw-funa-sqak
4
url VCID-khp6-9hfx-1kge
vulnerability_id VCID-khp6-9hfx-1kge
summary 
Uncontrolled Resource Consumption in pillow
### Impact
_Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large._

### Patches
_An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image._

### Workarounds
_An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image._

### References
https://nvd.nist.gov/vuln/detail/CVE-2021-27921

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [example link to repo](http://example.com)
* Email us at [example email address](mailto:example@example.com)
references
0
reference_url https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3
1
reference_url https://github.com/advisories/GHSA-jgpv-4h4c-xhw3
reference_id GHSA-jgpv-4h4c-xhw3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jgpv-4h4c-xhw3
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-9ckw-ra54-z3b7
8
vulnerability VCID-aubw-tsmn-ffcq
9
vulnerability VCID-brp2-dtrf-jyfr
10
vulnerability VCID-d7uf-zdbv-sba1
11
vulnerability VCID-df4x-jt3h-17hx
12
vulnerability VCID-dpc3-td9q-dyee
13
vulnerability VCID-g46h-p8jk-cuhc
14
vulnerability VCID-gvjw-funa-sqak
15
vulnerability VCID-n1hp-atex-ubh4
16
vulnerability VCID-n1w5-f5p7-xuhb
17
vulnerability VCID-q4bb-qnxe-8bfa
18
vulnerability VCID-ue18-zzau-x7hy
19
vulnerability VCID-vdzj-kqfy-d3b7
20
vulnerability VCID-vwbu-ruxm-tbh4
21
vulnerability VCID-vyzt-df2u-h3cc
22
vulnerability VCID-w9uy-fnpm-cbak
23
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
1
url pkg:pypi/pillow@8.1.2
purl pkg:pypi/pillow@8.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3uk9-eds5-rkgc
3
vulnerability VCID-5rv4-k1q9-zue2
4
vulnerability VCID-64n5-pugj-vue8
5
vulnerability VCID-9ckw-ra54-z3b7
6
vulnerability VCID-aubw-tsmn-ffcq
7
vulnerability VCID-brp2-dtrf-jyfr
8
vulnerability VCID-d7uf-zdbv-sba1
9
vulnerability VCID-df4x-jt3h-17hx
10
vulnerability VCID-dpc3-td9q-dyee
11
vulnerability VCID-g46h-p8jk-cuhc
12
vulnerability VCID-n1hp-atex-ubh4
13
vulnerability VCID-n1w5-f5p7-xuhb
14
vulnerability VCID-q4bb-qnxe-8bfa
15
vulnerability VCID-ue18-zzau-x7hy
16
vulnerability VCID-vdzj-kqfy-d3b7
17
vulnerability VCID-vwbu-ruxm-tbh4
18
vulnerability VCID-vyzt-df2u-h3cc
19
vulnerability VCID-w9uy-fnpm-cbak
20
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2
aliases GHSA-jgpv-4h4c-xhw3, GMS-2021-167
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-khp6-9hfx-1kge
5
url VCID-p6r3-puh1-zyg6
vulnerability_id VCID-p6r3-puh1-zyg6
summary An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25293.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25293.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25293
reference_id
reference_type
scores
0
value 0.001
scoring_system epss
scoring_elements 0.27731
published_at 2026-04-16T12:55:00Z
1
value 0.001
scoring_system epss
scoring_elements 0.27723
published_at 2026-04-13T12:55:00Z
2
value 0.001
scoring_system epss
scoring_elements 0.2778
published_at 2026-04-12T12:55:00Z
3
value 0.001
scoring_system epss
scoring_elements 0.27822
published_at 2026-04-11T12:55:00Z
4
value 0.001
scoring_system epss
scoring_elements 0.27816
published_at 2026-04-09T12:55:00Z
5
value 0.001
scoring_system epss
scoring_elements 0.27773
published_at 2026-04-08T12:55:00Z
6
value 0.001
scoring_system epss
scoring_elements 0.27705
published_at 2026-04-18T12:55:00Z
7
value 0.001
scoring_system epss
scoring_elements 0.27913
published_at 2026-04-04T12:55:00Z
8
value 0.001
scoring_system epss
scoring_elements 0.27873
published_at 2026-04-02T12:55:00Z
9
value 0.001
scoring_system epss
scoring_elements 0.27823
published_at 2026-04-01T12:55:00Z
10
value 0.00169
scoring_system epss
scoring_elements 0.38018
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25293
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25293
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25293
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-p43w-g3c5-g5mq
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-p43w-g3c5-g5mq
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-39.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-39.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/4853e522bddbec66022c0915b9a56255d0188bf9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/4853e522bddbec66022c0915b9a56255d0188bf9
8
reference_url https://github.com/python-pillow/Pillow/commit/f891baa604636cd2506a9360d170bc2cf4963cc5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/f891baa604636cd2506a9360d170bc2cf4963cc5
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25293
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25293
10
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
11
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1934705
reference_id 1934705
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1934705
13
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
14
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
15
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
16
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-9ckw-ra54-z3b7
8
vulnerability VCID-aubw-tsmn-ffcq
9
vulnerability VCID-brp2-dtrf-jyfr
10
vulnerability VCID-d7uf-zdbv-sba1
11
vulnerability VCID-df4x-jt3h-17hx
12
vulnerability VCID-dpc3-td9q-dyee
13
vulnerability VCID-g46h-p8jk-cuhc
14
vulnerability VCID-gvjw-funa-sqak
15
vulnerability VCID-n1hp-atex-ubh4
16
vulnerability VCID-n1w5-f5p7-xuhb
17
vulnerability VCID-q4bb-qnxe-8bfa
18
vulnerability VCID-ue18-zzau-x7hy
19
vulnerability VCID-vdzj-kqfy-d3b7
20
vulnerability VCID-vwbu-ruxm-tbh4
21
vulnerability VCID-vyzt-df2u-h3cc
22
vulnerability VCID-w9uy-fnpm-cbak
23
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases BIT-pillow-2021-25293, CVE-2021-25293, GHSA-p43w-g3c5-g5mq, PYSEC-2021-39
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p6r3-puh1-zyg6
6
url VCID-rncf-9nf8-wud3
vulnerability_id VCID-rncf-9nf8-wud3
summary An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25290.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25290.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25290
reference_id
reference_type
scores
0
value 0.00143
scoring_system epss
scoring_elements 0.34335
published_at 2026-04-01T12:55:00Z
1
value 0.00143
scoring_system epss
scoring_elements 0.34596
published_at 2026-04-16T12:55:00Z
2
value 0.00143
scoring_system epss
scoring_elements 0.34558
published_at 2026-04-13T12:55:00Z
3
value 0.00143
scoring_system epss
scoring_elements 0.34582
published_at 2026-04-18T12:55:00Z
4
value 0.00143
scoring_system epss
scoring_elements 0.34621
published_at 2026-04-11T12:55:00Z
5
value 0.00143
scoring_system epss
scoring_elements 0.3462
published_at 2026-04-09T12:55:00Z
6
value 0.00143
scoring_system epss
scoring_elements 0.34591
published_at 2026-04-08T12:55:00Z
7
value 0.00143
scoring_system epss
scoring_elements 0.34548
published_at 2026-04-07T12:55:00Z
8
value 0.00143
scoring_system epss
scoring_elements 0.34679
published_at 2026-04-04T12:55:00Z
9
value 0.00143
scoring_system epss
scoring_elements 0.34653
published_at 2026-04-02T12:55:00Z
10
value 0.00247
scoring_system epss
scoring_elements 0.47959
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25290
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25290
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25290
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-8xjq-8fcg-g5hw
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-8xjq-8fcg-g5hw
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-36.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-36.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/86f02f7c70862a0954bfe8133736d352db978eaa
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/86f02f7c70862a0954bfe8133736d352db978eaa
8
reference_url https://github.com/python-pillow/Pillow/commit/e25be1e33dc526bfd1094bc778a54d8e29bf66c9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/e25be1e33dc526bfd1094bc778a54d8e29bf66c9
9
reference_url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25290
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25290
11
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
12
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1934685
reference_id 1934685
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1934685
14
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
15
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
16
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
17
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
18
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-9ckw-ra54-z3b7
8
vulnerability VCID-aubw-tsmn-ffcq
9
vulnerability VCID-brp2-dtrf-jyfr
10
vulnerability VCID-d7uf-zdbv-sba1
11
vulnerability VCID-df4x-jt3h-17hx
12
vulnerability VCID-dpc3-td9q-dyee
13
vulnerability VCID-g46h-p8jk-cuhc
14
vulnerability VCID-gvjw-funa-sqak
15
vulnerability VCID-n1hp-atex-ubh4
16
vulnerability VCID-n1w5-f5p7-xuhb
17
vulnerability VCID-q4bb-qnxe-8bfa
18
vulnerability VCID-ue18-zzau-x7hy
19
vulnerability VCID-vdzj-kqfy-d3b7
20
vulnerability VCID-vwbu-ruxm-tbh4
21
vulnerability VCID-vyzt-df2u-h3cc
22
vulnerability VCID-w9uy-fnpm-cbak
23
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases BIT-pillow-2021-25290, CVE-2021-25290, GHSA-8xjq-8fcg-g5hw, PYSEC-2021-36
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rncf-9nf8-wud3
7
url VCID-vwbu-ruxm-tbh4
vulnerability_id VCID-vwbu-ruxm-tbh4
summary An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25291.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25291.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25291
reference_id
reference_type
scores
0
value 0.00536
scoring_system epss
scoring_elements 0.67398
published_at 2026-04-01T12:55:00Z
1
value 0.00536
scoring_system epss
scoring_elements 0.67503
published_at 2026-04-21T12:55:00Z
2
value 0.00536
scoring_system epss
scoring_elements 0.67524
published_at 2026-04-18T12:55:00Z
3
value 0.00536
scoring_system epss
scoring_elements 0.67512
published_at 2026-04-16T12:55:00Z
4
value 0.00536
scoring_system epss
scoring_elements 0.67476
published_at 2026-04-13T12:55:00Z
5
value 0.00536
scoring_system epss
scoring_elements 0.6751
published_at 2026-04-12T12:55:00Z
6
value 0.00536
scoring_system epss
scoring_elements 0.67523
published_at 2026-04-11T12:55:00Z
7
value 0.00536
scoring_system epss
scoring_elements 0.675
published_at 2026-04-09T12:55:00Z
8
value 0.00536
scoring_system epss
scoring_elements 0.67486
published_at 2026-04-08T12:55:00Z
9
value 0.00536
scoring_system epss
scoring_elements 0.67455
published_at 2026-04-04T12:55:00Z
10
value 0.00536
scoring_system epss
scoring_elements 0.67434
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25291
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25291
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25291
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-mvg9-xffr-p774
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-mvg9-xffr-p774
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-37.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-37.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/8b8076bdcb3815be0ef0d279651d8d1342b8ea61
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/8b8076bdcb3815be0ef0d279651d8d1342b8ea61
8
reference_url https://github.com/python-pillow/Pillow/commit/cbdce6c5d054fccaf4af34b47f212355c64ace7a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/cbdce6c5d054fccaf4af34b47f212355c64ace7a
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25291
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25291
10
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
11
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1934692
reference_id 1934692
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1934692
13
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
14
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
15
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-9ckw-ra54-z3b7
8
vulnerability VCID-aubw-tsmn-ffcq
9
vulnerability VCID-brp2-dtrf-jyfr
10
vulnerability VCID-d7uf-zdbv-sba1
11
vulnerability VCID-df4x-jt3h-17hx
12
vulnerability VCID-dpc3-td9q-dyee
13
vulnerability VCID-g46h-p8jk-cuhc
14
vulnerability VCID-gvjw-funa-sqak
15
vulnerability VCID-n1hp-atex-ubh4
16
vulnerability VCID-n1w5-f5p7-xuhb
17
vulnerability VCID-q4bb-qnxe-8bfa
18
vulnerability VCID-ue18-zzau-x7hy
19
vulnerability VCID-vdzj-kqfy-d3b7
20
vulnerability VCID-vwbu-ruxm-tbh4
21
vulnerability VCID-vyzt-df2u-h3cc
22
vulnerability VCID-w9uy-fnpm-cbak
23
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
1
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-5rv4-k1q9-zue2
3
vulnerability VCID-64n5-pugj-vue8
4
vulnerability VCID-9ckw-ra54-z3b7
5
vulnerability VCID-brp2-dtrf-jyfr
6
vulnerability VCID-d7uf-zdbv-sba1
7
vulnerability VCID-df4x-jt3h-17hx
8
vulnerability VCID-dpc3-td9q-dyee
9
vulnerability VCID-g46h-p8jk-cuhc
10
vulnerability VCID-n1hp-atex-ubh4
11
vulnerability VCID-q4bb-qnxe-8bfa
12
vulnerability VCID-vdzj-kqfy-d3b7
13
vulnerability VCID-w9uy-fnpm-cbak
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases BIT-pillow-2021-25291, CVE-2021-25291, GHSA-mvg9-xffr-p774, PYSEC-2021-37
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vwbu-ruxm-tbh4
8
url VCID-vxh1-8rvt-kkak
vulnerability_id VCID-vxh1-8rvt-kkak
summary An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25292.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25292.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25292
reference_id
reference_type
scores
0
value 0.00147
scoring_system epss
scoring_elements 0.35172
published_at 2026-04-18T12:55:00Z
1
value 0.00147
scoring_system epss
scoring_elements 0.35208
published_at 2026-04-11T12:55:00Z
2
value 0.00147
scoring_system epss
scoring_elements 0.35148
published_at 2026-04-13T12:55:00Z
3
value 0.00147
scoring_system epss
scoring_elements 0.35203
published_at 2026-04-09T12:55:00Z
4
value 0.00147
scoring_system epss
scoring_elements 0.35173
published_at 2026-04-12T12:55:00Z
5
value 0.00147
scoring_system epss
scoring_elements 0.35224
published_at 2026-04-02T12:55:00Z
6
value 0.00147
scoring_system epss
scoring_elements 0.35024
published_at 2026-04-01T12:55:00Z
7
value 0.00147
scoring_system epss
scoring_elements 0.35252
published_at 2026-04-04T12:55:00Z
8
value 0.00147
scoring_system epss
scoring_elements 0.35133
published_at 2026-04-07T12:55:00Z
9
value 0.00147
scoring_system epss
scoring_elements 0.35177
published_at 2026-04-08T12:55:00Z
10
value 0.00147
scoring_system epss
scoring_elements 0.35186
published_at 2026-04-16T12:55:00Z
11
value 0.00185
scoring_system epss
scoring_elements 0.40129
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25292
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25292
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25292
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-9hx2-hgq2-2g4f
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-9hx2-hgq2-2g4f
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-38.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-38.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c
8
reference_url https://github.com/python-pillow/Pillow/commit/521dab94c7ab72b037bd9a83e9663401e0fd2cee
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/521dab94c7ab72b037bd9a83e9663401e0fd2cee
9
reference_url https://github.com/python-pillow/Pillow/commit/6207b44ab1ff4a91d8ddc7579619876d0bb191a4
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/6207b44ab1ff4a91d8ddc7579619876d0bb191a4
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25292
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25292
11
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
12
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1934699
reference_id 1934699
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1934699
14
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
15
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
16
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
17
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-9ckw-ra54-z3b7
8
vulnerability VCID-aubw-tsmn-ffcq
9
vulnerability VCID-brp2-dtrf-jyfr
10
vulnerability VCID-d7uf-zdbv-sba1
11
vulnerability VCID-df4x-jt3h-17hx
12
vulnerability VCID-dpc3-td9q-dyee
13
vulnerability VCID-g46h-p8jk-cuhc
14
vulnerability VCID-gvjw-funa-sqak
15
vulnerability VCID-n1hp-atex-ubh4
16
vulnerability VCID-n1w5-f5p7-xuhb
17
vulnerability VCID-q4bb-qnxe-8bfa
18
vulnerability VCID-ue18-zzau-x7hy
19
vulnerability VCID-vdzj-kqfy-d3b7
20
vulnerability VCID-vwbu-ruxm-tbh4
21
vulnerability VCID-vyzt-df2u-h3cc
22
vulnerability VCID-w9uy-fnpm-cbak
23
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases BIT-pillow-2021-25292, CVE-2021-25292, GHSA-9hx2-hgq2-2g4f, PYSEC-2021-38
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vxh1-8rvt-kkak
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1