Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pillow@9.0.0
Typepypi
Namespace
Namepillow
Version9.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version12.1.1
Latest_non_vulnerable_version12.2.0
Affected_by_vulnerabilities
0
url VCID-19e1-19hk-duet
vulnerability_id VCID-19e1-19hk-duet
summary Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-45198
reference_id
reference_type
scores
0
value 0.0028
scoring_system epss
scoring_elements 0.5136
published_at 2026-04-04T12:55:00Z
1
value 0.0028
scoring_system epss
scoring_elements 0.5141
published_at 2026-04-21T12:55:00Z
2
value 0.0028
scoring_system epss
scoring_elements 0.5143
published_at 2026-04-18T12:55:00Z
3
value 0.0028
scoring_system epss
scoring_elements 0.51422
published_at 2026-04-16T12:55:00Z
4
value 0.0028
scoring_system epss
scoring_elements 0.51379
published_at 2026-04-13T12:55:00Z
5
value 0.0028
scoring_system epss
scoring_elements 0.51393
published_at 2026-04-12T12:55:00Z
6
value 0.0028
scoring_system epss
scoring_elements 0.51414
published_at 2026-04-11T12:55:00Z
7
value 0.0028
scoring_system epss
scoring_elements 0.51371
published_at 2026-04-09T12:55:00Z
8
value 0.0028
scoring_system epss
scoring_elements 0.51373
published_at 2026-04-08T12:55:00Z
9
value 0.0028
scoring_system epss
scoring_elements 0.51319
published_at 2026-04-07T12:55:00Z
10
value 0.00297
scoring_system epss
scoring_elements 0.53076
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-45198
1
reference_url https://bugs.gentoo.org/855683
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.gentoo.org/855683
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45198
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45198
3
reference_url https://cwe.mitre.org/data/definitions/409.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwe.mitre.org/data/definitions/409.html
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-42979.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-42979.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4
8
reference_url https://github.com/python-pillow/Pillow/pull/6402
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/6402
9
reference_url https://github.com/python-pillow/Pillow/pull/6402/commits/c9f1b35e981075110a23487a8d4a6cbb59a588ea
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/6402/commits/c9f1b35e981075110a23487a8d4a6cbb59a588ea
10
reference_url https://github.com/python-pillow/Pillow/releases/tag/9.2.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/releases/tag/9.2.0
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-45198
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-45198
12
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202211-10
13
reference_url https://github.com/advisories/GHSA-m2vv-5vj5-2hm7
reference_id GHSA-m2vv-5vj5-2hm7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m2vv-5vj5-2hm7
14
reference_url https://usn.ubuntu.com/5777-1/
reference_id USN-5777-1
reference_type
scores
url https://usn.ubuntu.com/5777-1/
15
reference_url https://usn.ubuntu.com/USN-5777-2/
reference_id USN-USN-5777-2
reference_type
scores
url https://usn.ubuntu.com/USN-5777-2/
fixed_packages
0
url pkg:pypi/pillow@9.2.0
purl pkg:pypi/pillow@9.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4n96-uzyf-tud6
1
vulnerability VCID-5rv4-k1q9-zue2
2
vulnerability VCID-64n5-pugj-vue8
3
vulnerability VCID-9ckw-ra54-z3b7
4
vulnerability VCID-d7uf-zdbv-sba1
5
vulnerability VCID-n1hp-atex-ubh4
6
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.2.0
aliases BIT-pillow-2022-45198, CVE-2022-45198, GHSA-m2vv-5vj5-2hm7, PYSEC-2022-42979
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-19e1-19hk-duet
1
url VCID-5rv4-k1q9-zue2
vulnerability_id VCID-5rv4-k1q9-zue2
summary Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.
references
0
reference_url https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
reference_id
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5129
reference_id
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-5129
fixed_packages
0
url pkg:pypi/pillow@10.0.1
purl pkg:pypi/pillow@10.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-64n5-pugj-vue8
1
vulnerability VCID-9ckw-ra54-z3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.1
aliases PYSEC-2023-175
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5rv4-k1q9-zue2
2
url VCID-64n5-pugj-vue8
vulnerability_id VCID-64n5-pugj-vue8
summary 
Pillow buffer overflow vulnerability
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28219.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28219.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28219
reference_id
reference_type
scores
0
value 0.00261
scoring_system epss
scoring_elements 0.49512
published_at 2026-04-21T12:55:00Z
1
value 0.00261
scoring_system epss
scoring_elements 0.49541
published_at 2026-04-18T12:55:00Z
2
value 0.00261
scoring_system epss
scoring_elements 0.49543
published_at 2026-04-16T12:55:00Z
3
value 0.00261
scoring_system epss
scoring_elements 0.49496
published_at 2026-04-13T12:55:00Z
4
value 0.00261
scoring_system epss
scoring_elements 0.49494
published_at 2026-04-12T12:55:00Z
5
value 0.00261
scoring_system epss
scoring_elements 0.49522
published_at 2026-04-11T12:55:00Z
6
value 0.00261
scoring_system epss
scoring_elements 0.49505
published_at 2026-04-09T12:55:00Z
7
value 0.00261
scoring_system epss
scoring_elements 0.49509
published_at 2026-04-08T12:55:00Z
8
value 0.00261
scoring_system epss
scoring_elements 0.49454
published_at 2026-04-07T12:55:00Z
9
value 0.00261
scoring_system epss
scoring_elements 0.49502
published_at 2026-04-04T12:55:00Z
10
value 0.00261
scoring_system epss
scoring_elements 0.49475
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28219
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061
8
reference_url https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:R
2
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-03T18:09:55Z/
url https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28219
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28219
11
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:R
1
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-03T18:09:55Z/
url https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2272563
reference_id 2272563
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2272563
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M/
reference_id 4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:R
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-03T18:09:55Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M/
14
reference_url https://github.com/advisories/GHSA-44wm-f244-xhp3
reference_id GHSA-44wm-f244-xhp3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-44wm-f244-xhp3
15
reference_url https://security.gentoo.org/glsa/202411-07
reference_id GLSA-202411-07
reference_type
scores
url https://security.gentoo.org/glsa/202411-07
16
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
17
reference_url https://access.redhat.com/errata/RHSA-2024:4227
reference_id RHSA-2024:4227
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4227
18
reference_url https://access.redhat.com/errata/RHSA-2024:5662
reference_id RHSA-2024:5662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5662
19
reference_url https://usn.ubuntu.com/6744-1/
reference_id USN-6744-1
reference_type
scores
url https://usn.ubuntu.com/6744-1/
20
reference_url https://usn.ubuntu.com/6744-2/
reference_id USN-6744-2
reference_type
scores
url https://usn.ubuntu.com/6744-2/
21
reference_url https://usn.ubuntu.com/6744-3/
reference_id USN-6744-3
reference_type
scores
url https://usn.ubuntu.com/6744-3/
fixed_packages
0
url pkg:pypi/pillow@10.3.0
purl pkg:pypi/pillow@10.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-67yw-ej31-8ub1
1
vulnerability VCID-ca8h-871t-t3dd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.3.0
aliases CVE-2024-28219, GHSA-44wm-f244-xhp3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-64n5-pugj-vue8
3
url VCID-9ckw-ra54-z3b7
vulnerability_id VCID-9ckw-ra54-z3b7
summary 
Arbitrary Code Execution in Pillow
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50447.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50447.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-50447
reference_id
reference_type
scores
0
value 0.00713
scoring_system epss
scoring_elements 0.72354
published_at 2026-04-21T12:55:00Z
1
value 0.00754
scoring_system epss
scoring_elements 0.73261
published_at 2026-04-16T12:55:00Z
2
value 0.00754
scoring_system epss
scoring_elements 0.73218
published_at 2026-04-13T12:55:00Z
3
value 0.00754
scoring_system epss
scoring_elements 0.73225
published_at 2026-04-12T12:55:00Z
4
value 0.00754
scoring_system epss
scoring_elements 0.73244
published_at 2026-04-11T12:55:00Z
5
value 0.00754
scoring_system epss
scoring_elements 0.73219
published_at 2026-04-09T12:55:00Z
6
value 0.00754
scoring_system epss
scoring_elements 0.7327
published_at 2026-04-18T12:55:00Z
7
value 0.00775
scoring_system epss
scoring_elements 0.73555
published_at 2026-04-02T12:55:00Z
8
value 0.00775
scoring_system epss
scoring_elements 0.73586
published_at 2026-04-08T12:55:00Z
9
value 0.00775
scoring_system epss
scoring_elements 0.7355
published_at 2026-04-07T12:55:00Z
10
value 0.00775
scoring_system epss
scoring_elements 0.73578
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-50447
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219
5
reference_url https://devhub.checkmarx.com/cve-details/CVE-2023-50447
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://devhub.checkmarx.com/cve-details/CVE-2023-50447
6
reference_url https://duartecsantos.github.io/2023-01-02-CVE-2023-50447
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://duartecsantos.github.io/2023-01-02-CVE-2023-50447
7
reference_url https://duartecsantos.github.io/2024-01-02-CVE-2023-50447
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://duartecsantos.github.io/2024-01-02-CVE-2023-50447
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
10
reference_url https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a
11
reference_url https://github.com/python-pillow/Pillow/releases
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/
url https://github.com/python-pillow/Pillow/releases
12
reference_url https://lists.debian.org/debian-lts-announce/2024/01/msg00019.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/
url https://lists.debian.org/debian-lts-announce/2024/01/msg00019.html
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50447
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-50447
14
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#security
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#security
15
reference_url http://www.openwall.com/lists/oss-security/2024/01/20/1
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/
url http://www.openwall.com/lists/oss-security/2024/01/20/1
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061172
reference_id 1061172
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061172
17
reference_url https://duartecsantos.github.io/2024-01-02-CVE-2023-50447/
reference_id 2024-01-02-CVE-2023-50447
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/
url https://duartecsantos.github.io/2024-01-02-CVE-2023-50447/
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2259479
reference_id 2259479
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2259479
19
reference_url https://devhub.checkmarx.com/cve-details/CVE-2023-50447/
reference_id CVE-2023-50447
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/
url https://devhub.checkmarx.com/cve-details/CVE-2023-50447/
20
reference_url https://github.com/advisories/GHSA-3f63-hfp8-52jq
reference_id GHSA-3f63-hfp8-52jq
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3f63-hfp8-52jq
21
reference_url https://security.gentoo.org/glsa/202405-12
reference_id GLSA-202405-12
reference_type
scores
url https://security.gentoo.org/glsa/202405-12
22
reference_url https://access.redhat.com/errata/RHSA-2024:0754
reference_id RHSA-2024:0754
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0754
23
reference_url https://access.redhat.com/errata/RHSA-2024:0857
reference_id RHSA-2024:0857
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0857
24
reference_url https://access.redhat.com/errata/RHSA-2024:0893
reference_id RHSA-2024:0893
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0893
25
reference_url https://access.redhat.com/errata/RHSA-2024:1058
reference_id RHSA-2024:1058
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1058
26
reference_url https://access.redhat.com/errata/RHSA-2024:1059
reference_id RHSA-2024:1059
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1059
27
reference_url https://access.redhat.com/errata/RHSA-2024:1060
reference_id RHSA-2024:1060
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1060
28
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
29
reference_url https://usn.ubuntu.com/6618-1/
reference_id USN-6618-1
reference_type
scores
url https://usn.ubuntu.com/6618-1/
30
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@10.2.0
purl pkg:pypi/pillow@10.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-64n5-pugj-vue8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.2.0
aliases CVE-2023-50447, GHSA-3f63-hfp8-52jq
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ckw-ra54-z3b7
4
url VCID-brp2-dtrf-jyfr
vulnerability_id VCID-brp2-dtrf-jyfr
summary Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24303.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24303.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24303
reference_id
reference_type
scores
0
value 0.01428
scoring_system epss
scoring_elements 0.8067
published_at 2026-04-21T12:55:00Z
1
value 0.01428
scoring_system epss
scoring_elements 0.80668
published_at 2026-04-18T12:55:00Z
2
value 0.01428
scoring_system epss
scoring_elements 0.80666
published_at 2026-04-16T12:55:00Z
3
value 0.01428
scoring_system epss
scoring_elements 0.80637
published_at 2026-04-13T12:55:00Z
4
value 0.01428
scoring_system epss
scoring_elements 0.80645
published_at 2026-04-12T12:55:00Z
5
value 0.01428
scoring_system epss
scoring_elements 0.80658
published_at 2026-04-11T12:55:00Z
6
value 0.01428
scoring_system epss
scoring_elements 0.80642
published_at 2026-04-09T12:55:00Z
7
value 0.01428
scoring_system epss
scoring_elements 0.80632
published_at 2026-04-08T12:55:00Z
8
value 0.01428
scoring_system epss
scoring_elements 0.80605
published_at 2026-04-07T12:55:00Z
9
value 0.01428
scoring_system epss
scoring_elements 0.80612
published_at 2026-04-04T12:55:00Z
10
value 0.01428
scoring_system epss
scoring_elements 0.8059
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24303
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24303
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-9j59-75qj-795w
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-9j59-75qj-795w
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-168.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-168.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1172
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1172
8
reference_url https://github.com/python-pillow/Pillow/commit/10c4f75aaa383bd9671e923e3b91d391ea12d781
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/10c4f75aaa383bd9671e923e3b91d391ea12d781
9
reference_url https://github.com/python-pillow/Pillow/commit/143032103c9f2d55a0a7960bd3e630cb72549e8a
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/143032103c9f2d55a0a7960bd3e630cb72549e8a
10
reference_url https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26
11
reference_url https://github.com/python-pillow/Pillow/pull/3450
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/3450
12
reference_url https://github.com/python-pillow/Pillow/pull/6010
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/6010
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W4ZUXPKEX72O3E5IHBPVY5ZCPMJ4GHHV
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W4ZUXPKEX72O3E5IHBPVY5ZCPMJ4GHHV
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XR6UP2XONXOVXI4446VY72R63YRO2YTP
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XR6UP2XONXOVXI4446VY72R63YRO2YTP
15
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
16
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202211-10
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2052682
reference_id 2052682
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2052682
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24303
reference_id CVE-2022-24303
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24303
19
reference_url https://usn.ubuntu.com/5777-1/
reference_id USN-5777-1
reference_type
scores
url https://usn.ubuntu.com/5777-1/
20
reference_url https://usn.ubuntu.com/USN-5777-2/
reference_id USN-USN-5777-2
reference_type
scores
url https://usn.ubuntu.com/USN-5777-2/
fixed_packages
0
url pkg:pypi/pillow@9.0.1
purl pkg:pypi/pillow@9.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-5rv4-k1q9-zue2
2
vulnerability VCID-64n5-pugj-vue8
3
vulnerability VCID-9ckw-ra54-z3b7
4
vulnerability VCID-d7uf-zdbv-sba1
5
vulnerability VCID-n1hp-atex-ubh4
6
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.1
aliases BIT-pillow-2022-24303, CVE-2022-24303, GHSA-9j59-75qj-795w, GMS-2022-348, PYSEC-2022-168
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-brp2-dtrf-jyfr
5
url VCID-d7uf-zdbv-sba1
vulnerability_id VCID-d7uf-zdbv-sba1
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-175.yaml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-175.yaml
1
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
2
reference_url https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5129
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5129
5
reference_url https://github.com/advisories/GHSA-56pw-mpj4-fxww
reference_id GHSA-56pw-mpj4-fxww
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-56pw-mpj4-fxww
fixed_packages
0
url pkg:pypi/pillow@10.0.1
purl pkg:pypi/pillow@10.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-64n5-pugj-vue8
1
vulnerability VCID-9ckw-ra54-z3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.1
aliases GHSA-56pw-mpj4-fxww, GMS-2023-3137
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d7uf-zdbv-sba1
6
url VCID-n1hp-atex-ubh4
vulnerability_id VCID-n1hp-atex-ubh4
summary An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44271.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44271.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-44271
reference_id
reference_type
scores
0
value 0.00218
scoring_system epss
scoring_elements 0.44438
published_at 2026-04-18T12:55:00Z
1
value 0.00218
scoring_system epss
scoring_elements 0.44447
published_at 2026-04-16T12:55:00Z
2
value 0.00218
scoring_system epss
scoring_elements 0.44392
published_at 2026-04-12T12:55:00Z
3
value 0.00218
scoring_system epss
scoring_elements 0.44391
published_at 2026-04-13T12:55:00Z
4
value 0.00218
scoring_system epss
scoring_elements 0.44406
published_at 2026-04-09T12:55:00Z
5
value 0.00218
scoring_system epss
scoring_elements 0.44399
published_at 2026-04-08T12:55:00Z
6
value 0.00218
scoring_system epss
scoring_elements 0.44347
published_at 2026-04-07T12:55:00Z
7
value 0.00218
scoring_system epss
scoring_elements 0.44413
published_at 2026-04-04T12:55:00Z
8
value 0.00218
scoring_system epss
scoring_elements 0.44423
published_at 2026-04-11T12:55:00Z
9
value 0.00224
scoring_system epss
scoring_elements 0.45083
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-44271
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219
5
reference_url https://devhub.checkmarx.com/cve-details/CVE-2023-44271/
reference_id
reference_type
scores
url https://devhub.checkmarx.com/cve-details/CVE-2023-44271/
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-227.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-227.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7
10
reference_url https://github.com/python-pillow/Pillow/pull/7244
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/7244
11
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2247820
reference_id 2247820
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2247820
14
reference_url https://devhub.checkmarx.com/cve-details/CVE-2023-44271
reference_id CVE-2023-44271
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://devhub.checkmarx.com/cve-details/CVE-2023-44271
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-44271
reference_id CVE-2023-44271
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-44271
16
reference_url https://github.com/advisories/GHSA-8ghj-p4vj-mr35
reference_id GHSA-8ghj-p4vj-mr35
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8ghj-p4vj-mr35
17
reference_url https://security.gentoo.org/glsa/202405-12
reference_id GLSA-202405-12
reference_type
scores
url https://security.gentoo.org/glsa/202405-12
18
reference_url https://access.redhat.com/errata/RHSA-2024:0345
reference_id RHSA-2024:0345
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0345
19
reference_url https://access.redhat.com/errata/RHSA-2024:1057
reference_id RHSA-2024:1057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1057
20
reference_url https://access.redhat.com/errata/RHSA-2024:3005
reference_id RHSA-2024:3005
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3005
21
reference_url https://usn.ubuntu.com/6618-1/
reference_id USN-6618-1
reference_type
scores
url https://usn.ubuntu.com/6618-1/
22
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@10.0.0
purl pkg:pypi/pillow@10.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5rv4-k1q9-zue2
1
vulnerability VCID-64n5-pugj-vue8
2
vulnerability VCID-9ckw-ra54-z3b7
3
vulnerability VCID-d7uf-zdbv-sba1
4
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.0
aliases BIT-pillow-2023-44271, CVE-2023-44271, GHSA-8ghj-p4vj-mr35, PYSEC-2023-227
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n1hp-atex-ubh4
7
url VCID-q4bb-qnxe-8bfa
vulnerability_id VCID-q4bb-qnxe-8bfa
summary PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22817.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22817.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22817
reference_id
reference_type
scores
0
value 0.02781
scoring_system epss
scoring_elements 0.86079
published_at 2026-04-21T12:55:00Z
1
value 0.02781
scoring_system epss
scoring_elements 0.86086
published_at 2026-04-18T12:55:00Z
2
value 0.02781
scoring_system epss
scoring_elements 0.86081
published_at 2026-04-16T12:55:00Z
3
value 0.02781
scoring_system epss
scoring_elements 0.86064
published_at 2026-04-13T12:55:00Z
4
value 0.02781
scoring_system epss
scoring_elements 0.86068
published_at 2026-04-12T12:55:00Z
5
value 0.02781
scoring_system epss
scoring_elements 0.86071
published_at 2026-04-11T12:55:00Z
6
value 0.02781
scoring_system epss
scoring_elements 0.86057
published_at 2026-04-09T12:55:00Z
7
value 0.02781
scoring_system epss
scoring_elements 0.86047
published_at 2026-04-08T12:55:00Z
8
value 0.02781
scoring_system epss
scoring_elements 0.86027
published_at 2026-04-07T12:55:00Z
9
value 0.02781
scoring_system epss
scoring_elements 0.86028
published_at 2026-04-04T12:55:00Z
10
value 0.02781
scoring_system epss
scoring_elements 0.86011
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22817
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-8vj2-vxx3-667w
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-8vj2-vxx3-667w
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-10.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-10.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11
10
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
11
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
12
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
14
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://security.gentoo.org/glsa/202211-10
15
reference_url https://www.debian.org/security/2022/dsa-5053
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://www.debian.org/security/2022/dsa-5053
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2042527
reference_id 2042527
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2042527
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22817
reference_id CVE-2022-22817
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22817
18
reference_url https://access.redhat.com/errata/RHSA-2022:0609
reference_id RHSA-2022:0609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0609
19
reference_url https://access.redhat.com/errata/RHSA-2022:0643
reference_id RHSA-2022:0643
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0643
20
reference_url https://access.redhat.com/errata/RHSA-2022:0665
reference_id RHSA-2022:0665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0665
21
reference_url https://access.redhat.com/errata/RHSA-2022:0667
reference_id RHSA-2022:0667
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0667
22
reference_url https://access.redhat.com/errata/RHSA-2022:0669
reference_id RHSA-2022:0669
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0669
23
reference_url https://usn.ubuntu.com/5227-1/
reference_id USN-5227-1
reference_type
scores
url https://usn.ubuntu.com/5227-1/
24
reference_url https://usn.ubuntu.com/5227-2/
reference_id USN-5227-2
reference_type
scores
url https://usn.ubuntu.com/5227-2/
25
reference_url https://usn.ubuntu.com/5227-3/
reference_id USN-5227-3
reference_type
scores
url https://usn.ubuntu.com/5227-3/
fixed_packages
0
url pkg:pypi/pillow@9.0.1
purl pkg:pypi/pillow@9.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-5rv4-k1q9-zue2
2
vulnerability VCID-64n5-pugj-vue8
3
vulnerability VCID-9ckw-ra54-z3b7
4
vulnerability VCID-d7uf-zdbv-sba1
5
vulnerability VCID-n1hp-atex-ubh4
6
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.1
aliases BIT-pillow-2022-22817, CVE-2022-22817, GHSA-8vj2-vxx3-667w, PYSEC-2022-10
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q4bb-qnxe-8bfa
8
url VCID-vdzj-kqfy-d3b7
vulnerability_id VCID-vdzj-kqfy-d3b7
summary 
libwebp: OOB write in BuildHuffmanTable
Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4863.json
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4863.json
1
reference_url https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway
2
reference_url https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-4863
reference_id
reference_type
scores
0
value 0.93606
scoring_system epss
scoring_elements 0.99837
published_at 2026-04-18T12:55:00Z
1
value 0.93606
scoring_system epss
scoring_elements 0.99835
published_at 2026-04-07T12:55:00Z
2
value 0.93606
scoring_system epss
scoring_elements 0.99836
published_at 2026-04-13T12:55:00Z
3
value 0.94083
scoring_system epss
scoring_elements 0.99905
published_at 2026-04-12T12:55:00Z
4
value 0.94117
scoring_system epss
scoring_elements 0.99911
published_at 2026-04-21T12:55:00Z
5
value 0.94117
scoring_system epss
scoring_elements 0.99909
published_at 2026-04-04T12:55:00Z
6
value 0.94117
scoring_system epss
scoring_elements 0.9991
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-4863
4
reference_url https://blog.isosceles.com/the-webp-0day
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.isosceles.com/the-webp-0day
5
reference_url https://bugzilla.suse.com/show_bug.cgi?id=1215231
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://bugzilla.suse.com/show_bug.cgi?id=1215231
6
reference_url https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
7
reference_url https://crbug.com/1479274
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://crbug.com/1479274
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863
9
reference_url https://en.bandisoft.com/honeyview/history
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://en.bandisoft.com/honeyview/history
10
reference_url https://en.bandisoft.com/honeyview/history/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://en.bandisoft.com/honeyview/history/
11
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
12
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0
13
reference_url https://github.com/electron/electron/pull/39823
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/39823
14
reference_url https://github.com/electron/electron/pull/39825
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/39825
15
reference_url https://github.com/electron/electron/pull/39826
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/39826
16
reference_url https://github.com/electron/electron/pull/39827
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/39827
17
reference_url https://github.com/electron/electron/pull/39828
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/39828
18
reference_url https://github.com/ImageMagick/ImageMagick/discussions/6664
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/discussions/6664
19
reference_url https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc
20
reference_url https://github.com/jaredforth/webp/pull/30
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jaredforth/webp/pull/30
21
reference_url https://github.com/python-pillow/Pillow/pull/7395
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/7395
22
reference_url https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b
23
reference_url https://github.com/qnighy/libwebp-sys2-rs/pull/21
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/qnighy/libwebp-sys2-rs/pull/21
24
reference_url https://github.com/webmproject/libwebp
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/webmproject/libwebp
25
reference_url https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a
26
reference_url https://github.com/webmproject/libwebp/releases/tag/v1.3.2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://github.com/webmproject/libwebp/releases/tag/v1.3.2
27
reference_url https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html
28
reference_url https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html
29
reference_url https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html
30
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT
31
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/
32
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645
33
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/
34
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/
37
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX
38
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/
39
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB
40
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/
41
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I
42
reference_url https://news.ycombinator.com/item?id=37478403
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://news.ycombinator.com/item?id=37478403
43
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
44
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security
45
reference_url https://rustsec.org/advisories/RUSTSEC-2023-0060.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2023-0060.html
46
reference_url https://rustsec.org/advisories/RUSTSEC-2023-0061.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2023-0061.html
47
reference_url https://security.gentoo.org/glsa/202309-05
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://security.gentoo.org/glsa/202309-05
48
reference_url https://security.gentoo.org/glsa/202401-10
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://security.gentoo.org/glsa/202401-10
49
reference_url https://security.netapp.com/advisory/ntap-20230929-0011
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230929-0011
50
reference_url https://sethmlarson.dev/security-developer-in-residence-weekly-report-16
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://sethmlarson.dev/security-developer-in-residence-weekly-report-16
51
reference_url https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863
52
reference_url https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/
53
reference_url https://www.bentley.com/advisories/be-2023-0001
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.bentley.com/advisories/be-2023-0001
54
reference_url https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks
55
reference_url https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/
56
reference_url https://www.debian.org/security/2023/dsa-5496
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://www.debian.org/security/2023/dsa-5496
57
reference_url https://www.debian.org/security/2023/dsa-5497
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://www.debian.org/security/2023/dsa-5497
58
reference_url https://www.debian.org/security/2023/dsa-5498
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://www.debian.org/security/2023/dsa-5498
59
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2023-40
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value critical
scoring_system generic_textual
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2023-40
60
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
61
reference_url https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863
62
reference_url http://www.openwall.com/lists/oss-security/2023/09/21/4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/21/4
63
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/1
64
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/3
65
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/4
66
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/5
67
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/6
68
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/7
69
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/8
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/8
70
reference_url http://www.openwall.com/lists/oss-security/2023/09/26/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/26/1
71
reference_url http://www.openwall.com/lists/oss-security/2023/09/26/7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/26/7
72
reference_url http://www.openwall.com/lists/oss-security/2023/09/28/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/28/1
73
reference_url http://www.openwall.com/lists/oss-security/2023/09/28/2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/28/2
74
reference_url http://www.openwall.com/lists/oss-security/2023/09/28/4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/28/4
75
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051787
reference_id 1051787
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051787
76
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2238431
reference_id 2238431
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2238431
77
reference_url https://www.bentley.com/advisories/be-2023-0001/
reference_id be-2023-0001
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://www.bentley.com/advisories/be-2023-0001/
78
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863
reference_id CVE-2023-4863
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863
79
reference_url https://security-tracker.debian.org/tracker/CVE-2023-4863
reference_id CVE-2023-4863
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://security-tracker.debian.org/tracker/CVE-2023-4863
80
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/
reference_id KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/
81
reference_url https://security.netapp.com/advisory/ntap-20230929-0011/
reference_id ntap-20230929-0011
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://security.netapp.com/advisory/ntap-20230929-0011/
82
reference_url https://access.redhat.com/errata/RHSA-2023:5183
reference_id RHSA-2023:5183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5183
83
reference_url https://access.redhat.com/errata/RHSA-2023:5184
reference_id RHSA-2023:5184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5184
84
reference_url https://access.redhat.com/errata/RHSA-2023:5185
reference_id RHSA-2023:5185
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5185
85
reference_url https://access.redhat.com/errata/RHSA-2023:5186
reference_id RHSA-2023:5186
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5186
86
reference_url https://access.redhat.com/errata/RHSA-2023:5187
reference_id RHSA-2023:5187
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5187
87
reference_url https://access.redhat.com/errata/RHSA-2023:5188
reference_id RHSA-2023:5188
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5188
88
reference_url https://access.redhat.com/errata/RHSA-2023:5189
reference_id RHSA-2023:5189
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5189
89
reference_url https://access.redhat.com/errata/RHSA-2023:5190
reference_id RHSA-2023:5190
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5190
90
reference_url https://access.redhat.com/errata/RHSA-2023:5191
reference_id RHSA-2023:5191
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5191
91
reference_url https://access.redhat.com/errata/RHSA-2023:5192
reference_id RHSA-2023:5192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5192
92
reference_url https://access.redhat.com/errata/RHSA-2023:5197
reference_id RHSA-2023:5197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5197
93
reference_url https://access.redhat.com/errata/RHSA-2023:5198
reference_id RHSA-2023:5198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5198
94
reference_url https://access.redhat.com/errata/RHSA-2023:5200
reference_id RHSA-2023:5200
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5200
95
reference_url https://access.redhat.com/errata/RHSA-2023:5201
reference_id RHSA-2023:5201
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5201
96
reference_url https://access.redhat.com/errata/RHSA-2023:5202
reference_id RHSA-2023:5202
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5202
97
reference_url https://access.redhat.com/errata/RHSA-2023:5204
reference_id RHSA-2023:5204
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5204
98
reference_url https://access.redhat.com/errata/RHSA-2023:5205
reference_id RHSA-2023:5205
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5205
99
reference_url https://access.redhat.com/errata/RHSA-2023:5214
reference_id RHSA-2023:5214
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5214
100
reference_url https://access.redhat.com/errata/RHSA-2023:5222
reference_id RHSA-2023:5222
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5222
101
reference_url https://access.redhat.com/errata/RHSA-2023:5223
reference_id RHSA-2023:5223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5223
102
reference_url https://access.redhat.com/errata/RHSA-2023:5224
reference_id RHSA-2023:5224
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5224
103
reference_url https://access.redhat.com/errata/RHSA-2023:5236
reference_id RHSA-2023:5236
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5236
104
reference_url https://access.redhat.com/errata/RHSA-2023:5309
reference_id RHSA-2023:5309
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5309
105
reference_url https://usn.ubuntu.com/6367-1/
reference_id USN-6367-1
reference_type
scores
url https://usn.ubuntu.com/6367-1/
106
reference_url https://usn.ubuntu.com/6368-1/
reference_id USN-6368-1
reference_type
scores
url https://usn.ubuntu.com/6368-1/
107
reference_url https://usn.ubuntu.com/6369-1/
reference_id USN-6369-1
reference_type
scores
url https://usn.ubuntu.com/6369-1/
108
reference_url https://usn.ubuntu.com/6369-2/
reference_id USN-6369-2
reference_type
scores
url https://usn.ubuntu.com/6369-2/
fixed_packages
0
url pkg:pypi/pillow@10.0.1
purl pkg:pypi/pillow@10.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-64n5-pugj-vue8
1
vulnerability VCID-9ckw-ra54-z3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.1
aliases CVE-2023-4863, GHSA-j7hp-h8jx-5ppr
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vdzj-kqfy-d3b7
Fixing_vulnerabilities
0
url VCID-df4x-jt3h-17hx
vulnerability_id VCID-df4x-jt3h-17hx
summary path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22816.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22816.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22816
reference_id
reference_type
scores
0
value 0.00137
scoring_system epss
scoring_elements 0.3348
published_at 2026-04-21T12:55:00Z
1
value 0.00137
scoring_system epss
scoring_elements 0.33514
published_at 2026-04-18T12:55:00Z
2
value 0.00137
scoring_system epss
scoring_elements 0.33537
published_at 2026-04-16T12:55:00Z
3
value 0.00137
scoring_system epss
scoring_elements 0.33656
published_at 2026-04-04T12:55:00Z
4
value 0.00137
scoring_system epss
scoring_elements 0.33623
published_at 2026-04-02T12:55:00Z
5
value 0.00137
scoring_system epss
scoring_elements 0.33501
published_at 2026-04-13T12:55:00Z
6
value 0.00137
scoring_system epss
scoring_elements 0.33525
published_at 2026-04-12T12:55:00Z
7
value 0.00137
scoring_system epss
scoring_elements 0.33567
published_at 2026-04-11T12:55:00Z
8
value 0.00137
scoring_system epss
scoring_elements 0.33573
published_at 2026-04-09T12:55:00Z
9
value 0.00137
scoring_system epss
scoring_elements 0.33539
published_at 2026-04-08T12:55:00Z
10
value 0.00137
scoring_system epss
scoring_elements 0.33495
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22816
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-xrcv-f9gm-v42c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-xrcv-f9gm-v42c
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-9.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-9.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
10
reference_url https://github.com/python-pillow/Pillow/commit/5543e4e2d409cd9e409bc64cdc77be0af007a31f
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/5543e4e2d409cd9e409bc64cdc77be0af007a31f
11
reference_url https://github.com/python-pillow/Pillow/pull/5920
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5920
12
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
14
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202211-10
15
reference_url https://www.debian.org/security/2022/dsa-5053
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5053
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2042522
reference_id 2042522
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2042522
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22816
reference_id CVE-2022-22816
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22816
18
reference_url https://access.redhat.com/errata/RHSA-2022:0609
reference_id RHSA-2022:0609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0609
19
reference_url https://access.redhat.com/errata/RHSA-2022:0643
reference_id RHSA-2022:0643
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0643
20
reference_url https://access.redhat.com/errata/RHSA-2022:0665
reference_id RHSA-2022:0665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0665
21
reference_url https://access.redhat.com/errata/RHSA-2022:0667
reference_id RHSA-2022:0667
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0667
22
reference_url https://access.redhat.com/errata/RHSA-2022:0669
reference_id RHSA-2022:0669
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0669
23
reference_url https://usn.ubuntu.com/5227-1/
reference_id USN-5227-1
reference_type
scores
url https://usn.ubuntu.com/5227-1/
24
reference_url https://usn.ubuntu.com/5227-2/
reference_id USN-5227-2
reference_type
scores
url https://usn.ubuntu.com/5227-2/
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-5rv4-k1q9-zue2
2
vulnerability VCID-64n5-pugj-vue8
3
vulnerability VCID-9ckw-ra54-z3b7
4
vulnerability VCID-brp2-dtrf-jyfr
5
vulnerability VCID-d7uf-zdbv-sba1
6
vulnerability VCID-n1hp-atex-ubh4
7
vulnerability VCID-q4bb-qnxe-8bfa
8
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
aliases BIT-pillow-2022-22816, CVE-2022-22816, GHSA-xrcv-f9gm-v42c, PYSEC-2022-9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-df4x-jt3h-17hx
1
url VCID-dpc3-td9q-dyee
vulnerability_id VCID-dpc3-td9q-dyee
summary path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22815.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22815.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22815
reference_id
reference_type
scores
0
value 0.00095
scoring_system epss
scoring_elements 0.26277
published_at 2026-04-21T12:55:00Z
1
value 0.00095
scoring_system epss
scoring_elements 0.26314
published_at 2026-04-18T12:55:00Z
2
value 0.00095
scoring_system epss
scoring_elements 0.2634
published_at 2026-04-16T12:55:00Z
3
value 0.00095
scoring_system epss
scoring_elements 0.26332
published_at 2026-04-13T12:55:00Z
4
value 0.00095
scoring_system epss
scoring_elements 0.2639
published_at 2026-04-12T12:55:00Z
5
value 0.00095
scoring_system epss
scoring_elements 0.26436
published_at 2026-04-11T12:55:00Z
6
value 0.00095
scoring_system epss
scoring_elements 0.26428
published_at 2026-04-09T12:55:00Z
7
value 0.00095
scoring_system epss
scoring_elements 0.26377
published_at 2026-04-08T12:55:00Z
8
value 0.00095
scoring_system epss
scoring_elements 0.2631
published_at 2026-04-07T12:55:00Z
9
value 0.00095
scoring_system epss
scoring_elements 0.26529
published_at 2026-04-04T12:55:00Z
10
value 0.00095
scoring_system epss
scoring_elements 0.26486
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22815
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-pw3c-h7wp-cvhx
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-pw3c-h7wp-cvhx
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-8.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-8.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
10
reference_url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1187
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1187
11
reference_url https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c
12
reference_url https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c
13
reference_url https://github.com/python-pillow/Pillow/pull/5920
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5920
14
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
15
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
16
reference_url https://www.debian.org/security/2022/dsa-5053
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5053
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2042511
reference_id 2042511
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2042511
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22815
reference_id CVE-2022-22815
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22815
19
reference_url https://access.redhat.com/errata/RHSA-2022:0643
reference_id RHSA-2022:0643
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0643
20
reference_url https://usn.ubuntu.com/5227-1/
reference_id USN-5227-1
reference_type
scores
url https://usn.ubuntu.com/5227-1/
21
reference_url https://usn.ubuntu.com/5227-2/
reference_id USN-5227-2
reference_type
scores
url https://usn.ubuntu.com/5227-2/
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-5rv4-k1q9-zue2
2
vulnerability VCID-64n5-pugj-vue8
3
vulnerability VCID-9ckw-ra54-z3b7
4
vulnerability VCID-brp2-dtrf-jyfr
5
vulnerability VCID-d7uf-zdbv-sba1
6
vulnerability VCID-n1hp-atex-ubh4
7
vulnerability VCID-q4bb-qnxe-8bfa
8
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
aliases BIT-pillow-2022-22815, CVE-2022-22815, GHSA-pw3c-h7wp-cvhx, PYSEC-2022-8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dpc3-td9q-dyee
2
url VCID-g46h-p8jk-cuhc
vulnerability_id VCID-g46h-p8jk-cuhc
summary 
Infinite loop in Pillow
JpegImagePlugin may append an EOF marker to the end of a truncated file, so that the last segment of the data will still be processed by the decoder.

If the EOF marker is not detected as such however, this could lead to an infinite loop where JpegImagePlugin keeps trying to end the file.
references
0
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
1
reference_url https://github.com/python-pillow/Pillow/commit/baae9ec4b67c68e3adaf1208cf54e8de5e38a6fd
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/baae9ec4b67c68e3adaf1208cf54e8de5e38a6fd
2
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#ensure-jpegimageplugin-stops-at-the-end-of-a-truncated-file
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#ensure-jpegimageplugin-stops-at-the-end-of-a-truncated-file
3
reference_url https://github.com/advisories/GHSA-4fx9-vc88-q2xc
reference_id GHSA-4fx9-vc88-q2xc
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4fx9-vc88-q2xc
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-5rv4-k1q9-zue2
2
vulnerability VCID-64n5-pugj-vue8
3
vulnerability VCID-9ckw-ra54-z3b7
4
vulnerability VCID-brp2-dtrf-jyfr
5
vulnerability VCID-d7uf-zdbv-sba1
6
vulnerability VCID-n1hp-atex-ubh4
7
vulnerability VCID-q4bb-qnxe-8bfa
8
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
aliases GHSA-4fx9-vc88-q2xc, GMS-2022-347
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g46h-p8jk-cuhc
3
url VCID-q4bb-qnxe-8bfa
vulnerability_id VCID-q4bb-qnxe-8bfa
summary PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22817.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22817.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22817
reference_id
reference_type
scores
0
value 0.02781
scoring_system epss
scoring_elements 0.86079
published_at 2026-04-21T12:55:00Z
1
value 0.02781
scoring_system epss
scoring_elements 0.86086
published_at 2026-04-18T12:55:00Z
2
value 0.02781
scoring_system epss
scoring_elements 0.86081
published_at 2026-04-16T12:55:00Z
3
value 0.02781
scoring_system epss
scoring_elements 0.86064
published_at 2026-04-13T12:55:00Z
4
value 0.02781
scoring_system epss
scoring_elements 0.86068
published_at 2026-04-12T12:55:00Z
5
value 0.02781
scoring_system epss
scoring_elements 0.86071
published_at 2026-04-11T12:55:00Z
6
value 0.02781
scoring_system epss
scoring_elements 0.86057
published_at 2026-04-09T12:55:00Z
7
value 0.02781
scoring_system epss
scoring_elements 0.86047
published_at 2026-04-08T12:55:00Z
8
value 0.02781
scoring_system epss
scoring_elements 0.86027
published_at 2026-04-07T12:55:00Z
9
value 0.02781
scoring_system epss
scoring_elements 0.86028
published_at 2026-04-04T12:55:00Z
10
value 0.02781
scoring_system epss
scoring_elements 0.86011
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22817
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-8vj2-vxx3-667w
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-8vj2-vxx3-667w
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-10.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-10.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11
10
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
11
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
12
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
14
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://security.gentoo.org/glsa/202211-10
15
reference_url https://www.debian.org/security/2022/dsa-5053
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://www.debian.org/security/2022/dsa-5053
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2042527
reference_id 2042527
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2042527
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22817
reference_id CVE-2022-22817
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22817
18
reference_url https://access.redhat.com/errata/RHSA-2022:0609
reference_id RHSA-2022:0609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0609
19
reference_url https://access.redhat.com/errata/RHSA-2022:0643
reference_id RHSA-2022:0643
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0643
20
reference_url https://access.redhat.com/errata/RHSA-2022:0665
reference_id RHSA-2022:0665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0665
21
reference_url https://access.redhat.com/errata/RHSA-2022:0667
reference_id RHSA-2022:0667
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0667
22
reference_url https://access.redhat.com/errata/RHSA-2022:0669
reference_id RHSA-2022:0669
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0669
23
reference_url https://usn.ubuntu.com/5227-1/
reference_id USN-5227-1
reference_type
scores
url https://usn.ubuntu.com/5227-1/
24
reference_url https://usn.ubuntu.com/5227-2/
reference_id USN-5227-2
reference_type
scores
url https://usn.ubuntu.com/5227-2/
25
reference_url https://usn.ubuntu.com/5227-3/
reference_id USN-5227-3
reference_type
scores
url https://usn.ubuntu.com/5227-3/
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-5rv4-k1q9-zue2
2
vulnerability VCID-64n5-pugj-vue8
3
vulnerability VCID-9ckw-ra54-z3b7
4
vulnerability VCID-brp2-dtrf-jyfr
5
vulnerability VCID-d7uf-zdbv-sba1
6
vulnerability VCID-n1hp-atex-ubh4
7
vulnerability VCID-q4bb-qnxe-8bfa
8
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
1
url pkg:pypi/pillow@9.0.1
purl pkg:pypi/pillow@9.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-5rv4-k1q9-zue2
2
vulnerability VCID-64n5-pugj-vue8
3
vulnerability VCID-9ckw-ra54-z3b7
4
vulnerability VCID-d7uf-zdbv-sba1
5
vulnerability VCID-n1hp-atex-ubh4
6
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.1
aliases BIT-pillow-2022-22817, CVE-2022-22817, GHSA-8vj2-vxx3-667w, PYSEC-2022-10
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q4bb-qnxe-8bfa
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0