Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pillow@11.1.0
Typepypi
Namespace
Namepillow
Version11.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version12.2.0
Latest_non_vulnerable_version12.2.0
Affected_by_vulnerabilities
0
url VCID-9x88-j4j1-kfe8
vulnerability_id VCID-9x88-j4j1-kfe8
summary Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42308.json
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42308.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42308
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03149
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42308
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
4
reference_url https://github.com/python-pillow/Pillow/releases/tag/12.2.0
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T15:02:54Z/
url https://github.com/python-pillow/Pillow/releases/tag/12.2.0
5
reference_url https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T15:02:54Z/
url https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42308
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42308
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2468457
reference_id 2468457
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2468457
8
reference_url https://github.com/advisories/GHSA-wjx4-4jcj-g98j
reference_id GHSA-wjx4-4jcj-g98j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wjx4-4jcj-g98j
fixed_packages
0
url pkg:pypi/pillow@12.2.0
purl pkg:pypi/pillow@12.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@12.2.0
aliases BIT-pillow-2026-42308, CVE-2026-42308, GHSA-wjx4-4jcj-g98j, PYSEC-2026-165
risk_score 2.8
exploitability 0.5
weighted_severity 5.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9x88-j4j1-kfe8
Fixing_vulnerabilities
Risk_score2.8
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pillow@11.1.0