Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/pillow@12.1.1

Type pypi

Namespace

Name pillow

Version 12.1.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 12.2.0

Latest_non_vulnerable_version 12.2.0

Affected_by_vulnerabilities

url VCID-9x88-j4j1-kfe8

vulnerability_id VCID-9x88-j4j1-kfe8

summary Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42308.json

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42308.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-42308

reference_id

reference_type

scores

value	0.00015
scoring_system	epss
scoring_elements	0.03149
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-42308

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/python-pillow/Pillow

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow

reference_url

https://github.com/python-pillow/Pillow/releases/tag/12.2.0

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T15:02:54Z/

url

https://github.com/python-pillow/Pillow/releases/tag/12.2.0

reference_url

https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T15:02:54Z/

url

https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-42308

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-42308

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2468457
reference_id	2468457
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2468457

reference_url

https://github.com/advisories/GHSA-wjx4-4jcj-g98j

reference_id

GHSA-wjx4-4jcj-g98j

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wjx4-4jcj-g98j

fixed_packages

url	pkg:pypi/pillow@12.2.0
purl	pkg:pypi/pillow@12.2.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@12.2.0

aliases BIT-pillow-2026-42308, CVE-2026-42308, GHSA-wjx4-4jcj-g98j, PYSEC-2026-165

risk_score 2.8

exploitability 0.5

weighted_severity 5.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9x88-j4j1-kfe8

url VCID-bnps-2xy8-x3gt

vulnerability_id VCID-bnps-2xy8-x3gt

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40192.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40192.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-40192

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.04904
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-40192

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/python-pillow/Pillow

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow

reference_url

https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:37:11Z/

url

https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628

reference_url

https://github.com/python-pillow/Pillow/pull/9521

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:37:11Z/

url

https://github.com/python-pillow/Pillow/pull/9521

reference_url

https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:37:11Z/

url

https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-40192

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-40192

reference_url

https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:37:11Z/

url

https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134198
reference_id	1134198
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134198

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2458856
reference_id	2458856
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2458856

reference_url

https://github.com/advisories/GHSA-whj4-6x5x-4v2j

reference_id

GHSA-whj4-6x5x-4v2j

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-whj4-6x5x-4v2j

reference_url	https://access.redhat.com/errata/RHSA-2026:16008
reference_id	RHSA-2026:16008
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16008

reference_url	https://access.redhat.com/errata/RHSA-2026:16009
reference_id	RHSA-2026:16009
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16009

reference_url	https://access.redhat.com/errata/RHSA-2026:16030
reference_id	RHSA-2026:16030
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16030

reference_url	https://access.redhat.com/errata/RHSA-2026:16174
reference_id	RHSA-2026:16174
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16174

reference_url	https://access.redhat.com/errata/RHSA-2026:17609
reference_id	RHSA-2026:17609
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17609

reference_url	https://access.redhat.com/errata/RHSA-2026:17611
reference_id	RHSA-2026:17611
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:17611

reference_url	https://access.redhat.com/errata/RHSA-2026:19375
reference_id	RHSA-2026:19375
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19375

reference_url	https://access.redhat.com/errata/RHSA-2026:19712
reference_id	RHSA-2026:19712
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19712

reference_url	https://access.redhat.com/errata/RHSA-2026:21017
reference_id	RHSA-2026:21017
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21017

reference_url	https://usn.ubuntu.com/8211-1/
reference_id	USN-8211-1
reference_type
scores
url	https://usn.ubuntu.com/8211-1/

fixed_packages

url	pkg:pypi/pillow@12.2.0
purl	pkg:pypi/pillow@12.2.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@12.2.0

aliases CVE-2026-40192, GHSA-whj4-6x5x-4v2j

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bnps-2xy8-x3gt

Fixing_vulnerabilities

url VCID-v5xc-5ttc-bqff

vulnerability_id VCID-v5xc-5ttc-bqff

summary

Pillow affected by out-of-bounds write when loading PSD images
An out-of-bounds write may be triggered when loading a specially crafted PSD image. Pillow >= 10.3.0 users are affected.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25990.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25990.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25990

reference_id

reference_type

scores

value	0.00014
scoring_system	epss
scoring_elements	0.02957
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25990

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/python-pillow/Pillow

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow

reference_url

https://github.com/python-pillow/Pillow/commit/54ba4db542ad3c7b918812a4e2d69c27735a3199

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/commit/54ba4db542ad3c7b918812a4e2d69c27735a3199

reference_url

https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-11T21:21:01Z/

url

https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa

reference_url

https://github.com/python-pillow/Pillow/pull/9427

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/pull/9427

reference_url

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127925
reference_id	1127925
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127925

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2439170
reference_id	2439170
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2439170

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-25990

reference_id

CVE-2026-25990

reference_type

scores

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-25990

reference_url

https://github.com/advisories/GHSA-cfh3-3jmp-rvhc

reference_id

GHSA-cfh3-3jmp-rvhc

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cfh3-3jmp-rvhc

reference_url

https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc

reference_id

GHSA-cfh3-3jmp-rvhc

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-11T21:21:01Z/

url

https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc

reference_url	https://access.redhat.com/errata/RHSA-2026:10184
reference_id	RHSA-2026:10184
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:10184

reference_url	https://access.redhat.com/errata/RHSA-2026:14873
reference_id	RHSA-2026:14873
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:14873

reference_url	https://access.redhat.com/errata/RHSA-2026:14874
reference_id	RHSA-2026:14874
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:14874

reference_url	https://access.redhat.com/errata/RHSA-2026:16174
reference_id	RHSA-2026:16174
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16174

reference_url	https://access.redhat.com/errata/RHSA-2026:19712
reference_id	RHSA-2026:19712
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19712

reference_url	https://access.redhat.com/errata/RHSA-2026:3461
reference_id	RHSA-2026:3461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3461

reference_url	https://access.redhat.com/errata/RHSA-2026:3462
reference_id	RHSA-2026:3462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3462

reference_url	https://access.redhat.com/errata/RHSA-2026:4128
reference_id	RHSA-2026:4128
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4128

reference_url	https://access.redhat.com/errata/RHSA-2026:4942
reference_id	RHSA-2026:4942
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4942

reference_url	https://access.redhat.com/errata/RHSA-2026:5168
reference_id	RHSA-2026:5168
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5168

reference_url	https://access.redhat.com/errata/RHSA-2026:5665
reference_id	RHSA-2026:5665
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5665

reference_url	https://access.redhat.com/errata/RHSA-2026:6277
reference_id	RHSA-2026:6277
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6277

reference_url	https://access.redhat.com/errata/RHSA-2026:6278
reference_id	RHSA-2026:6278
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6278

reference_url	https://access.redhat.com/errata/RHSA-2026:6308
reference_id	RHSA-2026:6308
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6308

reference_url	https://access.redhat.com/errata/RHSA-2026:6309
reference_id	RHSA-2026:6309
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6309

reference_url	https://access.redhat.com/errata/RHSA-2026:6404
reference_id	RHSA-2026:6404
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6404

reference_url	https://access.redhat.com/errata/RHSA-2026:6497
reference_id	RHSA-2026:6497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6497

reference_url	https://access.redhat.com/errata/RHSA-2026:6567
reference_id	RHSA-2026:6567
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6567

reference_url	https://access.redhat.com/errata/RHSA-2026:6568
reference_id	RHSA-2026:6568
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6568

reference_url	https://usn.ubuntu.com/8047-1/
reference_id	USN-8047-1
reference_type
scores
url	https://usn.ubuntu.com/8047-1/

fixed_packages

url pkg:pypi/pillow@12.1.1

purl pkg:pypi/pillow@12.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9x88-j4j1-kfe8

vulnerability	VCID-bnps-2xy8-x3gt

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@12.1.1

aliases CVE-2026-25990, GHSA-cfh3-3jmp-rvhc

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v5xc-5ttc-bqff

Risk_score 2.8

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@12.1.1

Package Instance