| 0 |
| url |
VCID-19e1-19hk-duet |
| vulnerability_id |
VCID-19e1-19hk-duet |
| summary |
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification). |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-45198 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0028 |
| scoring_system |
epss |
| scoring_elements |
0.5136 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.0028 |
| scoring_system |
epss |
| scoring_elements |
0.5141 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.0028 |
| scoring_system |
epss |
| scoring_elements |
0.5143 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.0028 |
| scoring_system |
epss |
| scoring_elements |
0.51422 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.0028 |
| scoring_system |
epss |
| scoring_elements |
0.51379 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.0028 |
| scoring_system |
epss |
| scoring_elements |
0.51393 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.0028 |
| scoring_system |
epss |
| scoring_elements |
0.51414 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0028 |
| scoring_system |
epss |
| scoring_elements |
0.51371 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.0028 |
| scoring_system |
epss |
| scoring_elements |
0.51373 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.0028 |
| scoring_system |
epss |
| scoring_elements |
0.51319 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00297 |
| scoring_system |
epss |
| scoring_elements |
0.53076 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-45198 |
|
| 1 |
| reference_url |
https://bugs.gentoo.org/855683 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://bugs.gentoo.org/855683 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
BIT-pillow-2022-45198, CVE-2022-45198, GHSA-m2vv-5vj5-2hm7, PYSEC-2022-42979
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-19e1-19hk-duet |
|
| 1 |
| url |
VCID-1vt7-c6e3-7qc8 |
| vulnerability_id |
VCID-1vt7-c6e3-7qc8 |
| summary |
The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-23437 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45314 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45402 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45452 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45456 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45405 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45404 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45434 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45412 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45357 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45414 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45394 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-23437 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.3.2 |
| purl |
pkg:pypi/pillow@8.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 2 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 3 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 4 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 5 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 6 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 7 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 8 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 9 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 10 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 11 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.3.2 |
|
|
| aliases |
BIT-pillow-2021-23437, CVE-2021-23437, GHSA-98vv-pw6r-q6q4, PYSEC-2021-317, SNYK-PYTHON-PILLOW-1319443
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| url |
VCID-366h-8f99-r7at |
| vulnerability_id |
VCID-366h-8f99-r7at |
| summary |
Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-0775 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01069 |
| scoring_system |
epss |
| scoring_elements |
0.77681 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.01069 |
| scoring_system |
epss |
| scoring_elements |
0.77664 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.01069 |
| scoring_system |
epss |
| scoring_elements |
0.77754 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.01069 |
| scoring_system |
epss |
| scoring_elements |
0.7776 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.01069 |
| scoring_system |
epss |
| scoring_elements |
0.77761 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.01069 |
| scoring_system |
epss |
| scoring_elements |
0.77724 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.01069 |
| scoring_system |
epss |
| scoring_elements |
0.7774 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01069 |
| scoring_system |
epss |
| scoring_elements |
0.77714 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.01069 |
| scoring_system |
epss |
| scoring_elements |
0.77709 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.01069 |
| scoring_system |
epss |
| scoring_elements |
0.77671 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.01069 |
| scoring_system |
epss |
| scoring_elements |
0.77698 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-0775 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2016-0775 |
| reference_id |
CVE-2016-0775 |
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:N/I:N/A:P |
|
| 1 |
| value |
6.5 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 3 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 4 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2016-0775 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@3.1.1 |
| purl |
pkg:pypi/pillow@3.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 8 |
| vulnerability |
VCID-8n2b-wvya-53e1 |
|
| 9 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 10 |
| vulnerability |
VCID-and9-6jty-pyeq |
|
| 11 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 12 |
| vulnerability |
VCID-b3au-rcgp-2fag |
|
| 13 |
| vulnerability |
VCID-b5a2-83ej-puaw |
|
| 14 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 15 |
| vulnerability |
VCID-cas2-jb3y-vyhz |
|
| 16 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 17 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 18 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 19 |
| vulnerability |
VCID-e3gp-zc2b-budg |
|
| 20 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 21 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 22 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 23 |
| vulnerability |
VCID-h4x7-7fke-mqgp |
|
| 24 |
| vulnerability |
VCID-haum-8zpg-6kgf |
|
| 25 |
| vulnerability |
VCID-hmmq-5772-bycm |
|
| 26 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 27 |
| vulnerability |
VCID-m3tm-h4q9-9yay |
|
| 28 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 29 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 30 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 31 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 32 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 33 |
| vulnerability |
VCID-sns1-ksqr-vbhr |
|
| 34 |
| vulnerability |
VCID-stft-hsk9-zfdy |
|
| 35 |
| vulnerability |
VCID-u1en-t8ux-uube |
|
| 36 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 37 |
| vulnerability |
VCID-uf5t-asns-tudp |
|
| 38 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 39 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 40 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 41 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 42 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 43 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 44 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
| 45 |
| vulnerability |
VCID-xk66-1d31-2qbk |
|
| 46 |
| vulnerability |
VCID-yccg-zw89-vqff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.1.1 |
|
|
| aliases |
CVE-2016-0775, GHSA-8xjv-v9xq-m5h9, PYSEC-2016-6
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-366h-8f99-r7at |
|
| 3 |
| url |
VCID-3qb5-8p8w-gkad |
| vulnerability_id |
VCID-3qb5-8p8w-gkad |
| summary |
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27921 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61759 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61937 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61933 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61889 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61909 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61921 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.619 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61885 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61835 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61864 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61833 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62258 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27921 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.1.1 |
| purl |
pkg:pypi/pillow@8.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 8 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 9 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 10 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 11 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 12 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 13 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 14 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 15 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 16 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 17 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 18 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 19 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 20 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 21 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 22 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 23 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1 |
|
| 1 |
| url |
pkg:pypi/pillow@8.1.2 |
| purl |
pkg:pypi/pillow@8.1.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 3 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 4 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 5 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 6 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 7 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 8 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 9 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 10 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 11 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 12 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 13 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 14 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 15 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 16 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 17 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 18 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 19 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 20 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2 |
|
|
| aliases |
BIT-pillow-2021-27921, CVE-2021-27921, GHSA-f4w8-cv6p-x6r5, PYSEC-2021-40
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3qb5-8p8w-gkad |
|
| 4 |
| url |
VCID-3uk9-eds5-rkgc |
| vulnerability_id |
VCID-3uk9-eds5-rkgc |
| summary |
An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-28675 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.30183 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.3008 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.301 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.30086 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.30135 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.30179 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.30176 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.3014 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.30081 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.30263 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.30214 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.00148 |
| scoring_system |
epss |
| scoring_elements |
0.35257 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-28675 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.2.0 |
| purl |
pkg:pypi/pillow@8.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 3 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 4 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 5 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 6 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 7 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 8 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 9 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 10 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 11 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 12 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 13 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0 |
|
|
| aliases |
BIT-pillow-2021-28675, CVE-2021-28675, GHSA-g6rj-rv7j-xwp4, PYSEC-2021-139
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3uk9-eds5-rkgc |
|
| 5 |
| url |
VCID-53ac-ceq4-qkhf |
| vulnerability_id |
VCID-53ac-ceq4-qkhf |
| summary |
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27922 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00145 |
| scoring_system |
epss |
| scoring_elements |
0.34909 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00145 |
| scoring_system |
epss |
| scoring_elements |
0.34859 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.00145 |
| scoring_system |
epss |
| scoring_elements |
0.34701 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00145 |
| scoring_system |
epss |
| scoring_elements |
0.34814 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00145 |
| scoring_system |
epss |
| scoring_elements |
0.34936 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00145 |
| scoring_system |
epss |
| scoring_elements |
0.34853 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.00145 |
| scoring_system |
epss |
| scoring_elements |
0.34869 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.00145 |
| scoring_system |
epss |
| scoring_elements |
0.3483 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00145 |
| scoring_system |
epss |
| scoring_elements |
0.34854 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00145 |
| scoring_system |
epss |
| scoring_elements |
0.34891 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00145 |
| scoring_system |
epss |
| scoring_elements |
0.34887 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54591 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27922 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.1.1 |
| purl |
pkg:pypi/pillow@8.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 8 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 9 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 10 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 11 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 12 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 13 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 14 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 15 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 16 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 17 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 18 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 19 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 20 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 21 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 22 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 23 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1 |
|
| 1 |
| url |
pkg:pypi/pillow@8.1.2 |
| purl |
pkg:pypi/pillow@8.1.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 3 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 4 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 5 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 6 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 7 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 8 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 9 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 10 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 11 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 12 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 13 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 14 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 15 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 16 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 17 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 18 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 19 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 20 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2 |
|
|
| aliases |
BIT-pillow-2021-27922, CVE-2021-27922, GHSA-3wvg-mj6g-m9cv, PYSEC-2021-41
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-53ac-ceq4-qkhf |
|
| 6 |
| url |
VCID-5rv4-k1q9-zue2 |
| vulnerability_id |
VCID-5rv4-k1q9-zue2 |
| summary |
Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2. |
| references |
|
| fixed_packages |
|
| aliases |
PYSEC-2023-175
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5rv4-k1q9-zue2 |
|
| 7 |
| url |
VCID-64n5-pugj-vue8 |
| vulnerability_id |
VCID-64n5-pugj-vue8 |
| summary |
Pillow buffer overflow vulnerability
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-28219 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49512 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49541 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49543 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49496 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49494 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49522 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49505 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49509 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49454 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49502 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49475 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-28219 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
7.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
| reference_url |
https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
6.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:R |
|
| 2 |
| value |
7.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-03T18:09:55Z/ |
|
|
| url |
https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-28219, GHSA-44wm-f244-xhp3
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-64n5-pugj-vue8 |
|
| 8 |
| url |
VCID-6gyu-fzpg-c3bn |
| vulnerability_id |
VCID-6gyu-fzpg-c3bn |
| summary |
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-35654 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00199 |
| scoring_system |
epss |
| scoring_elements |
0.41993 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00199 |
| scoring_system |
epss |
| scoring_elements |
0.42089 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00199 |
| scoring_system |
epss |
| scoring_elements |
0.42038 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00199 |
| scoring_system |
epss |
| scoring_elements |
0.42063 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.00199 |
| scoring_system |
epss |
| scoring_elements |
0.42101 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00199 |
| scoring_system |
epss |
| scoring_elements |
0.42078 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00199 |
| scoring_system |
epss |
| scoring_elements |
0.41988 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00199 |
| scoring_system |
epss |
| scoring_elements |
0.42066 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00199 |
| scoring_system |
epss |
| scoring_elements |
0.42014 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00199 |
| scoring_system |
epss |
| scoring_elements |
0.42077 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00199 |
| scoring_system |
epss |
| scoring_elements |
0.42049 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-35654 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.1.0 |
| purl |
pkg:pypi/pillow@8.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 8 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 9 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 10 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 11 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 12 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 13 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 14 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 15 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 16 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 17 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 18 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 19 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 20 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 21 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 22 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 23 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 24 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 25 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 26 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 27 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 28 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.0 |
|
|
| aliases |
BIT-pillow-2020-35654, CVE-2020-35654, GHSA-vqcj-wrf2-7v73, PYSEC-2021-70
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6gyu-fzpg-c3bn |
|
| 9 |
| url |
VCID-8n2b-wvya-53e1 |
| vulnerability_id |
VCID-8n2b-wvya-53e1 |
| summary |
In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-10378 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54975 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54994 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54957 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.5498 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54998 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54872 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54987 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54937 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54968 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54942 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54986 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-10378 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
| reference_url |
https://usn.ubuntu.com/4430-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4430-1 |
|
| 19 |
|
| 20 |
| reference_url |
https://usn.ubuntu.com/4430-2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4430-2 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@7.1.0 |
| purl |
pkg:pypi/pillow@7.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 8 |
| vulnerability |
VCID-7bjx-gkf7-cke9 |
|
| 9 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 10 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 11 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 12 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 13 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 14 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 15 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 16 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 17 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 18 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 19 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 20 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 21 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 22 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 23 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 24 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 25 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 26 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 27 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 28 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 29 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 30 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 31 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0 |
|
|
| aliases |
BIT-pillow-2020-10378, CVE-2020-10378, GHSA-3xv8-3j54-hgrp, PYSEC-2020-77
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8n2b-wvya-53e1 |
|
| 10 |
| url |
VCID-9ckw-ra54-z3b7 |
| vulnerability_id |
VCID-9ckw-ra54-z3b7 |
| summary |
Arbitrary Code Execution in Pillow
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-50447 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00713 |
| scoring_system |
epss |
| scoring_elements |
0.72354 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00754 |
| scoring_system |
epss |
| scoring_elements |
0.73261 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00754 |
| scoring_system |
epss |
| scoring_elements |
0.73218 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00754 |
| scoring_system |
epss |
| scoring_elements |
0.73225 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00754 |
| scoring_system |
epss |
| scoring_elements |
0.73244 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00754 |
| scoring_system |
epss |
| scoring_elements |
0.73219 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00754 |
| scoring_system |
epss |
| scoring_elements |
0.7327 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.00775 |
| scoring_system |
epss |
| scoring_elements |
0.73555 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00775 |
| scoring_system |
epss |
| scoring_elements |
0.73586 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.00775 |
| scoring_system |
epss |
| scoring_elements |
0.7355 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00775 |
| scoring_system |
epss |
| scoring_elements |
0.73578 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-50447 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 10 |
|
| 11 |
| reference_url |
https://github.com/python-pillow/Pillow/releases |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/ |
|
|
| url |
https://github.com/python-pillow/Pillow/releases |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
| reference_url |
http://www.openwall.com/lists/oss-security/2024/01/20/1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/ |
|
|
| url |
http://www.openwall.com/lists/oss-security/2024/01/20/1 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-50447, GHSA-3f63-hfp8-52jq
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9ckw-ra54-z3b7 |
|
| 11 |
| url |
VCID-and9-6jty-pyeq |
| vulnerability_id |
VCID-and9-6jty-pyeq |
| summary |
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-10379 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0036 |
| scoring_system |
epss |
| scoring_elements |
0.58219 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0036 |
| scoring_system |
epss |
| scoring_elements |
0.58245 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.0036 |
| scoring_system |
epss |
| scoring_elements |
0.58242 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.0036 |
| scoring_system |
epss |
| scoring_elements |
0.58211 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.0036 |
| scoring_system |
epss |
| scoring_elements |
0.5823 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.0036 |
| scoring_system |
epss |
| scoring_elements |
0.58254 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.0036 |
| scoring_system |
epss |
| scoring_elements |
0.58232 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0036 |
| scoring_system |
epss |
| scoring_elements |
0.58177 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.0036 |
| scoring_system |
epss |
| scoring_elements |
0.58205 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.0036 |
| scoring_system |
epss |
| scoring_elements |
0.58185 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.0036 |
| scoring_system |
epss |
| scoring_elements |
0.58099 |
| published_at |
2026-04-01T12:55:00Z |
|
| 11 |
| value |
0.0036 |
| scoring_system |
epss |
| scoring_elements |
0.58236 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-10379 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
| reference_url |
https://usn.ubuntu.com/4430-2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4430-2 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@7.1.0 |
| purl |
pkg:pypi/pillow@7.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 8 |
| vulnerability |
VCID-7bjx-gkf7-cke9 |
|
| 9 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 10 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 11 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 12 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 13 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 14 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 15 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 16 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 17 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 18 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 19 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 20 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 21 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 22 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 23 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 24 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 25 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 26 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 27 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 28 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 29 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 30 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 31 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0 |
|
|
| aliases |
BIT-pillow-2020-10379, CVE-2020-10379, GHSA-8843-m7mw-mxqm, PYSEC-2020-78
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-and9-6jty-pyeq |
|
| 12 |
| url |
VCID-aubw-tsmn-ffcq |
| vulnerability_id |
VCID-aubw-tsmn-ffcq |
| summary |
An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-28677 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00263 |
| scoring_system |
epss |
| scoring_elements |
0.49763 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00263 |
| scoring_system |
epss |
| scoring_elements |
0.49716 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00263 |
| scoring_system |
epss |
| scoring_elements |
0.49715 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00263 |
| scoring_system |
epss |
| scoring_elements |
0.49743 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00263 |
| scoring_system |
epss |
| scoring_elements |
0.49731 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00263 |
| scoring_system |
epss |
| scoring_elements |
0.49676 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00263 |
| scoring_system |
epss |
| scoring_elements |
0.49726 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00263 |
| scoring_system |
epss |
| scoring_elements |
0.49698 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00263 |
| scoring_system |
epss |
| scoring_elements |
0.49667 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.00271 |
| scoring_system |
epss |
| scoring_elements |
0.5057 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-28677 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.2.0 |
| purl |
pkg:pypi/pillow@8.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 3 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 4 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 5 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 6 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 7 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 8 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 9 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 10 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 11 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 12 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 13 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0 |
|
|
| aliases |
BIT-pillow-2021-28677, CVE-2021-28677, GHSA-q5hq-fp76-qmrc, PYSEC-2021-93
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-aubw-tsmn-ffcq |
|
| 13 |
| url |
VCID-avx2-mahw-mqes |
| vulnerability_id |
VCID-avx2-mahw-mqes |
| summary |
Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-4009 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.05263 |
| scoring_system |
epss |
| scoring_elements |
0.89986 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.05263 |
| scoring_system |
epss |
| scoring_elements |
0.89948 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.05263 |
| scoring_system |
epss |
| scoring_elements |
0.90003 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.05263 |
| scoring_system |
epss |
| scoring_elements |
0.90006 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.05263 |
| scoring_system |
epss |
| scoring_elements |
0.90005 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.05263 |
| scoring_system |
epss |
| scoring_elements |
0.8999 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.05263 |
| scoring_system |
epss |
| scoring_elements |
0.89997 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.05263 |
| scoring_system |
epss |
| scoring_elements |
0.89998 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.05263 |
| scoring_system |
epss |
| scoring_elements |
0.8997 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.05263 |
| scoring_system |
epss |
| scoring_elements |
0.89991 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.05263 |
| scoring_system |
epss |
| scoring_elements |
0.8995 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.05263 |
| scoring_system |
epss |
| scoring_elements |
0.89963 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-4009 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/advisories/GHSA-hvr8-466p-75rh |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-hvr8-466p-75rh |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
http://www.securityfocus.com/bid/86064 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.securityfocus.com/bid/86064 |
|
| 12 |
|
| 13 |
|
| 14 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2016-4009 |
| reference_id |
CVE-2016-4009 |
| reference_type |
|
| scores |
| 0 |
| value |
10.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:C/I:C/A:C |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 4 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2016-4009 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@3.1.1 |
| purl |
pkg:pypi/pillow@3.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 8 |
| vulnerability |
VCID-8n2b-wvya-53e1 |
|
| 9 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 10 |
| vulnerability |
VCID-and9-6jty-pyeq |
|
| 11 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 12 |
| vulnerability |
VCID-b3au-rcgp-2fag |
|
| 13 |
| vulnerability |
VCID-b5a2-83ej-puaw |
|
| 14 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 15 |
| vulnerability |
VCID-cas2-jb3y-vyhz |
|
| 16 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 17 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 18 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 19 |
| vulnerability |
VCID-e3gp-zc2b-budg |
|
| 20 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 21 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 22 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 23 |
| vulnerability |
VCID-h4x7-7fke-mqgp |
|
| 24 |
| vulnerability |
VCID-haum-8zpg-6kgf |
|
| 25 |
| vulnerability |
VCID-hmmq-5772-bycm |
|
| 26 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 27 |
| vulnerability |
VCID-m3tm-h4q9-9yay |
|
| 28 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 29 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 30 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 31 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 32 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 33 |
| vulnerability |
VCID-sns1-ksqr-vbhr |
|
| 34 |
| vulnerability |
VCID-stft-hsk9-zfdy |
|
| 35 |
| vulnerability |
VCID-u1en-t8ux-uube |
|
| 36 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 37 |
| vulnerability |
VCID-uf5t-asns-tudp |
|
| 38 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 39 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 40 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 41 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 42 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 43 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 44 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
| 45 |
| vulnerability |
VCID-xk66-1d31-2qbk |
|
| 46 |
| vulnerability |
VCID-yccg-zw89-vqff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.1.1 |
|
|
| aliases |
CVE-2016-4009, GHSA-hvr8-466p-75rh, PYSEC-2016-7
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-avx2-mahw-mqes |
|
| 14 |
| url |
VCID-b3au-rcgp-2fag |
| vulnerability_id |
VCID-b3au-rcgp-2fag |
| summary |
There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-19911 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00965 |
| scoring_system |
epss |
| scoring_elements |
0.76597 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00965 |
| scoring_system |
epss |
| scoring_elements |
0.76609 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00965 |
| scoring_system |
epss |
| scoring_elements |
0.76506 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00965 |
| scoring_system |
epss |
| scoring_elements |
0.76606 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00965 |
| scoring_system |
epss |
| scoring_elements |
0.76564 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00965 |
| scoring_system |
epss |
| scoring_elements |
0.76592 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00965 |
| scoring_system |
epss |
| scoring_elements |
0.76571 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00965 |
| scoring_system |
epss |
| scoring_elements |
0.76511 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00965 |
| scoring_system |
epss |
| scoring_elements |
0.7654 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00965 |
| scoring_system |
epss |
| scoring_elements |
0.76522 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00965 |
| scoring_system |
epss |
| scoring_elements |
0.76554 |
| published_at |
2026-04-08T12:55:00Z |
|
| 11 |
| value |
0.00965 |
| scoring_system |
epss |
| scoring_elements |
0.76565 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-19911 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
| reference_url |
https://usn.ubuntu.com/4272-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4272-1 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@6.2.2 |
| purl |
pkg:pypi/pillow@6.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 8 |
| vulnerability |
VCID-7bjx-gkf7-cke9 |
|
| 9 |
| vulnerability |
VCID-8n2b-wvya-53e1 |
|
| 10 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 11 |
| vulnerability |
VCID-and9-6jty-pyeq |
|
| 12 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 13 |
| vulnerability |
VCID-b5a2-83ej-puaw |
|
| 14 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 15 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 16 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 17 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 18 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 19 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 20 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 21 |
| vulnerability |
VCID-haum-8zpg-6kgf |
|
| 22 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 23 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 24 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 25 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 26 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 27 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 28 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 29 |
| vulnerability |
VCID-uf5t-asns-tudp |
|
| 30 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 31 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 32 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 33 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 34 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 35 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 36 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2 |
|
|
| aliases |
CVE-2019-19911, GHSA-5gm3-px64-rw72, PYSEC-2020-172
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b3au-rcgp-2fag |
|
| 15 |
| url |
VCID-b5a2-83ej-puaw |
| vulnerability_id |
VCID-b5a2-83ej-puaw |
| summary |
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-11538 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50181 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50206 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50205 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.5016 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50161 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50187 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.5017 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50177 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50123 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50145 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50173 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50111 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-11538 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/advisories/GHSA-43fq-w8qq-v88h |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-43fq-w8qq-v88h |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
| reference_url |
https://usn.ubuntu.com/4430-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4430-1 |
|
| 20 |
|
| 21 |
| reference_url |
https://usn.ubuntu.com/4430-2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4430-2 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@7.1.0 |
| purl |
pkg:pypi/pillow@7.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 8 |
| vulnerability |
VCID-7bjx-gkf7-cke9 |
|
| 9 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 10 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 11 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 12 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 13 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 14 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 15 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 16 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 17 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 18 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 19 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 20 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 21 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 22 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 23 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 24 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 25 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 26 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 27 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 28 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 29 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 30 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 31 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0 |
|
|
| aliases |
BIT-pillow-2020-11538, CVE-2020-11538, GHSA-43fq-w8qq-v88h, PYSEC-2020-80
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b5a2-83ej-puaw |
|
| 16 |
| url |
VCID-brp2-dtrf-jyfr |
| vulnerability_id |
VCID-brp2-dtrf-jyfr |
| summary |
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24303 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01428 |
| scoring_system |
epss |
| scoring_elements |
0.8067 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.01428 |
| scoring_system |
epss |
| scoring_elements |
0.80668 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.01428 |
| scoring_system |
epss |
| scoring_elements |
0.80666 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.01428 |
| scoring_system |
epss |
| scoring_elements |
0.80637 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.01428 |
| scoring_system |
epss |
| scoring_elements |
0.80645 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.01428 |
| scoring_system |
epss |
| scoring_elements |
0.80658 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.01428 |
| scoring_system |
epss |
| scoring_elements |
0.80642 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01428 |
| scoring_system |
epss |
| scoring_elements |
0.80632 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.01428 |
| scoring_system |
epss |
| scoring_elements |
0.80605 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.01428 |
| scoring_system |
epss |
| scoring_elements |
0.80612 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.01428 |
| scoring_system |
epss |
| scoring_elements |
0.8059 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24303 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
|
| 1 |
| value |
8.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
BIT-pillow-2022-24303, CVE-2022-24303, GHSA-9j59-75qj-795w, GMS-2022-348, PYSEC-2022-168
|
| risk_score |
4.1 |
| exploitability |
0.5 |
| weighted_severity |
8.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-brp2-dtrf-jyfr |
|
| 17 |
| url |
VCID-cas2-jb3y-vyhz |
| vulnerability_id |
VCID-cas2-jb3y-vyhz |
| summary |
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-16865 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03942 |
| scoring_system |
epss |
| scoring_elements |
0.88313 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.03942 |
| scoring_system |
epss |
| scoring_elements |
0.88317 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.03942 |
| scoring_system |
epss |
| scoring_elements |
0.88336 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.03942 |
| scoring_system |
epss |
| scoring_elements |
0.88353 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.03942 |
| scoring_system |
epss |
| scoring_elements |
0.88345 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.03942 |
| scoring_system |
epss |
| scoring_elements |
0.88358 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.03942 |
| scoring_system |
epss |
| scoring_elements |
0.88355 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.03942 |
| scoring_system |
epss |
| scoring_elements |
0.88354 |
| published_at |
2026-04-21T12:55:00Z |
|
| 8 |
| value |
0.03942 |
| scoring_system |
epss |
| scoring_elements |
0.88343 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.03942 |
| scoring_system |
epss |
| scoring_elements |
0.8829 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.03942 |
| scoring_system |
epss |
| scoring_elements |
0.88298 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-16865 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2019-16865 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:N/I:N/A:P |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2019-16865 |
|
| 22 |
|
| 23 |
|
| 24 |
| reference_url |
https://usn.ubuntu.com/4272-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4272-1 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@6.2.0 |
| purl |
pkg:pypi/pillow@6.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 8 |
| vulnerability |
VCID-7bjx-gkf7-cke9 |
|
| 9 |
| vulnerability |
VCID-8n2b-wvya-53e1 |
|
| 10 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 11 |
| vulnerability |
VCID-and9-6jty-pyeq |
|
| 12 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 13 |
| vulnerability |
VCID-b3au-rcgp-2fag |
|
| 14 |
| vulnerability |
VCID-b5a2-83ej-puaw |
|
| 15 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 16 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 17 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 18 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 19 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 20 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 21 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 22 |
| vulnerability |
VCID-h4x7-7fke-mqgp |
|
| 23 |
| vulnerability |
VCID-haum-8zpg-6kgf |
|
| 24 |
| vulnerability |
VCID-hmmq-5772-bycm |
|
| 25 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 26 |
| vulnerability |
VCID-m3tm-h4q9-9yay |
|
| 27 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 28 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 29 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 30 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 31 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 32 |
| vulnerability |
VCID-sns1-ksqr-vbhr |
|
| 33 |
| vulnerability |
VCID-stft-hsk9-zfdy |
|
| 34 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 35 |
| vulnerability |
VCID-uf5t-asns-tudp |
|
| 36 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 37 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 38 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 39 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 40 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 41 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 42 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.0 |
|
|
| aliases |
CVE-2019-16865, GHSA-j7mj-748x-7p78, PYSEC-2019-110
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cas2-jb3y-vyhz |
|
| 18 |
|
| 19 |
| url |
VCID-df4x-jt3h-17hx |
| vulnerability_id |
VCID-df4x-jt3h-17hx |
| summary |
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-22816 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00137 |
| scoring_system |
epss |
| scoring_elements |
0.3348 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00137 |
| scoring_system |
epss |
| scoring_elements |
0.33514 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00137 |
| scoring_system |
epss |
| scoring_elements |
0.33537 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00137 |
| scoring_system |
epss |
| scoring_elements |
0.33656 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00137 |
| scoring_system |
epss |
| scoring_elements |
0.33623 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00137 |
| scoring_system |
epss |
| scoring_elements |
0.33501 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00137 |
| scoring_system |
epss |
| scoring_elements |
0.33525 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00137 |
| scoring_system |
epss |
| scoring_elements |
0.33567 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00137 |
| scoring_system |
epss |
| scoring_elements |
0.33573 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00137 |
| scoring_system |
epss |
| scoring_elements |
0.33539 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00137 |
| scoring_system |
epss |
| scoring_elements |
0.33495 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-22816 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/advisories/GHSA-xrcv-f9gm-v42c |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-xrcv-f9gm-v42c |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
|
| aliases |
BIT-pillow-2022-22816, CVE-2022-22816, GHSA-xrcv-f9gm-v42c, PYSEC-2022-9
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-df4x-jt3h-17hx |
|
| 20 |
| url |
VCID-dgds-v95g-pbcv |
| vulnerability_id |
VCID-dgds-v95g-pbcv |
| summary |
Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-0740 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.3496 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.3502 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.35005 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00148 |
| scoring_system |
epss |
| scoring_elements |
0.35245 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00148 |
| scoring_system |
epss |
| scoring_elements |
0.35221 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00148 |
| scoring_system |
epss |
| scoring_elements |
0.35096 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00148 |
| scoring_system |
epss |
| scoring_elements |
0.35296 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00148 |
| scoring_system |
epss |
| scoring_elements |
0.35325 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00148 |
| scoring_system |
epss |
| scoring_elements |
0.35207 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00148 |
| scoring_system |
epss |
| scoring_elements |
0.35252 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00148 |
| scoring_system |
epss |
| scoring_elements |
0.35277 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00148 |
| scoring_system |
epss |
| scoring_elements |
0.3528 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-0740 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/advisories/GHSA-hggx-3h72-49ww |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-hggx-3h72-49ww |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2016-0740 |
| reference_id |
CVE-2016-0740 |
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:N/I:P/A:N |
|
| 1 |
| value |
6.5 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
|
| 2 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
|
| 3 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 4 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2016-0740 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@3.1.1 |
| purl |
pkg:pypi/pillow@3.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 8 |
| vulnerability |
VCID-8n2b-wvya-53e1 |
|
| 9 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 10 |
| vulnerability |
VCID-and9-6jty-pyeq |
|
| 11 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 12 |
| vulnerability |
VCID-b3au-rcgp-2fag |
|
| 13 |
| vulnerability |
VCID-b5a2-83ej-puaw |
|
| 14 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 15 |
| vulnerability |
VCID-cas2-jb3y-vyhz |
|
| 16 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 17 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 18 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 19 |
| vulnerability |
VCID-e3gp-zc2b-budg |
|
| 20 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 21 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 22 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 23 |
| vulnerability |
VCID-h4x7-7fke-mqgp |
|
| 24 |
| vulnerability |
VCID-haum-8zpg-6kgf |
|
| 25 |
| vulnerability |
VCID-hmmq-5772-bycm |
|
| 26 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 27 |
| vulnerability |
VCID-m3tm-h4q9-9yay |
|
| 28 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 29 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 30 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 31 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 32 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 33 |
| vulnerability |
VCID-sns1-ksqr-vbhr |
|
| 34 |
| vulnerability |
VCID-stft-hsk9-zfdy |
|
| 35 |
| vulnerability |
VCID-u1en-t8ux-uube |
|
| 36 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 37 |
| vulnerability |
VCID-uf5t-asns-tudp |
|
| 38 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 39 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 40 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 41 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 42 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 43 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 44 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
| 45 |
| vulnerability |
VCID-xk66-1d31-2qbk |
|
| 46 |
| vulnerability |
VCID-yccg-zw89-vqff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.1.1 |
|
|
| aliases |
CVE-2016-0740, GHSA-hggx-3h72-49ww, PYSEC-2016-5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dgds-v95g-pbcv |
|
| 21 |
| url |
VCID-dgy9-uh9h-xfft |
| vulnerability_id |
VCID-dgy9-uh9h-xfft |
| summary |
The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-1932 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00098 |
| scoring_system |
epss |
| scoring_elements |
0.26981 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00098 |
| scoring_system |
epss |
| scoring_elements |
0.27037 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00098 |
| scoring_system |
epss |
| scoring_elements |
0.27082 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00098 |
| scoring_system |
epss |
| scoring_elements |
0.27078 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00098 |
| scoring_system |
epss |
| scoring_elements |
0.27033 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00098 |
| scoring_system |
epss |
| scoring_elements |
0.26989 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.00098 |
| scoring_system |
epss |
| scoring_elements |
0.26964 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.00098 |
| scoring_system |
epss |
| scoring_elements |
0.27172 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00098 |
| scoring_system |
epss |
| scoring_elements |
0.26928 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.32904 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00133 |
| scoring_system |
epss |
| scoring_elements |
0.33034 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-1932 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.5 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
| reference_url |
http://www.ubuntu.com/usn/USN-2168-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.5 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2168-1 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@2.3.1 |
| purl |
pkg:pypi/pillow@2.3.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-366h-8f99-r7at |
|
| 3 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 4 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 5 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 6 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 7 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 8 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 9 |
| vulnerability |
VCID-8n2b-wvya-53e1 |
|
| 10 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 11 |
| vulnerability |
VCID-and9-6jty-pyeq |
|
| 12 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 13 |
| vulnerability |
VCID-avx2-mahw-mqes |
|
| 14 |
| vulnerability |
VCID-b3au-rcgp-2fag |
|
| 15 |
| vulnerability |
VCID-b5a2-83ej-puaw |
|
| 16 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 17 |
| vulnerability |
VCID-cas2-jb3y-vyhz |
|
| 18 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 19 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 20 |
| vulnerability |
VCID-dgds-v95g-pbcv |
|
| 21 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 22 |
| vulnerability |
VCID-e3gp-zc2b-budg |
|
| 23 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 24 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 25 |
| vulnerability |
VCID-gmd5-pbxc-a3gd |
|
| 26 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 27 |
| vulnerability |
VCID-h4x7-7fke-mqgp |
|
| 28 |
| vulnerability |
VCID-haum-8zpg-6kgf |
|
| 29 |
| vulnerability |
VCID-hmmq-5772-bycm |
|
| 30 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 31 |
| vulnerability |
VCID-m3tm-h4q9-9yay |
|
| 32 |
| vulnerability |
VCID-ma2g-2f8d-dqa9 |
|
| 33 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 34 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 35 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 36 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 37 |
| vulnerability |
VCID-qjqr-jyjn-xfh9 |
|
| 38 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 39 |
| vulnerability |
VCID-sns1-ksqr-vbhr |
|
| 40 |
| vulnerability |
VCID-stft-hsk9-zfdy |
|
| 41 |
| vulnerability |
VCID-u1en-t8ux-uube |
|
| 42 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 43 |
| vulnerability |
VCID-uf5t-asns-tudp |
|
| 44 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 45 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 46 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 47 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 48 |
| vulnerability |
VCID-vz9s-jqpb-2ybf |
|
| 49 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 50 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 51 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
| 52 |
| vulnerability |
VCID-xk66-1d31-2qbk |
|
| 53 |
| vulnerability |
VCID-zmd3-henq-r7bd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.3.1 |
|
|
| aliases |
CVE-2014-1932, GHSA-x895-2wrm-hvp7, PYSEC-2014-22
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dgy9-uh9h-xfft |
|
| 22 |
| url |
VCID-dpc3-td9q-dyee |
| vulnerability_id |
VCID-dpc3-td9q-dyee |
| summary |
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-22815 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26277 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26314 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.2634 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26332 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.2639 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26436 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26428 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26377 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.2631 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26529 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26486 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-22815 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/advisories/GHSA-pw3c-h7wp-cvhx |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-pw3c-h7wp-cvhx |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
BIT-pillow-2022-22815, CVE-2022-22815, GHSA-pw3c-h7wp-cvhx, PYSEC-2022-8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dpc3-td9q-dyee |
|
| 23 |
| url |
VCID-e3gp-zc2b-budg |
| vulnerability_id |
VCID-e3gp-zc2b-budg |
| summary |
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9189 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58046 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58069 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58053 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58049 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.57994 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.5802 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.57998 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58025 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.57913 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58056 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00358 |
| scoring_system |
epss |
| scoring_elements |
0.58033 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9189 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/advisories/GHSA-rwr3-c2q8-gm56 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-rwr3-c2q8-gm56 |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
| reference_url |
http://www.securityfocus.com/bid/94234 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.securityfocus.com/bid/94234 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@3.3.2 |
| purl |
pkg:pypi/pillow@3.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 8 |
| vulnerability |
VCID-8n2b-wvya-53e1 |
|
| 9 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 10 |
| vulnerability |
VCID-and9-6jty-pyeq |
|
| 11 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 12 |
| vulnerability |
VCID-b3au-rcgp-2fag |
|
| 13 |
| vulnerability |
VCID-b5a2-83ej-puaw |
|
| 14 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 15 |
| vulnerability |
VCID-cas2-jb3y-vyhz |
|
| 16 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 17 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 18 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 19 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 20 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 21 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 22 |
| vulnerability |
VCID-h4x7-7fke-mqgp |
|
| 23 |
| vulnerability |
VCID-haum-8zpg-6kgf |
|
| 24 |
| vulnerability |
VCID-hmmq-5772-bycm |
|
| 25 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 26 |
| vulnerability |
VCID-m3tm-h4q9-9yay |
|
| 27 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 28 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 29 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 30 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 31 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 32 |
| vulnerability |
VCID-sns1-ksqr-vbhr |
|
| 33 |
| vulnerability |
VCID-stft-hsk9-zfdy |
|
| 34 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 35 |
| vulnerability |
VCID-uf5t-asns-tudp |
|
| 36 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 37 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 38 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 39 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 40 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 41 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 42 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
| 43 |
| vulnerability |
VCID-xk66-1d31-2qbk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.3.2 |
|
|
| aliases |
CVE-2016-9189, GHSA-rwr3-c2q8-gm56, PYSEC-2016-8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e3gp-zc2b-budg |
|
| 24 |
| url |
VCID-en6t-uxtq-bfek |
| vulnerability_id |
VCID-en6t-uxtq-bfek |
| summary |
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25289 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00206 |
| scoring_system |
epss |
| scoring_elements |
0.42926 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00206 |
| scoring_system |
epss |
| scoring_elements |
0.43036 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00206 |
| scoring_system |
epss |
| scoring_elements |
0.43048 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00206 |
| scoring_system |
epss |
| scoring_elements |
0.42988 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00206 |
| scoring_system |
epss |
| scoring_elements |
0.43005 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00206 |
| scoring_system |
epss |
| scoring_elements |
0.4304 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00206 |
| scoring_system |
epss |
| scoring_elements |
0.43017 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00206 |
| scoring_system |
epss |
| scoring_elements |
0.43004 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00206 |
| scoring_system |
epss |
| scoring_elements |
0.42954 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00206 |
| scoring_system |
epss |
| scoring_elements |
0.43018 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00206 |
| scoring_system |
epss |
| scoring_elements |
0.4299 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.00762 |
| scoring_system |
epss |
| scoring_elements |
0.73401 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25289 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/advisories/GHSA-57h3-9rgr-c24m |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-57h3-9rgr-c24m |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.1.1 |
| purl |
pkg:pypi/pillow@8.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 8 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 9 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 10 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 11 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 12 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 13 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 14 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 15 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 16 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 17 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 18 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 19 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 20 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 21 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 22 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 23 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1 |
|
|
| aliases |
BIT-pillow-2021-25289, CVE-2021-25289, GHSA-57h3-9rgr-c24m, PYSEC-2021-35
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-en6t-uxtq-bfek |
|
| 25 |
| url |
VCID-g46h-p8jk-cuhc |
| vulnerability_id |
VCID-g46h-p8jk-cuhc |
| summary |
Infinite loop in Pillow
JpegImagePlugin may append an EOF marker to the end of a truncated file, so that the last segment of the data will still be processed by the decoder.
If the EOF marker is not detected as such however, this could lead to an infinite loop where JpegImagePlugin keeps trying to end the file. |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-4fx9-vc88-q2xc, GMS-2022-347
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g46h-p8jk-cuhc |
|
| 26 |
| url |
VCID-gmd5-pbxc-a3gd |
| vulnerability_id |
VCID-gmd5-pbxc-a3gd |
| summary |
Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3007 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03008 |
| scoring_system |
epss |
| scoring_elements |
0.86601 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.03008 |
| scoring_system |
epss |
| scoring_elements |
0.86527 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.03008 |
| scoring_system |
epss |
| scoring_elements |
0.86538 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.03008 |
| scoring_system |
epss |
| scoring_elements |
0.86556 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.03008 |
| scoring_system |
epss |
| scoring_elements |
0.86575 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.03008 |
| scoring_system |
epss |
| scoring_elements |
0.86585 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.03008 |
| scoring_system |
epss |
| scoring_elements |
0.866 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.03008 |
| scoring_system |
epss |
| scoring_elements |
0.86597 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.03008 |
| scoring_system |
epss |
| scoring_elements |
0.8659 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.03008 |
| scoring_system |
epss |
| scoring_elements |
0.86604 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.03008 |
| scoring_system |
epss |
| scoring_elements |
0.86609 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3007 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@2.5.0 |
| purl |
pkg:pypi/pillow@2.5.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-366h-8f99-r7at |
|
| 3 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 4 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 5 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 6 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 7 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 8 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 9 |
| vulnerability |
VCID-8n2b-wvya-53e1 |
|
| 10 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 11 |
| vulnerability |
VCID-and9-6jty-pyeq |
|
| 12 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 13 |
| vulnerability |
VCID-avx2-mahw-mqes |
|
| 14 |
| vulnerability |
VCID-b3au-rcgp-2fag |
|
| 15 |
| vulnerability |
VCID-b5a2-83ej-puaw |
|
| 16 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 17 |
| vulnerability |
VCID-cas2-jb3y-vyhz |
|
| 18 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 19 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 20 |
| vulnerability |
VCID-dgds-v95g-pbcv |
|
| 21 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 22 |
| vulnerability |
VCID-e3gp-zc2b-budg |
|
| 23 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 24 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 25 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 26 |
| vulnerability |
VCID-h4x7-7fke-mqgp |
|
| 27 |
| vulnerability |
VCID-haum-8zpg-6kgf |
|
| 28 |
| vulnerability |
VCID-hmmq-5772-bycm |
|
| 29 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 30 |
| vulnerability |
VCID-m3tm-h4q9-9yay |
|
| 31 |
| vulnerability |
VCID-ma2g-2f8d-dqa9 |
|
| 32 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 33 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 34 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 35 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 36 |
| vulnerability |
VCID-qjqr-jyjn-xfh9 |
|
| 37 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 38 |
| vulnerability |
VCID-sns1-ksqr-vbhr |
|
| 39 |
| vulnerability |
VCID-stft-hsk9-zfdy |
|
| 40 |
| vulnerability |
VCID-u1en-t8ux-uube |
|
| 41 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 42 |
| vulnerability |
VCID-uf5t-asns-tudp |
|
| 43 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 44 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 45 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 46 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 47 |
| vulnerability |
VCID-vz9s-jqpb-2ybf |
|
| 48 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 49 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 50 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
| 51 |
| vulnerability |
VCID-xk66-1d31-2qbk |
|
| 52 |
| vulnerability |
VCID-yccg-zw89-vqff |
|
| 53 |
| vulnerability |
VCID-zmd3-henq-r7bd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.5.0 |
|
|
| aliases |
CVE-2014-3007, GHSA-8m9x-pxwq-j236, PYSEC-2014-87
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gmd5-pbxc-a3gd |
|
| 27 |
| url |
VCID-gvjw-funa-sqak |
| vulnerability_id |
VCID-gvjw-funa-sqak |
| summary |
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27923 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61835 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61885 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61759 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61833 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61864 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61937 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61933 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61889 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61909 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61921 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.619 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62258 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27923 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.1.1 |
| purl |
pkg:pypi/pillow@8.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 8 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 9 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 10 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 11 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 12 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 13 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 14 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 15 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 16 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 17 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 18 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 19 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 20 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 21 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 22 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 23 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1 |
|
| 1 |
| url |
pkg:pypi/pillow@8.1.2 |
| purl |
pkg:pypi/pillow@8.1.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 3 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 4 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 5 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 6 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 7 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 8 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 9 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 10 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 11 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 12 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 13 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 14 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 15 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 16 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 17 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 18 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 19 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 20 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2 |
|
|
| aliases |
BIT-pillow-2021-27923, CVE-2021-27923, GHSA-95q3-8gr9-gm8w, PYSEC-2021-42
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gvjw-funa-sqak |
|
| 28 |
| url |
VCID-h4x7-7fke-mqgp |
| vulnerability_id |
VCID-h4x7-7fke-mqgp |
| summary |
There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@6.2.2 |
| purl |
pkg:pypi/pillow@6.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 8 |
| vulnerability |
VCID-7bjx-gkf7-cke9 |
|
| 9 |
| vulnerability |
VCID-8n2b-wvya-53e1 |
|
| 10 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 11 |
| vulnerability |
VCID-and9-6jty-pyeq |
|
| 12 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 13 |
| vulnerability |
VCID-b5a2-83ej-puaw |
|
| 14 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 15 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 16 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 17 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 18 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 19 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 20 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 21 |
| vulnerability |
VCID-haum-8zpg-6kgf |
|
| 22 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 23 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 24 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 25 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 26 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 27 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 28 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 29 |
| vulnerability |
VCID-uf5t-asns-tudp |
|
| 30 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 31 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 32 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 33 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 34 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 35 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 36 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2 |
|
|
| aliases |
PYSEC-2020-191
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-h4x7-7fke-mqgp |
|
| 29 |
| url |
VCID-haum-8zpg-6kgf |
| vulnerability_id |
VCID-haum-8zpg-6kgf |
| summary |
Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-10177 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54996 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.55018 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.55015 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54978 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.55 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.55019 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.55007 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54958 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54988 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54962 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00319 |
| scoring_system |
epss |
| scoring_elements |
0.54892 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-10177 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
| reference_url |
https://usn.ubuntu.com/4430-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4430-1 |
|
| 32 |
|
| 33 |
| reference_url |
https://usn.ubuntu.com/4430-2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4430-2 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@7.1.0 |
| purl |
pkg:pypi/pillow@7.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 8 |
| vulnerability |
VCID-7bjx-gkf7-cke9 |
|
| 9 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 10 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 11 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 12 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 13 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 14 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 15 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 16 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 17 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 18 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 19 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 20 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 21 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 22 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 23 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 24 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 25 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 26 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 27 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 28 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 29 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 30 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 31 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0 |
|
|
| aliases |
BIT-pillow-2020-10177, CVE-2020-10177, GHSA-cqhg-xjhh-p8hf, PYSEC-2020-76
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-haum-8zpg-6kgf |
|
| 30 |
| url |
VCID-hmmq-5772-bycm |
| vulnerability_id |
VCID-hmmq-5772-bycm |
| summary |
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-5313 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00551 |
| scoring_system |
epss |
| scoring_elements |
0.68008 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00551 |
| scoring_system |
epss |
| scoring_elements |
0.68026 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00551 |
| scoring_system |
epss |
| scoring_elements |
0.68013 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00551 |
| scoring_system |
epss |
| scoring_elements |
0.67976 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00551 |
| scoring_system |
epss |
| scoring_elements |
0.6801 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00551 |
| scoring_system |
epss |
| scoring_elements |
0.68024 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00551 |
| scoring_system |
epss |
| scoring_elements |
0.68 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00551 |
| scoring_system |
epss |
| scoring_elements |
0.67987 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00551 |
| scoring_system |
epss |
| scoring_elements |
0.67936 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00551 |
| scoring_system |
epss |
| scoring_elements |
0.67957 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00551 |
| scoring_system |
epss |
| scoring_elements |
0.67938 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.00551 |
| scoring_system |
epss |
| scoring_elements |
0.67915 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-5313 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H |
|
| 1 |
| value |
8.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
| reference_url |
https://usn.ubuntu.com/4272-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H |
|
| 1 |
| value |
8.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4272-1 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@6.2.2 |
| purl |
pkg:pypi/pillow@6.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 8 |
| vulnerability |
VCID-7bjx-gkf7-cke9 |
|
| 9 |
| vulnerability |
VCID-8n2b-wvya-53e1 |
|
| 10 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 11 |
| vulnerability |
VCID-and9-6jty-pyeq |
|
| 12 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 13 |
| vulnerability |
VCID-b5a2-83ej-puaw |
|
| 14 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 15 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 16 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 17 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 18 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 19 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 20 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 21 |
| vulnerability |
VCID-haum-8zpg-6kgf |
|
| 22 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 23 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 24 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 25 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 26 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 27 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 28 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 29 |
| vulnerability |
VCID-uf5t-asns-tudp |
|
| 30 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 31 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 32 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 33 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 34 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 35 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 36 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2 |
|
|
| aliases |
BIT-pillow-2020-5313, CVE-2020-5313, GHSA-hj69-c76v-86wr, PYSEC-2020-84
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hmmq-5772-bycm |
|
| 31 |
| url |
VCID-khp6-9hfx-1kge |
| vulnerability_id |
VCID-khp6-9hfx-1kge |
| summary |
Uncontrolled Resource Consumption in pillow
### Impact
_Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large._
### Patches
_An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image._
### Workarounds
_An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image._
### References
https://nvd.nist.gov/vuln/detail/CVE-2021-27921
### For more information
If you have any questions or comments about this advisory:
* Open an issue in [example link to repo](http://example.com)
* Email us at [example email address](mailto:example@example.com) |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.1.1 |
| purl |
pkg:pypi/pillow@8.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 8 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 9 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 10 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 11 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 12 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 13 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 14 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 15 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 16 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 17 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 18 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 19 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 20 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 21 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 22 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 23 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1 |
|
| 1 |
| url |
pkg:pypi/pillow@8.1.2 |
| purl |
pkg:pypi/pillow@8.1.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 3 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 4 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 5 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 6 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 7 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 8 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 9 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 10 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 11 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 12 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 13 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 14 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 15 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 16 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 17 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 18 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 19 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 20 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2 |
|
|
| aliases |
GHSA-jgpv-4h4c-xhw3, GMS-2021-167
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-khp6-9hfx-1kge |
|
| 32 |
| url |
VCID-m3tm-h4q9-9yay |
| vulnerability_id |
VCID-m3tm-h4q9-9yay |
| summary |
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-5311 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01304 |
| scoring_system |
epss |
| scoring_elements |
0.79754 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.01304 |
| scoring_system |
epss |
| scoring_elements |
0.79747 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.01304 |
| scoring_system |
epss |
| scoring_elements |
0.79718 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.01304 |
| scoring_system |
epss |
| scoring_elements |
0.79733 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01304 |
| scoring_system |
epss |
| scoring_elements |
0.79712 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.01304 |
| scoring_system |
epss |
| scoring_elements |
0.79705 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.01304 |
| scoring_system |
epss |
| scoring_elements |
0.79785 |
| published_at |
2026-04-21T12:55:00Z |
|
| 7 |
| value |
0.01304 |
| scoring_system |
epss |
| scoring_elements |
0.7978 |
| published_at |
2026-04-16T12:55:00Z |
|
| 8 |
| value |
0.01304 |
| scoring_system |
epss |
| scoring_elements |
0.79753 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.01304 |
| scoring_system |
epss |
| scoring_elements |
0.7976 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.01304 |
| scoring_system |
epss |
| scoring_elements |
0.79776 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.01304 |
| scoring_system |
epss |
| scoring_elements |
0.79781 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-5311 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/advisories/GHSA-r7rm-8j6h-r933 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-r7rm-8j6h-r933 |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
| reference_url |
https://usn.ubuntu.com/4272-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4272-1 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@6.2.2 |
| purl |
pkg:pypi/pillow@6.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 8 |
| vulnerability |
VCID-7bjx-gkf7-cke9 |
|
| 9 |
| vulnerability |
VCID-8n2b-wvya-53e1 |
|
| 10 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 11 |
| vulnerability |
VCID-and9-6jty-pyeq |
|
| 12 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 13 |
| vulnerability |
VCID-b5a2-83ej-puaw |
|
| 14 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 15 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 16 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 17 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 18 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 19 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 20 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 21 |
| vulnerability |
VCID-haum-8zpg-6kgf |
|
| 22 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 23 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 24 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 25 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 26 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 27 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 28 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 29 |
| vulnerability |
VCID-uf5t-asns-tudp |
|
| 30 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 31 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 32 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 33 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 34 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 35 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 36 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2 |
|
|
| aliases |
BIT-pillow-2020-5311, CVE-2020-5311, GHSA-r7rm-8j6h-r933, PYSEC-2020-82
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m3tm-h4q9-9yay |
|
| 33 |
| url |
VCID-ma2g-2f8d-dqa9 |
| vulnerability_id |
VCID-ma2g-2f8d-dqa9 |
| summary |
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3598 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00403 |
| scoring_system |
epss |
| scoring_elements |
0.6083 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00403 |
| scoring_system |
epss |
| scoring_elements |
0.6088 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00403 |
| scoring_system |
epss |
| scoring_elements |
0.60859 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00403 |
| scoring_system |
epss |
| scoring_elements |
0.60843 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00403 |
| scoring_system |
epss |
| scoring_elements |
0.60794 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00403 |
| scoring_system |
epss |
| scoring_elements |
0.60728 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00403 |
| scoring_system |
epss |
| scoring_elements |
0.608 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00403 |
| scoring_system |
epss |
| scoring_elements |
0.60878 |
| published_at |
2026-04-21T12:55:00Z |
|
| 8 |
| value |
0.00403 |
| scoring_system |
epss |
| scoring_elements |
0.60894 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00403 |
| scoring_system |
epss |
| scoring_elements |
0.6089 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00403 |
| scoring_system |
epss |
| scoring_elements |
0.60848 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00403 |
| scoring_system |
epss |
| scoring_elements |
0.60867 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3598 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 6 |
|
| 7 |
| reference_url |
https://pypi.python.org/pypi/Pillow/2.5.3 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://pypi.python.org/pypi/Pillow/2.5.3 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@2.5.3 |
| purl |
pkg:pypi/pillow@2.5.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-366h-8f99-r7at |
|
| 3 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 4 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 5 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 6 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 7 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 8 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 9 |
| vulnerability |
VCID-8n2b-wvya-53e1 |
|
| 10 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 11 |
| vulnerability |
VCID-and9-6jty-pyeq |
|
| 12 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 13 |
| vulnerability |
VCID-avx2-mahw-mqes |
|
| 14 |
| vulnerability |
VCID-b3au-rcgp-2fag |
|
| 15 |
| vulnerability |
VCID-b5a2-83ej-puaw |
|
| 16 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 17 |
| vulnerability |
VCID-cas2-jb3y-vyhz |
|
| 18 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 19 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 20 |
| vulnerability |
VCID-dgds-v95g-pbcv |
|
| 21 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 22 |
| vulnerability |
VCID-e3gp-zc2b-budg |
|
| 23 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 24 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 25 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 26 |
| vulnerability |
VCID-h4x7-7fke-mqgp |
|
| 27 |
| vulnerability |
VCID-haum-8zpg-6kgf |
|
| 28 |
| vulnerability |
VCID-hmmq-5772-bycm |
|
| 29 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 30 |
| vulnerability |
VCID-m3tm-h4q9-9yay |
|
| 31 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 32 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 33 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 34 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 35 |
| vulnerability |
VCID-qjqr-jyjn-xfh9 |
|
| 36 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 37 |
| vulnerability |
VCID-sns1-ksqr-vbhr |
|
| 38 |
| vulnerability |
VCID-stft-hsk9-zfdy |
|
| 39 |
| vulnerability |
VCID-u1en-t8ux-uube |
|
| 40 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 41 |
| vulnerability |
VCID-uf5t-asns-tudp |
|
| 42 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 43 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 44 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 45 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 46 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 47 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 48 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
| 49 |
| vulnerability |
VCID-xk66-1d31-2qbk |
|
| 50 |
| vulnerability |
VCID-yccg-zw89-vqff |
|
| 51 |
| vulnerability |
VCID-zmd3-henq-r7bd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.5.3 |
|
|
| aliases |
CVE-2014-3598, GHSA-j6f7-g425-4gmx, PYSEC-2015-15
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ma2g-2f8d-dqa9 |
|
| 34 |
| url |
VCID-n1hp-atex-ubh4 |
| vulnerability_id |
VCID-n1hp-atex-ubh4 |
| summary |
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-44271 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00218 |
| scoring_system |
epss |
| scoring_elements |
0.44438 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00218 |
| scoring_system |
epss |
| scoring_elements |
0.44447 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00218 |
| scoring_system |
epss |
| scoring_elements |
0.44392 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00218 |
| scoring_system |
epss |
| scoring_elements |
0.44391 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00218 |
| scoring_system |
epss |
| scoring_elements |
0.44406 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00218 |
| scoring_system |
epss |
| scoring_elements |
0.44399 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00218 |
| scoring_system |
epss |
| scoring_elements |
0.44347 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00218 |
| scoring_system |
epss |
| scoring_elements |
0.44413 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00218 |
| scoring_system |
epss |
| scoring_elements |
0.44423 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45083 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-44271 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
BIT-pillow-2023-44271, CVE-2023-44271, GHSA-8ghj-p4vj-mr35, PYSEC-2023-227
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n1hp-atex-ubh4 |
|
| 35 |
| url |
VCID-n1w5-f5p7-xuhb |
| vulnerability_id |
VCID-n1w5-f5p7-xuhb |
| summary |
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25287 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.57007 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.5701 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56981 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.57005 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.57025 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.57014 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.57011 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56963 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56961 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56985 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56866 |
| published_at |
2026-04-01T12:55:00Z |
|
| 11 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.57699 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25287 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
|
| 1 |
| value |
8.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.2.0 |
| purl |
pkg:pypi/pillow@8.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 3 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 4 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 5 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 6 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 7 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 8 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 9 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 10 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 11 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 12 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 13 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0 |
|
|
| aliases |
BIT-pillow-2021-25287, CVE-2021-25287, GHSA-77gc-v2xv-rvvh, PYSEC-2021-137
|
| risk_score |
4.1 |
| exploitability |
0.5 |
| weighted_severity |
8.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n1w5-f5p7-xuhb |
|
| 36 |
| url |
VCID-p6r3-puh1-zyg6 |
| vulnerability_id |
VCID-p6r3-puh1-zyg6 |
| summary |
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25293 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.001 |
| scoring_system |
epss |
| scoring_elements |
0.27731 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.001 |
| scoring_system |
epss |
| scoring_elements |
0.27723 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.001 |
| scoring_system |
epss |
| scoring_elements |
0.2778 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.001 |
| scoring_system |
epss |
| scoring_elements |
0.27822 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.001 |
| scoring_system |
epss |
| scoring_elements |
0.27816 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.001 |
| scoring_system |
epss |
| scoring_elements |
0.27773 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.001 |
| scoring_system |
epss |
| scoring_elements |
0.27705 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.001 |
| scoring_system |
epss |
| scoring_elements |
0.27913 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.001 |
| scoring_system |
epss |
| scoring_elements |
0.27873 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.001 |
| scoring_system |
epss |
| scoring_elements |
0.27823 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38018 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25293 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.1.1 |
| purl |
pkg:pypi/pillow@8.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 8 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 9 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 10 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 11 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 12 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 13 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 14 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 15 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 16 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 17 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 18 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 19 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 20 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 21 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 22 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 23 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1 |
|
|
| aliases |
BIT-pillow-2021-25293, CVE-2021-25293, GHSA-p43w-g3c5-g5mq, PYSEC-2021-39
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p6r3-puh1-zyg6 |
|
| 37 |
| url |
VCID-ptk9-u246-q7gh |
| vulnerability_id |
VCID-ptk9-u246-q7gh |
| summary |
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-1933 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00111 |
| scoring_system |
epss |
| scoring_elements |
0.29631 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00111 |
| scoring_system |
epss |
| scoring_elements |
0.29405 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00111 |
| scoring_system |
epss |
| scoring_elements |
0.29451 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00111 |
| scoring_system |
epss |
| scoring_elements |
0.29479 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00111 |
| scoring_system |
epss |
| scoring_elements |
0.2946 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00111 |
| scoring_system |
epss |
| scoring_elements |
0.29512 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00111 |
| scoring_system |
epss |
| scoring_elements |
0.29557 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00111 |
| scoring_system |
epss |
| scoring_elements |
0.29555 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00111 |
| scoring_system |
epss |
| scoring_elements |
0.29452 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00111 |
| scoring_system |
epss |
| scoring_elements |
0.29515 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00111 |
| scoring_system |
epss |
| scoring_elements |
0.29582 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-1933 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-imaging/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-imaging/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
| reference_url |
http://www.ubuntu.com/usn/USN-2168-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.ubuntu.com/usn/USN-2168-1 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@2.3.1 |
| purl |
pkg:pypi/pillow@2.3.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-366h-8f99-r7at |
|
| 3 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 4 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 5 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 6 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 7 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 8 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 9 |
| vulnerability |
VCID-8n2b-wvya-53e1 |
|
| 10 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 11 |
| vulnerability |
VCID-and9-6jty-pyeq |
|
| 12 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 13 |
| vulnerability |
VCID-avx2-mahw-mqes |
|
| 14 |
| vulnerability |
VCID-b3au-rcgp-2fag |
|
| 15 |
| vulnerability |
VCID-b5a2-83ej-puaw |
|
| 16 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 17 |
| vulnerability |
VCID-cas2-jb3y-vyhz |
|
| 18 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 19 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 20 |
| vulnerability |
VCID-dgds-v95g-pbcv |
|
| 21 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 22 |
| vulnerability |
VCID-e3gp-zc2b-budg |
|
| 23 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 24 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 25 |
| vulnerability |
VCID-gmd5-pbxc-a3gd |
|
| 26 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 27 |
| vulnerability |
VCID-h4x7-7fke-mqgp |
|
| 28 |
| vulnerability |
VCID-haum-8zpg-6kgf |
|
| 29 |
| vulnerability |
VCID-hmmq-5772-bycm |
|
| 30 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 31 |
| vulnerability |
VCID-m3tm-h4q9-9yay |
|
| 32 |
| vulnerability |
VCID-ma2g-2f8d-dqa9 |
|
| 33 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 34 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 35 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 36 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 37 |
| vulnerability |
VCID-qjqr-jyjn-xfh9 |
|
| 38 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 39 |
| vulnerability |
VCID-sns1-ksqr-vbhr |
|
| 40 |
| vulnerability |
VCID-stft-hsk9-zfdy |
|
| 41 |
| vulnerability |
VCID-u1en-t8ux-uube |
|
| 42 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 43 |
| vulnerability |
VCID-uf5t-asns-tudp |
|
| 44 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 45 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 46 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 47 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 48 |
| vulnerability |
VCID-vz9s-jqpb-2ybf |
|
| 49 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 50 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 51 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
| 52 |
| vulnerability |
VCID-xk66-1d31-2qbk |
|
| 53 |
| vulnerability |
VCID-zmd3-henq-r7bd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.3.1 |
|
|
| aliases |
CVE-2014-1933, GHSA-r854-96gq-rfg3, PYSEC-2014-23
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ptk9-u246-q7gh |
|
| 38 |
| url |
VCID-q4bb-qnxe-8bfa |
| vulnerability_id |
VCID-q4bb-qnxe-8bfa |
| summary |
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-22817 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02781 |
| scoring_system |
epss |
| scoring_elements |
0.86079 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.02781 |
| scoring_system |
epss |
| scoring_elements |
0.86086 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.02781 |
| scoring_system |
epss |
| scoring_elements |
0.86081 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.02781 |
| scoring_system |
epss |
| scoring_elements |
0.86064 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.02781 |
| scoring_system |
epss |
| scoring_elements |
0.86068 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.02781 |
| scoring_system |
epss |
| scoring_elements |
0.86071 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.02781 |
| scoring_system |
epss |
| scoring_elements |
0.86057 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.02781 |
| scoring_system |
epss |
| scoring_elements |
0.86047 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.02781 |
| scoring_system |
epss |
| scoring_elements |
0.86027 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.02781 |
| scoring_system |
epss |
| scoring_elements |
0.86028 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.02781 |
| scoring_system |
epss |
| scoring_elements |
0.86011 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-22817 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/advisories/GHSA-8vj2-vxx3-667w |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-8vj2-vxx3-667w |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
| reference_url |
https://security.gentoo.org/glsa/202211-10 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/ |
|
|
| url |
https://security.gentoo.org/glsa/202211-10 |
|
| 15 |
| reference_url |
https://www.debian.org/security/2022/dsa-5053 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/ |
|
|
| url |
https://www.debian.org/security/2022/dsa-5053 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
|
| aliases |
BIT-pillow-2022-22817, CVE-2022-22817, GHSA-8vj2-vxx3-667w, PYSEC-2022-10
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q4bb-qnxe-8bfa |
|
| 39 |
| url |
VCID-qjqr-jyjn-xfh9 |
| vulnerability_id |
VCID-qjqr-jyjn-xfh9 |
| summary |
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-9601 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01034 |
| scoring_system |
epss |
| scoring_elements |
0.77396 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.01034 |
| scoring_system |
epss |
| scoring_elements |
0.77404 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.01207 |
| scoring_system |
epss |
| scoring_elements |
0.78966 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.01207 |
| scoring_system |
epss |
| scoring_elements |
0.78918 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.01207 |
| scoring_system |
epss |
| scoring_elements |
0.78924 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.01207 |
| scoring_system |
epss |
| scoring_elements |
0.78952 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.01207 |
| scoring_system |
epss |
| scoring_elements |
0.78936 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.01207 |
| scoring_system |
epss |
| scoring_elements |
0.7896 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.01207 |
| scoring_system |
epss |
| scoring_elements |
0.7899 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.01207 |
| scoring_system |
epss |
| scoring_elements |
0.78975 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.01207 |
| scoring_system |
epss |
| scoring_elements |
0.78965 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-9601 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@2.7.0 |
| purl |
pkg:pypi/pillow@2.7.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-366h-8f99-r7at |
|
| 3 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 4 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 5 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 6 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 7 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 8 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 9 |
| vulnerability |
VCID-8n2b-wvya-53e1 |
|
| 10 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 11 |
| vulnerability |
VCID-and9-6jty-pyeq |
|
| 12 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 13 |
| vulnerability |
VCID-avx2-mahw-mqes |
|
| 14 |
| vulnerability |
VCID-b3au-rcgp-2fag |
|
| 15 |
| vulnerability |
VCID-b5a2-83ej-puaw |
|
| 16 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 17 |
| vulnerability |
VCID-cas2-jb3y-vyhz |
|
| 18 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 19 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 20 |
| vulnerability |
VCID-dgds-v95g-pbcv |
|
| 21 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 22 |
| vulnerability |
VCID-e3gp-zc2b-budg |
|
| 23 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 24 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 25 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 26 |
| vulnerability |
VCID-h4x7-7fke-mqgp |
|
| 27 |
| vulnerability |
VCID-haum-8zpg-6kgf |
|
| 28 |
| vulnerability |
VCID-hmmq-5772-bycm |
|
| 29 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 30 |
| vulnerability |
VCID-m3tm-h4q9-9yay |
|
| 31 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 32 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 33 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 34 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 35 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 36 |
| vulnerability |
VCID-sns1-ksqr-vbhr |
|
| 37 |
| vulnerability |
VCID-stft-hsk9-zfdy |
|
| 38 |
| vulnerability |
VCID-u1en-t8ux-uube |
|
| 39 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 40 |
| vulnerability |
VCID-uf5t-asns-tudp |
|
| 41 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 42 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 43 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 44 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 45 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 46 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 47 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
| 48 |
| vulnerability |
VCID-xk66-1d31-2qbk |
|
| 49 |
| vulnerability |
VCID-yccg-zw89-vqff |
|
| 50 |
| vulnerability |
VCID-zmd3-henq-r7bd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.7.0 |
|
|
| aliases |
CVE-2014-9601, GHSA-h5rf-vgqx-wjv2, PYSEC-2015-16
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qjqr-jyjn-xfh9 |
|
| 40 |
| url |
VCID-rncf-9nf8-wud3 |
| vulnerability_id |
VCID-rncf-9nf8-wud3 |
| summary |
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25290 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00143 |
| scoring_system |
epss |
| scoring_elements |
0.34335 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00143 |
| scoring_system |
epss |
| scoring_elements |
0.34596 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00143 |
| scoring_system |
epss |
| scoring_elements |
0.34558 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00143 |
| scoring_system |
epss |
| scoring_elements |
0.34582 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.00143 |
| scoring_system |
epss |
| scoring_elements |
0.34621 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00143 |
| scoring_system |
epss |
| scoring_elements |
0.3462 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00143 |
| scoring_system |
epss |
| scoring_elements |
0.34591 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00143 |
| scoring_system |
epss |
| scoring_elements |
0.34548 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00143 |
| scoring_system |
epss |
| scoring_elements |
0.34679 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00143 |
| scoring_system |
epss |
| scoring_elements |
0.34653 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.47959 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25290 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.1.1 |
| purl |
pkg:pypi/pillow@8.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 8 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 9 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 10 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 11 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 12 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 13 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 14 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 15 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 16 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 17 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 18 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 19 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 20 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 21 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 22 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 23 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1 |
|
|
| aliases |
BIT-pillow-2021-25290, CVE-2021-25290, GHSA-8xjq-8fcg-g5hw, PYSEC-2021-36
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rncf-9nf8-wud3 |
|
| 41 |
| url |
VCID-sns1-ksqr-vbhr |
| vulnerability_id |
VCID-sns1-ksqr-vbhr |
| summary |
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-5312 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0173 |
| scoring_system |
epss |
| scoring_elements |
0.82494 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0173 |
| scoring_system |
epss |
| scoring_elements |
0.8238 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.0173 |
| scoring_system |
epss |
| scoring_elements |
0.82394 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.0173 |
| scoring_system |
epss |
| scoring_elements |
0.82412 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.0173 |
| scoring_system |
epss |
| scoring_elements |
0.82409 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0173 |
| scoring_system |
epss |
| scoring_elements |
0.82437 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0173 |
| scoring_system |
epss |
| scoring_elements |
0.82444 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0173 |
| scoring_system |
epss |
| scoring_elements |
0.82462 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0173 |
| scoring_system |
epss |
| scoring_elements |
0.82458 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0173 |
| scoring_system |
epss |
| scoring_elements |
0.82453 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0173 |
| scoring_system |
epss |
| scoring_elements |
0.82489 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.0173 |
| scoring_system |
epss |
| scoring_elements |
0.8249 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-5312 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://github.com/advisories/GHSA-p49h-hjvm-jg3h |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-p49h-hjvm-jg3h |
|
| 13 |
|
| 14 |
|
| 15 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
| reference_url |
https://usn.ubuntu.com/4272-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4272-1 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@6.2.2 |
| purl |
pkg:pypi/pillow@6.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 8 |
| vulnerability |
VCID-7bjx-gkf7-cke9 |
|
| 9 |
| vulnerability |
VCID-8n2b-wvya-53e1 |
|
| 10 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 11 |
| vulnerability |
VCID-and9-6jty-pyeq |
|
| 12 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 13 |
| vulnerability |
VCID-b5a2-83ej-puaw |
|
| 14 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 15 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 16 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 17 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 18 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 19 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 20 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 21 |
| vulnerability |
VCID-haum-8zpg-6kgf |
|
| 22 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 23 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 24 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 25 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 26 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 27 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 28 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 29 |
| vulnerability |
VCID-uf5t-asns-tudp |
|
| 30 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 31 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 32 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 33 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 34 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 35 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 36 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2 |
|
|
| aliases |
BIT-pillow-2020-5312, CVE-2020-5312, GHSA-p49h-hjvm-jg3h, PYSEC-2020-83
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sns1-ksqr-vbhr |
|
| 42 |
| url |
VCID-stft-hsk9-zfdy |
| vulnerability_id |
VCID-stft-hsk9-zfdy |
| summary |
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-5310 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00611 |
| scoring_system |
epss |
| scoring_elements |
0.69829 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00611 |
| scoring_system |
epss |
| scoring_elements |
0.69848 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00611 |
| scoring_system |
epss |
| scoring_elements |
0.69838 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00611 |
| scoring_system |
epss |
| scoring_elements |
0.69796 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00611 |
| scoring_system |
epss |
| scoring_elements |
0.6981 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00611 |
| scoring_system |
epss |
| scoring_elements |
0.69825 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00611 |
| scoring_system |
epss |
| scoring_elements |
0.69802 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00611 |
| scoring_system |
epss |
| scoring_elements |
0.69786 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00611 |
| scoring_system |
epss |
| scoring_elements |
0.69738 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00611 |
| scoring_system |
epss |
| scoring_elements |
0.69761 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00611 |
| scoring_system |
epss |
| scoring_elements |
0.69745 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.00611 |
| scoring_system |
epss |
| scoring_elements |
0.69734 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-5310 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/advisories/GHSA-vcqg-3p29-xw73 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-vcqg-3p29-xw73 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
| reference_url |
https://usn.ubuntu.com/4272-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4272-1 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@6.2.2 |
| purl |
pkg:pypi/pillow@6.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 8 |
| vulnerability |
VCID-7bjx-gkf7-cke9 |
|
| 9 |
| vulnerability |
VCID-8n2b-wvya-53e1 |
|
| 10 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 11 |
| vulnerability |
VCID-and9-6jty-pyeq |
|
| 12 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 13 |
| vulnerability |
VCID-b5a2-83ej-puaw |
|
| 14 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 15 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 16 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 17 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 18 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 19 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 20 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 21 |
| vulnerability |
VCID-haum-8zpg-6kgf |
|
| 22 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 23 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 24 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 25 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 26 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 27 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 28 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 29 |
| vulnerability |
VCID-uf5t-asns-tudp |
|
| 30 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 31 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 32 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 33 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 34 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 35 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 36 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2 |
|
|
| aliases |
BIT-pillow-2020-5310, CVE-2020-5310, GHSA-vcqg-3p29-xw73, PYSEC-2020-81
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-stft-hsk9-zfdy |
|
| 43 |
| url |
VCID-u1en-t8ux-uube |
| vulnerability_id |
VCID-u1en-t8ux-uube |
| summary |
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9190 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00566 |
| scoring_system |
epss |
| scoring_elements |
0.68451 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00566 |
| scoring_system |
epss |
| scoring_elements |
0.68484 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00566 |
| scoring_system |
epss |
| scoring_elements |
0.68496 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00566 |
| scoring_system |
epss |
| scoring_elements |
0.6847 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00566 |
| scoring_system |
epss |
| scoring_elements |
0.68453 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00566 |
| scoring_system |
epss |
| scoring_elements |
0.68403 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00566 |
| scoring_system |
epss |
| scoring_elements |
0.68427 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00566 |
| scoring_system |
epss |
| scoring_elements |
0.68407 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00566 |
| scoring_system |
epss |
| scoring_elements |
0.68489 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00566 |
| scoring_system |
epss |
| scoring_elements |
0.68387 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00566 |
| scoring_system |
epss |
| scoring_elements |
0.68502 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00566 |
| scoring_system |
epss |
| scoring_elements |
0.68481 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9190 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
| reference_url |
http://www.securityfocus.com/bid/94234 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
http://www.securityfocus.com/bid/94234 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@3.3.2 |
| purl |
pkg:pypi/pillow@3.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 8 |
| vulnerability |
VCID-8n2b-wvya-53e1 |
|
| 9 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 10 |
| vulnerability |
VCID-and9-6jty-pyeq |
|
| 11 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 12 |
| vulnerability |
VCID-b3au-rcgp-2fag |
|
| 13 |
| vulnerability |
VCID-b5a2-83ej-puaw |
|
| 14 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 15 |
| vulnerability |
VCID-cas2-jb3y-vyhz |
|
| 16 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 17 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 18 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 19 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 20 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 21 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 22 |
| vulnerability |
VCID-h4x7-7fke-mqgp |
|
| 23 |
| vulnerability |
VCID-haum-8zpg-6kgf |
|
| 24 |
| vulnerability |
VCID-hmmq-5772-bycm |
|
| 25 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 26 |
| vulnerability |
VCID-m3tm-h4q9-9yay |
|
| 27 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 28 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 29 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 30 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 31 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 32 |
| vulnerability |
VCID-sns1-ksqr-vbhr |
|
| 33 |
| vulnerability |
VCID-stft-hsk9-zfdy |
|
| 34 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 35 |
| vulnerability |
VCID-uf5t-asns-tudp |
|
| 36 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 37 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 38 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 39 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 40 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 41 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 42 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
| 43 |
| vulnerability |
VCID-xk66-1d31-2qbk |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.3.2 |
|
|
| aliases |
CVE-2016-9190, GHSA-w4vg-rf63-f3j3, PYSEC-2016-9
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u1en-t8ux-uube |
|
| 44 |
| url |
VCID-ue18-zzau-x7hy |
| vulnerability_id |
VCID-ue18-zzau-x7hy |
| summary |
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25288 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50231 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.5023 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50186 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50224 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50196 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50203 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50149 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50125 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50198 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50171 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50917 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25288 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
|
| 1 |
| value |
8.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.2.0 |
| purl |
pkg:pypi/pillow@8.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 3 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 4 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 5 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 6 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 7 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 8 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 9 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 10 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 11 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 12 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 13 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0 |
|
|
| aliases |
BIT-pillow-2021-25288, CVE-2021-25288, GHSA-rwv7-3v45-hg29, PYSEC-2021-138
|
| risk_score |
4.1 |
| exploitability |
0.5 |
| weighted_severity |
8.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ue18-zzau-x7hy |
|
| 45 |
| url |
VCID-uf5t-asns-tudp |
| vulnerability_id |
VCID-uf5t-asns-tudp |
| summary |
In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-10994 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00424 |
| scoring_system |
epss |
| scoring_elements |
0.62204 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00424 |
| scoring_system |
epss |
| scoring_elements |
0.62221 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00424 |
| scoring_system |
epss |
| scoring_elements |
0.62214 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00424 |
| scoring_system |
epss |
| scoring_elements |
0.62171 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00424 |
| scoring_system |
epss |
| scoring_elements |
0.62191 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00424 |
| scoring_system |
epss |
| scoring_elements |
0.62202 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00424 |
| scoring_system |
epss |
| scoring_elements |
0.62183 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00424 |
| scoring_system |
epss |
| scoring_elements |
0.62165 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00424 |
| scoring_system |
epss |
| scoring_elements |
0.62148 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00424 |
| scoring_system |
epss |
| scoring_elements |
0.62115 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00424 |
| scoring_system |
epss |
| scoring_elements |
0.62056 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-10994 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
| reference_url |
https://usn.ubuntu.com/4430-1 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4430-1 |
|
| 23 |
|
| 24 |
| reference_url |
https://usn.ubuntu.com/4430-2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://usn.ubuntu.com/4430-2 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@7.0.0 |
| purl |
pkg:pypi/pillow@7.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 8 |
| vulnerability |
VCID-7bjx-gkf7-cke9 |
|
| 9 |
| vulnerability |
VCID-8n2b-wvya-53e1 |
|
| 10 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 11 |
| vulnerability |
VCID-and9-6jty-pyeq |
|
| 12 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 13 |
| vulnerability |
VCID-b5a2-83ej-puaw |
|
| 14 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 15 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 16 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 17 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 18 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 19 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 20 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 21 |
| vulnerability |
VCID-haum-8zpg-6kgf |
|
| 22 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 23 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 24 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 25 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 26 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 27 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 28 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 29 |
| vulnerability |
VCID-uf5t-asns-tudp |
|
| 30 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 31 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 32 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 33 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 34 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 35 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 36 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.0.0 |
|
| 1 |
| url |
pkg:pypi/pillow@7.1.0 |
| purl |
pkg:pypi/pillow@7.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 8 |
| vulnerability |
VCID-7bjx-gkf7-cke9 |
|
| 9 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 10 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 11 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 12 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 13 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 14 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 15 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 16 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 17 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 18 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 19 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 20 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 21 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 22 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 23 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 24 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 25 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 26 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 27 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 28 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 29 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 30 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 31 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0 |
|
|
| aliases |
BIT-pillow-2020-10994, CVE-2020-10994, GHSA-vj42-xq3r-hr3r, PYSEC-2020-79
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uf5t-asns-tudp |
|
| 46 |
| url |
VCID-vdzj-kqfy-d3b7 |
| vulnerability_id |
VCID-vdzj-kqfy-d3b7 |
| summary |
libwebp: OOB write in BuildHuffmanTable
Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-4863 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.93606 |
| scoring_system |
epss |
| scoring_elements |
0.99837 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.93606 |
| scoring_system |
epss |
| scoring_elements |
0.99835 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.93606 |
| scoring_system |
epss |
| scoring_elements |
0.99836 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.94083 |
| scoring_system |
epss |
| scoring_elements |
0.99905 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.94117 |
| scoring_system |
epss |
| scoring_elements |
0.99911 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.94117 |
| scoring_system |
epss |
| scoring_elements |
0.99909 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.94117 |
| scoring_system |
epss |
| scoring_elements |
0.9991 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-4863 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://crbug.com/1479274 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/ |
|
|
| url |
https://crbug.com/1479274 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
|
| 73 |
|
| 74 |
|
| 75 |
|
| 76 |
|
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
|
| 81 |
|
| 82 |
|
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
|
| 95 |
|
| 96 |
|
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
|
| 104 |
|
| 105 |
|
| 106 |
|
| 107 |
|
| 108 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-4863, GHSA-j7hp-h8jx-5ppr
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vdzj-kqfy-d3b7 |
|
| 47 |
| url |
VCID-vwbu-ruxm-tbh4 |
| vulnerability_id |
VCID-vwbu-ruxm-tbh4 |
| summary |
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25291 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67398 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67503 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67524 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67512 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67476 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.6751 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67523 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.675 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67486 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67455 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67434 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25291 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.1.1 |
| purl |
pkg:pypi/pillow@8.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 8 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 9 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 10 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 11 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 12 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 13 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 14 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 15 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 16 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 17 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 18 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 19 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 20 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 21 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 22 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 23 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1 |
|
| 1 |
| url |
pkg:pypi/pillow@8.2.0 |
| purl |
pkg:pypi/pillow@8.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 3 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 4 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 5 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 6 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 7 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 8 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 9 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 10 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 11 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 12 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 13 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0 |
|
|
| aliases |
BIT-pillow-2021-25291, CVE-2021-25291, GHSA-mvg9-xffr-p774, PYSEC-2021-37
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vwbu-ruxm-tbh4 |
|
| 48 |
| url |
VCID-vxh1-8rvt-kkak |
| vulnerability_id |
VCID-vxh1-8rvt-kkak |
| summary |
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25292 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35172 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35208 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35148 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35203 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35173 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35224 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35024 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35252 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35133 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35177 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35186 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00185 |
| scoring_system |
epss |
| scoring_elements |
0.40129 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25292 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/advisories/GHSA-9hx2-hgq2-2g4f |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-9hx2-hgq2-2g4f |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.1.1 |
| purl |
pkg:pypi/pillow@8.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 8 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 9 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 10 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 11 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 12 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 13 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 14 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 15 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 16 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 17 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 18 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 19 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 20 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 21 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 22 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 23 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1 |
|
|
| aliases |
BIT-pillow-2021-25292, CVE-2021-25292, GHSA-9hx2-hgq2-2g4f, PYSEC-2021-38
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vxh1-8rvt-kkak |
|
| 49 |
| url |
VCID-vyzt-df2u-h3cc |
| vulnerability_id |
VCID-vyzt-df2u-h3cc |
| summary |
An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-28678 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29345 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.2939 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29417 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29397 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29449 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29494 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29453 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29492 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29451 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29388 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29567 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29518 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-28678 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/advisories/GHSA-hjfx-8p6c-g7gx |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-hjfx-8p6c-g7gx |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.2.0 |
| purl |
pkg:pypi/pillow@8.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 3 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 4 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 5 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 6 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 7 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 8 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 9 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 10 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 11 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 12 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 13 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0 |
|
|
| aliases |
BIT-pillow-2021-28678, CVE-2021-28678, GHSA-hjfx-8p6c-g7gx, PYSEC-2021-94
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vyzt-df2u-h3cc |
|
| 50 |
| url |
VCID-vz9s-jqpb-2ybf |
| vulnerability_id |
VCID-vz9s-jqpb-2ybf |
| summary |
PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3589 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00808 |
| scoring_system |
epss |
| scoring_elements |
0.74154 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00808 |
| scoring_system |
epss |
| scoring_elements |
0.7416 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00808 |
| scoring_system |
epss |
| scoring_elements |
0.74187 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.01389 |
| scoring_system |
epss |
| scoring_elements |
0.80376 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.01389 |
| scoring_system |
epss |
| scoring_elements |
0.80371 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.01389 |
| scoring_system |
epss |
| scoring_elements |
0.8037 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.01389 |
| scoring_system |
epss |
| scoring_elements |
0.8034 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.01389 |
| scoring_system |
epss |
| scoring_elements |
0.80347 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.01389 |
| scoring_system |
epss |
| scoring_elements |
0.80361 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.01389 |
| scoring_system |
epss |
| scoring_elements |
0.80343 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.01389 |
| scoring_system |
epss |
| scoring_elements |
0.80332 |
| published_at |
2026-04-08T12:55:00Z |
|
| 11 |
| value |
0.01389 |
| scoring_system |
epss |
| scoring_elements |
0.80304 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3589 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://pypi.python.org/pypi/Pillow/2.3.2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://pypi.python.org/pypi/Pillow/2.3.2 |
|
| 13 |
| reference_url |
https://pypi.python.org/pypi/Pillow/2.5.2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://pypi.python.org/pypi/Pillow/2.5.2 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2014-3589 |
| reference_id |
CVE-2014-3589 |
| reference_type |
|
| scores |
| 0 |
| value |
5.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:N/I:N/A:P |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2014-3589 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@2.3.2 |
| purl |
pkg:pypi/pillow@2.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-366h-8f99-r7at |
|
| 3 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 4 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 5 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 6 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 7 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 8 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 9 |
| vulnerability |
VCID-8n2b-wvya-53e1 |
|
| 10 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 11 |
| vulnerability |
VCID-and9-6jty-pyeq |
|
| 12 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 13 |
| vulnerability |
VCID-avx2-mahw-mqes |
|
| 14 |
| vulnerability |
VCID-b3au-rcgp-2fag |
|
| 15 |
| vulnerability |
VCID-b5a2-83ej-puaw |
|
| 16 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 17 |
| vulnerability |
VCID-cas2-jb3y-vyhz |
|
| 18 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 19 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 20 |
| vulnerability |
VCID-dgds-v95g-pbcv |
|
| 21 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 22 |
| vulnerability |
VCID-e3gp-zc2b-budg |
|
| 23 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 24 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 25 |
| vulnerability |
VCID-gmd5-pbxc-a3gd |
|
| 26 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 27 |
| vulnerability |
VCID-h4x7-7fke-mqgp |
|
| 28 |
| vulnerability |
VCID-haum-8zpg-6kgf |
|
| 29 |
| vulnerability |
VCID-hmmq-5772-bycm |
|
| 30 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 31 |
| vulnerability |
VCID-m3tm-h4q9-9yay |
|
| 32 |
| vulnerability |
VCID-ma2g-2f8d-dqa9 |
|
| 33 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 34 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 35 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 36 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 37 |
| vulnerability |
VCID-qjqr-jyjn-xfh9 |
|
| 38 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 39 |
| vulnerability |
VCID-sns1-ksqr-vbhr |
|
| 40 |
| vulnerability |
VCID-stft-hsk9-zfdy |
|
| 41 |
| vulnerability |
VCID-u1en-t8ux-uube |
|
| 42 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 43 |
| vulnerability |
VCID-uf5t-asns-tudp |
|
| 44 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 45 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 46 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 47 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 48 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 49 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 50 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
| 51 |
| vulnerability |
VCID-xk66-1d31-2qbk |
|
| 52 |
| vulnerability |
VCID-zmd3-henq-r7bd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.3.2 |
|
| 1 |
| url |
pkg:pypi/pillow@2.5.2 |
| purl |
pkg:pypi/pillow@2.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-366h-8f99-r7at |
|
| 3 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 4 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 5 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 6 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 7 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 8 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 9 |
| vulnerability |
VCID-8n2b-wvya-53e1 |
|
| 10 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 11 |
| vulnerability |
VCID-and9-6jty-pyeq |
|
| 12 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 13 |
| vulnerability |
VCID-avx2-mahw-mqes |
|
| 14 |
| vulnerability |
VCID-b3au-rcgp-2fag |
|
| 15 |
| vulnerability |
VCID-b5a2-83ej-puaw |
|
| 16 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 17 |
| vulnerability |
VCID-cas2-jb3y-vyhz |
|
| 18 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 19 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 20 |
| vulnerability |
VCID-dgds-v95g-pbcv |
|
| 21 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 22 |
| vulnerability |
VCID-e3gp-zc2b-budg |
|
| 23 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 24 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 25 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 26 |
| vulnerability |
VCID-h4x7-7fke-mqgp |
|
| 27 |
| vulnerability |
VCID-haum-8zpg-6kgf |
|
| 28 |
| vulnerability |
VCID-hmmq-5772-bycm |
|
| 29 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 30 |
| vulnerability |
VCID-m3tm-h4q9-9yay |
|
| 31 |
| vulnerability |
VCID-ma2g-2f8d-dqa9 |
|
| 32 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 33 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 34 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 35 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 36 |
| vulnerability |
VCID-qjqr-jyjn-xfh9 |
|
| 37 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 38 |
| vulnerability |
VCID-sns1-ksqr-vbhr |
|
| 39 |
| vulnerability |
VCID-stft-hsk9-zfdy |
|
| 40 |
| vulnerability |
VCID-u1en-t8ux-uube |
|
| 41 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 42 |
| vulnerability |
VCID-uf5t-asns-tudp |
|
| 43 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 44 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 45 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 46 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 47 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 48 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 49 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
| 50 |
| vulnerability |
VCID-xk66-1d31-2qbk |
|
| 51 |
| vulnerability |
VCID-yccg-zw89-vqff |
|
| 52 |
| vulnerability |
VCID-zmd3-henq-r7bd |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.5.2 |
|
|
| aliases |
CVE-2014-3589, GHSA-cfmr-38g9-f2h7, PYSEC-2014-10
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vz9s-jqpb-2ybf |
|
| 51 |
| url |
VCID-w9uy-fnpm-cbak |
| vulnerability_id |
VCID-w9uy-fnpm-cbak |
| summary |
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-34552 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00337 |
| scoring_system |
epss |
| scoring_elements |
0.56536 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00337 |
| scoring_system |
epss |
| scoring_elements |
0.56566 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00337 |
| scoring_system |
epss |
| scoring_elements |
0.56532 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00337 |
| scoring_system |
epss |
| scoring_elements |
0.56551 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00337 |
| scoring_system |
epss |
| scoring_elements |
0.56575 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00337 |
| scoring_system |
epss |
| scoring_elements |
0.56565 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.00337 |
| scoring_system |
epss |
| scoring_elements |
0.5656 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00337 |
| scoring_system |
epss |
| scoring_elements |
0.5651 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00337 |
| scoring_system |
epss |
| scoring_elements |
0.5653 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00337 |
| scoring_system |
epss |
| scoring_elements |
0.56508 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00337 |
| scoring_system |
epss |
| scoring_elements |
0.5641 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-34552 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/advisories/GHSA-7534-mm45-c74v |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-7534-mm45-c74v |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.3.0 |
| purl |
pkg:pypi/pillow@8.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 3 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 4 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 5 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 6 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 7 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 8 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 9 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 10 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 11 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 12 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.3.0 |
|
|
| aliases |
BIT-pillow-2021-34552, CVE-2021-34552, GHSA-7534-mm45-c74v, PYSEC-2021-331
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w9uy-fnpm-cbak |
|
| 52 |
| url |
VCID-x15z-dejc-9ba6 |
| vulnerability_id |
VCID-x15z-dejc-9ba6 |
| summary |
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-35653 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52536 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52668 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52684 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52676 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52639 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52654 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52671 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.5262 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52626 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52575 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52608 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.00293 |
| scoring_system |
epss |
| scoring_elements |
0.52581 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-35653 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H |
|
| 1 |
| value |
8.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.1.0 |
| purl |
pkg:pypi/pillow@8.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 8 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 9 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 10 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 11 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 12 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 13 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 14 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 15 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 16 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 17 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 18 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 19 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 20 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 21 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 22 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 23 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 24 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 25 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 26 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 27 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 28 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.0 |
|
|
| aliases |
BIT-pillow-2020-35653, CVE-2020-35653, GHSA-f5g8-5qq7-938w, PYSEC-2021-69
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x15z-dejc-9ba6 |
|
| 53 |
| url |
VCID-xesd-d294-7fcx |
| vulnerability_id |
VCID-xesd-d294-7fcx |
| summary |
An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-28676 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58516 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58665 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.5866 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58627 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58647 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58666 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58648 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58642 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.5859 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58621 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.586 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59261 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-28676 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@8.2.0 |
| purl |
pkg:pypi/pillow@8.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 3 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 4 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 5 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 6 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 7 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 8 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 9 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 10 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 11 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 12 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 13 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0 |
|
|
| aliases |
BIT-pillow-2021-28676, CVE-2021-28676, GHSA-7r7m-5h27-29hp, PYSEC-2021-92
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xesd-d294-7fcx |
|
| 54 |
| url |
VCID-xk66-1d31-2qbk |
| vulnerability_id |
VCID-xk66-1d31-2qbk |
| summary |
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@6.2.0 |
| purl |
pkg:pypi/pillow@6.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 8 |
| vulnerability |
VCID-7bjx-gkf7-cke9 |
|
| 9 |
| vulnerability |
VCID-8n2b-wvya-53e1 |
|
| 10 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 11 |
| vulnerability |
VCID-and9-6jty-pyeq |
|
| 12 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 13 |
| vulnerability |
VCID-b3au-rcgp-2fag |
|
| 14 |
| vulnerability |
VCID-b5a2-83ej-puaw |
|
| 15 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 16 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 17 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 18 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 19 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 20 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 21 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 22 |
| vulnerability |
VCID-h4x7-7fke-mqgp |
|
| 23 |
| vulnerability |
VCID-haum-8zpg-6kgf |
|
| 24 |
| vulnerability |
VCID-hmmq-5772-bycm |
|
| 25 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 26 |
| vulnerability |
VCID-m3tm-h4q9-9yay |
|
| 27 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 28 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 29 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 30 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 31 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 32 |
| vulnerability |
VCID-sns1-ksqr-vbhr |
|
| 33 |
| vulnerability |
VCID-stft-hsk9-zfdy |
|
| 34 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 35 |
| vulnerability |
VCID-uf5t-asns-tudp |
|
| 36 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 37 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 38 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 39 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 40 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 41 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 42 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.0 |
|
|
| aliases |
PYSEC-2019-40
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xk66-1d31-2qbk |
|
| 55 |
| url |
VCID-zmd3-henq-r7bd |
| vulnerability_id |
VCID-zmd3-henq-r7bd |
| summary |
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2533 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02195 |
| scoring_system |
epss |
| scoring_elements |
0.8433 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.02195 |
| scoring_system |
epss |
| scoring_elements |
0.84411 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.02195 |
| scoring_system |
epss |
| scoring_elements |
0.84394 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.02195 |
| scoring_system |
epss |
| scoring_elements |
0.84388 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.02195 |
| scoring_system |
epss |
| scoring_elements |
0.84366 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.02195 |
| scoring_system |
epss |
| scoring_elements |
0.84364 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.02195 |
| scoring_system |
epss |
| scoring_elements |
0.84344 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.02195 |
| scoring_system |
epss |
| scoring_elements |
0.84426 |
| published_at |
2026-04-21T12:55:00Z |
|
| 8 |
| value |
0.02195 |
| scoring_system |
epss |
| scoring_elements |
0.84424 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.02195 |
| scoring_system |
epss |
| scoring_elements |
0.84401 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.02195 |
| scoring_system |
epss |
| scoring_elements |
0.84405 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2533 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2016-2533 |
| reference_id |
CVE-2016-2533 |
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:N/I:N/A:P |
|
| 1 |
| value |
6.5 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 3 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 4 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2016-2533 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/pillow@3.1.1 |
| purl |
pkg:pypi/pillow@3.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-19e1-19hk-duet |
|
| 1 |
| vulnerability |
VCID-1vt7-c6e3-7qc8 |
|
| 2 |
| vulnerability |
VCID-3qb5-8p8w-gkad |
|
| 3 |
| vulnerability |
VCID-3uk9-eds5-rkgc |
|
| 4 |
| vulnerability |
VCID-53ac-ceq4-qkhf |
|
| 5 |
| vulnerability |
VCID-5rv4-k1q9-zue2 |
|
| 6 |
| vulnerability |
VCID-64n5-pugj-vue8 |
|
| 7 |
| vulnerability |
VCID-6gyu-fzpg-c3bn |
|
| 8 |
| vulnerability |
VCID-8n2b-wvya-53e1 |
|
| 9 |
| vulnerability |
VCID-9ckw-ra54-z3b7 |
|
| 10 |
| vulnerability |
VCID-and9-6jty-pyeq |
|
| 11 |
| vulnerability |
VCID-aubw-tsmn-ffcq |
|
| 12 |
| vulnerability |
VCID-b3au-rcgp-2fag |
|
| 13 |
| vulnerability |
VCID-b5a2-83ej-puaw |
|
| 14 |
| vulnerability |
VCID-brp2-dtrf-jyfr |
|
| 15 |
| vulnerability |
VCID-cas2-jb3y-vyhz |
|
| 16 |
| vulnerability |
VCID-d7uf-zdbv-sba1 |
|
| 17 |
| vulnerability |
VCID-df4x-jt3h-17hx |
|
| 18 |
| vulnerability |
VCID-dpc3-td9q-dyee |
|
| 19 |
| vulnerability |
VCID-e3gp-zc2b-budg |
|
| 20 |
| vulnerability |
VCID-en6t-uxtq-bfek |
|
| 21 |
| vulnerability |
VCID-g46h-p8jk-cuhc |
|
| 22 |
| vulnerability |
VCID-gvjw-funa-sqak |
|
| 23 |
| vulnerability |
VCID-h4x7-7fke-mqgp |
|
| 24 |
| vulnerability |
VCID-haum-8zpg-6kgf |
|
| 25 |
| vulnerability |
VCID-hmmq-5772-bycm |
|
| 26 |
| vulnerability |
VCID-khp6-9hfx-1kge |
|
| 27 |
| vulnerability |
VCID-m3tm-h4q9-9yay |
|
| 28 |
| vulnerability |
VCID-n1hp-atex-ubh4 |
|
| 29 |
| vulnerability |
VCID-n1w5-f5p7-xuhb |
|
| 30 |
| vulnerability |
VCID-p6r3-puh1-zyg6 |
|
| 31 |
| vulnerability |
VCID-q4bb-qnxe-8bfa |
|
| 32 |
| vulnerability |
VCID-rncf-9nf8-wud3 |
|
| 33 |
| vulnerability |
VCID-sns1-ksqr-vbhr |
|
| 34 |
| vulnerability |
VCID-stft-hsk9-zfdy |
|
| 35 |
| vulnerability |
VCID-u1en-t8ux-uube |
|
| 36 |
| vulnerability |
VCID-ue18-zzau-x7hy |
|
| 37 |
| vulnerability |
VCID-uf5t-asns-tudp |
|
| 38 |
| vulnerability |
VCID-vdzj-kqfy-d3b7 |
|
| 39 |
| vulnerability |
VCID-vwbu-ruxm-tbh4 |
|
| 40 |
| vulnerability |
VCID-vxh1-8rvt-kkak |
|
| 41 |
| vulnerability |
VCID-vyzt-df2u-h3cc |
|
| 42 |
| vulnerability |
VCID-w9uy-fnpm-cbak |
|
| 43 |
| vulnerability |
VCID-x15z-dejc-9ba6 |
|
| 44 |
| vulnerability |
VCID-xesd-d294-7fcx |
|
| 45 |
| vulnerability |
VCID-xk66-1d31-2qbk |
|
| 46 |
| vulnerability |
VCID-yccg-zw89-vqff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.1.1 |
|
|
| aliases |
CVE-2016-2533, GHSA-3c5c-7235-994j, PYSEC-2016-19
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zmd3-henq-r7bd |
|