VulnerableCode.io REST API

Lookup for vulnerable packages by Package URL.

GET /api/packages/202720?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/202720?format=api",
    "purl": "pkg:deb/debian/pillow@2.4.0-1?distro=trixie",
    "type": "deb",
    "namespace": "debian",
    "name": "pillow",
    "version": "2.4.0-1",
    "qualifiers": {
        "distro": "trixie"
    },
    "subpath": "",
    "is_vulnerable": false,
    "next_non_vulnerable_version": "2.5.3-1",
    "latest_non_vulnerable_version": "12.2.0-1",
    "affected_by_vulnerabilities": [],
    "fixing_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7233?format=api",
            "vulnerability_id": "VCID-4vbr-582f-zyen",
            "summary": "The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.",
            "references": [
                {
                    "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "8.5",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1932",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00098",
                            "scoring_system": "epss",
                            "scoring_elements": "0.26946",
                            "published_at": "2026-05-30T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1932"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "8.5",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059"
                },
                {
                    "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-22.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "8.5",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-22.yaml"
                },
                {
                    "reference_url": "https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "8.5",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7"
                },
                {
                    "reference_url": "https://github.com/python-pillow/Pillow",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "8.5",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/python-pillow/Pillow"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1932",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "8.5",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1932"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201612-52",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "8.5",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.gentoo.org/glsa/201612-52"
                },
                {
                    "reference_url": "https://web.archive.org/web/20170103151725/http://www.securityfocus.com/bid/65511",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "8.5",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://web.archive.org/web/20170103151725/http://www.securityfocus.com/bid/65511"
                },
                {
                    "reference_url": "http://www.openwall.com/lists/oss-security/2014/02/11/1",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "8.5",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "http://www.openwall.com/lists/oss-security/2014/02/11/1"
                },
                {
                    "reference_url": "http://www.securityfocus.com/bid/65511",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://www.securityfocus.com/bid/65511"
                },
                {
                    "reference_url": "http://www.ubuntu.com/usn/USN-2168-1",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "8.5",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "http://www.ubuntu.com/usn/USN-2168-1"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/2168-1/",
                    "reference_id": "USN-2168-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/2168-1/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/202720?format=api",
                    "purl": "pkg:deb/debian/pillow@2.4.0-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@2.4.0-1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/202721?format=api",
                    "purl": "pkg:deb/debian/pillow@8.1.2%2Bdfsg-0.3%2Bdeb11u2?distro=trixie",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-9x88-j4j1-kfe8"
                        },
                        {
                            "vulnerability": "VCID-xyx8-qbkp-f7hh"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@8.1.2%252Bdfsg-0.3%252Bdeb11u2%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/202719?format=api",
                    "purl": "pkg:deb/debian/pillow@9.4.0-1.1%2Bdeb12u1?distro=trixie",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-9x88-j4j1-kfe8"
                        },
                        {
                            "vulnerability": "VCID-xyx8-qbkp-f7hh"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@9.4.0-1.1%252Bdeb12u1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/202723?format=api",
                    "purl": "pkg:deb/debian/pillow@11.1.0-5%2Bdeb13u2?distro=trixie",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-9x88-j4j1-kfe8"
                        },
                        {
                            "vulnerability": "VCID-txe7-yuu7-3qhj"
                        },
                        {
                            "vulnerability": "VCID-xyx8-qbkp-f7hh"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@11.1.0-5%252Bdeb13u2%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/202722?format=api",
                    "purl": "pkg:deb/debian/pillow@12.2.0-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@12.2.0-1%3Fdistro=trixie"
                }
            ],
            "aliases": [
                "CVE-2014-1932",
                "GHSA-x895-2wrm-hvp7",
                "PYSEC-2014-22"
            ],
            "risk_score": null,
            "exploitability": "0.5",
            "weighted_severity": "0.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4vbr-582f-zyen"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7237?format=api",
            "vulnerability_id": "VCID-g4xk-8bvx-zyhz",
            "summary": "Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.",
            "references": [
                {
                    "reference_url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3007",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.03641",
                            "scoring_system": "epss",
                            "scoring_elements": "0.88046",
                            "published_at": "2026-05-30T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3007"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059"
                },
                {
                    "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-87.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-87.yaml"
                },
                {
                    "reference_url": "https://github.com/python-pillow/Pillow",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/python-pillow/Pillow"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3007",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3007"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/202720?format=api",
                    "purl": "pkg:deb/debian/pillow@2.4.0-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@2.4.0-1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/202721?format=api",
                    "purl": "pkg:deb/debian/pillow@8.1.2%2Bdfsg-0.3%2Bdeb11u2?distro=trixie",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-9x88-j4j1-kfe8"
                        },
                        {
                            "vulnerability": "VCID-xyx8-qbkp-f7hh"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@8.1.2%252Bdfsg-0.3%252Bdeb11u2%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/202719?format=api",
                    "purl": "pkg:deb/debian/pillow@9.4.0-1.1%2Bdeb12u1?distro=trixie",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-9x88-j4j1-kfe8"
                        },
                        {
                            "vulnerability": "VCID-xyx8-qbkp-f7hh"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@9.4.0-1.1%252Bdeb12u1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/202723?format=api",
                    "purl": "pkg:deb/debian/pillow@11.1.0-5%2Bdeb13u2?distro=trixie",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-9x88-j4j1-kfe8"
                        },
                        {
                            "vulnerability": "VCID-txe7-yuu7-3qhj"
                        },
                        {
                            "vulnerability": "VCID-xyx8-qbkp-f7hh"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@11.1.0-5%252Bdeb13u2%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/202722?format=api",
                    "purl": "pkg:deb/debian/pillow@12.2.0-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@12.2.0-1%3Fdistro=trixie"
                }
            ],
            "aliases": [
                "CVE-2014-3007",
                "GHSA-8m9x-pxwq-j236",
                "PYSEC-2014-87"
            ],
            "risk_score": null,
            "exploitability": "0.5",
            "weighted_severity": "0.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g4xk-8bvx-zyhz"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7232?format=api",
            "vulnerability_id": "VCID-k2qv-ruzz-t7bg",
            "summary": "The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.",
            "references": [
                {
                    "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "5.1",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1933",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00111",
                            "scoring_system": "epss",
                            "scoring_elements": "0.29197",
                            "published_at": "2026-05-30T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1933"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-r854-96gq-rfg3",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-r854-96gq-rfg3"
                },
                {
                    "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-23.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "5.1",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-23.yaml"
                },
                {
                    "reference_url": "https://github.com/python-imaging/Pillow",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "5.1",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/python-imaging/Pillow"
                },
                {
                    "reference_url": "https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "5.1",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201612-52",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "5.1",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.gentoo.org/glsa/201612-52"
                },
                {
                    "reference_url": "http://www.openwall.com/lists/oss-security/2014/02/10/15",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "5.1",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "http://www.openwall.com/lists/oss-security/2014/02/10/15"
                },
                {
                    "reference_url": "http://www.openwall.com/lists/oss-security/2014/02/11/1",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "5.1",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "http://www.openwall.com/lists/oss-security/2014/02/11/1"
                },
                {
                    "reference_url": "http://www.securityfocus.com/bid/65513",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://www.securityfocus.com/bid/65513"
                },
                {
                    "reference_url": "http://www.ubuntu.com/usn/USN-2168-1",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "5.1",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "http://www.ubuntu.com/usn/USN-2168-1"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1933",
                    "reference_id": "CVE-2014-1933",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "5.1",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1933"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/2168-1/",
                    "reference_id": "USN-2168-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/2168-1/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/202720?format=api",
                    "purl": "pkg:deb/debian/pillow@2.4.0-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@2.4.0-1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/202721?format=api",
                    "purl": "pkg:deb/debian/pillow@8.1.2%2Bdfsg-0.3%2Bdeb11u2?distro=trixie",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-9x88-j4j1-kfe8"
                        },
                        {
                            "vulnerability": "VCID-xyx8-qbkp-f7hh"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@8.1.2%252Bdfsg-0.3%252Bdeb11u2%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/202719?format=api",
                    "purl": "pkg:deb/debian/pillow@9.4.0-1.1%2Bdeb12u1?distro=trixie",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-9x88-j4j1-kfe8"
                        },
                        {
                            "vulnerability": "VCID-xyx8-qbkp-f7hh"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@9.4.0-1.1%252Bdeb12u1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/202723?format=api",
                    "purl": "pkg:deb/debian/pillow@11.1.0-5%2Bdeb13u2?distro=trixie",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-9x88-j4j1-kfe8"
                        },
                        {
                            "vulnerability": "VCID-txe7-yuu7-3qhj"
                        },
                        {
                            "vulnerability": "VCID-xyx8-qbkp-f7hh"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@11.1.0-5%252Bdeb13u2%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/202722?format=api",
                    "purl": "pkg:deb/debian/pillow@12.2.0-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@12.2.0-1%3Fdistro=trixie"
                }
            ],
            "aliases": [
                "CVE-2014-1933",
                "GHSA-r854-96gq-rfg3",
                "PYSEC-2014-23"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k2qv-ruzz-t7bg"
        }
    ],
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@2.4.0-1%3Fdistro=trixie"
}

Package Instance