Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/64754?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/64754?format=api", "purl": "pkg:pypi/pillow@8.2.0", "type": "pypi", "namespace": "", "name": "pillow", "version": "8.2.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "12.2.0", "latest_non_vulnerable_version": "12.2.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11580?format=api", "vulnerability_id": "VCID-1v7q-fxc9-9yb8", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24303.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24303.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24303", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02197", "scoring_system": "epss", "scoring_elements": "0.84833", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02197", "scoring_system": "epss", "scoring_elements": "0.84772", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02197", "scoring_system": "epss", "scoring_elements": "0.84824", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02197", "scoring_system": "epss", "scoring_elements": "0.84825", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24303" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-168.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-168.yaml" }, { "reference_url": "https://github.com/python-pillow/Pillow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow" }, { "reference_url": "https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1172", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1172" }, { "reference_url": "https://github.com/python-pillow/Pillow/commit/10c4f75aaa383bd9671e923e3b91d391ea12d781", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/commit/10c4f75aaa383bd9671e923e3b91d391ea12d781" }, { "reference_url": "https://github.com/python-pillow/Pillow/commit/143032103c9f2d55a0a7960bd3e630cb72549e8a", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/commit/143032103c9f2d55a0a7960bd3e630cb72549e8a" }, { "reference_url": "https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26" }, { "reference_url": "https://github.com/python-pillow/Pillow/pull/3450", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/pull/3450" }, { "reference_url": "https://github.com/python-pillow/Pillow/pull/6010", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/pull/6010" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W4ZUXPKEX72O3E5IHBPVY5ZCPMJ4GHHV", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W4ZUXPKEX72O3E5IHBPVY5ZCPMJ4GHHV" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XR6UP2XONXOVXI4446VY72R63YRO2YTP", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XR6UP2XONXOVXI4446VY72R63YRO2YTP" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052682", "reference_id": "2052682", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052682" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24303", "reference_id": "CVE-2022-24303", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24303" }, { "reference_url": "https://github.com/advisories/GHSA-9j59-75qj-795w", "reference_id": "GHSA-9j59-75qj-795w", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9j59-75qj-795w" }, { "reference_url": "https://usn.ubuntu.com/5777-1/", "reference_id": "USN-5777-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5777-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5777-2/", "reference_id": "USN-USN-5777-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5777-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18646?format=api", "purl": "pkg:pypi/pillow@9.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uxp-k5y1-ffg2" }, { "vulnerability": "VCID-8ba1-6ady-t3bu" }, { "vulnerability": "VCID-dgk5-xebs-8ka4" }, { "vulnerability": "VCID-e4kb-5eye-v3bf" }, { "vulnerability": "VCID-ewzb-us31-dbha" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-tegz-zqnk-63cj" }, { "vulnerability": "VCID-w8tu-h2gw-due5" }, { "vulnerability": "VCID-yb52-znrq-sbg6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.1" } ], "aliases": [ "BIT-pillow-2022-24303", "CVE-2022-24303", "GHSA-9j59-75qj-795w", "GMS-2022-348", "PYSEC-2022-168" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1v7q-fxc9-9yb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28659?format=api", "vulnerability_id": "VCID-2uxp-k5y1-ffg2", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42308.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42308.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42308", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04294", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04292", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04306", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42308" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42308", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42308" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2026-165.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2026-165.yaml" }, { "reference_url": "https://github.com/python-pillow/Pillow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42308", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42308" }, { "reference_url": "https://github.com/python-pillow/Pillow/releases/tag/12.2.0", "reference_id": "12.2.0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T15:02:54Z/" } ], "url": "https://github.com/python-pillow/Pillow/releases/tag/12.2.0" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468457", "reference_id": "2468457", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468457" }, { "reference_url": "https://github.com/advisories/GHSA-wjx4-4jcj-g98j", "reference_id": "GHSA-wjx4-4jcj-g98j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wjx4-4jcj-g98j" }, { "reference_url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j", "reference_id": "GHSA-wjx4-4jcj-g98j", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T15:02:54Z/" } ], "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j" }, { "reference_url": "https://usn.ubuntu.com/8399-1/", "reference_id": "USN-8399-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8399-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92845?format=api", "purl": "pkg:pypi/pillow@12.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@12.2.0" } ], "aliases": [ "BIT-pillow-2026-42308", "CVE-2026-42308", "GHSA-wjx4-4jcj-g98j", "PYSEC-2026-165" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2uxp-k5y1-ffg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11448?format=api", "vulnerability_id": "VCID-3sds-6wh7-b7ah", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22817.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22817.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22817", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02781", "scoring_system": "epss", "scoring_elements": "0.86445", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.02781", "scoring_system": "epss", "scoring_elements": "0.86447", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02781", "scoring_system": "epss", "scoring_elements": "0.86386", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02781", "scoring_system": "epss", "scoring_elements": "0.86437", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22817" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-10.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-10.yaml" }, { "reference_url": "https://github.com/python-pillow/Pillow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow" }, { "reference_url": "https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11" }, { "reference_url": "https://security.gentoo.org/glsa/202211-10", "reference_id": "202211-10", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/" } ], "url": "https://security.gentoo.org/glsa/202211-10" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042527", "reference_id": "2042527", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042527" }, { "reference_url": "https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval", "reference_id": "9.0.0.html#restrict-builtins-available-to-imagemath-eval", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/" } ], "url": "https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval" }, { "reference_url": "https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security", "reference_id": "9.0.1.html#security", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/" } ], "url": "https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22817", "reference_id": "CVE-2022-22817", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22817" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5053", "reference_id": "dsa-5053", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5053" }, { "reference_url": "https://github.com/advisories/GHSA-8vj2-vxx3-667w", "reference_id": "GHSA-8vj2-vxx3-667w", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8vj2-vxx3-667w" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html", "reference_id": "msg00018.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html", "reference_id": "msg00021.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0609", "reference_id": "RHSA-2022:0609", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0609" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0643", "reference_id": "RHSA-2022:0643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0643" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0665", "reference_id": "RHSA-2022:0665", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0665" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0667", "reference_id": "RHSA-2022:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0669", "reference_id": "RHSA-2022:0669", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0669" }, { "reference_url": "https://usn.ubuntu.com/5227-1/", "reference_id": "USN-5227-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5227-1/" }, { "reference_url": "https://usn.ubuntu.com/5227-2/", "reference_id": "USN-5227-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5227-2/" }, { "reference_url": "https://usn.ubuntu.com/5227-3/", "reference_id": "USN-5227-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5227-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18647?format=api", "purl": "pkg:pypi/pillow@9.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v7q-fxc9-9yb8" }, { "vulnerability": "VCID-2uxp-k5y1-ffg2" }, { "vulnerability": "VCID-3sds-6wh7-b7ah" }, { "vulnerability": "VCID-8ba1-6ady-t3bu" }, { "vulnerability": "VCID-dgk5-xebs-8ka4" }, { "vulnerability": "VCID-e4kb-5eye-v3bf" }, { "vulnerability": "VCID-ewzb-us31-dbha" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-tegz-zqnk-63cj" }, { "vulnerability": "VCID-w8tu-h2gw-due5" }, { "vulnerability": "VCID-yb52-znrq-sbg6" }, { "vulnerability": "VCID-ymvw-jvaw-wfav" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/18646?format=api", "purl": "pkg:pypi/pillow@9.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uxp-k5y1-ffg2" }, { "vulnerability": "VCID-8ba1-6ady-t3bu" }, { "vulnerability": "VCID-dgk5-xebs-8ka4" }, { "vulnerability": "VCID-e4kb-5eye-v3bf" }, { "vulnerability": "VCID-ewzb-us31-dbha" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-tegz-zqnk-63cj" }, { "vulnerability": "VCID-w8tu-h2gw-due5" }, { "vulnerability": "VCID-yb52-znrq-sbg6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.1" } ], "aliases": [ "BIT-pillow-2022-22817", "CVE-2022-22817", "GHSA-8vj2-vxx3-667w", "PYSEC-2022-10" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3sds-6wh7-b7ah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/360832?format=api", "vulnerability_id": "VCID-8ba1-6ady-t3bu", "summary": "Duplicate Advisory: Bundled libwebp in Pillow vulnerable\n## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-56pw-mpj4-fxww. This link is maintained to preserve external references.\n\n## Original Description\nPillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.", "references": [ { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-175.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-175.yaml" }, { "reference_url": "https://github.com/python-pillow/Pillow", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow" }, { "reference_url": "https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", "reference_id": "CVE-2023-4863", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863" }, { "reference_url": "https://github.com/advisories/GHSA-56pw-mpj4-fxww", "reference_id": "GHSA-56pw-mpj4-fxww", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-56pw-mpj4-fxww" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78312?format=api", "purl": "pkg:pypi/pillow@10.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uxp-k5y1-ffg2" }, { "vulnerability": "VCID-dgk5-xebs-8ka4" }, { "vulnerability": "VCID-e4kb-5eye-v3bf" }, { "vulnerability": "VCID-tegz-zqnk-63cj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.1" } ], "aliases": [ "GHSA-56pw-mpj4-fxww", "GMS-2023-3137" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8ba1-6ady-t3bu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9664?format=api", "vulnerability_id": "VCID-8dt4-cmd4-pubh", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34552.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34552.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-34552", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.57005", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.57013", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56879", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56999", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-34552" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34552", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34552" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-7534-mm45-c74v", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7534-mm45-c74v" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-331.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-331.yaml" }, { "reference_url": "https://github.com/python-pillow/Pillow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow" }, { "reference_url": "https://github.com/python-pillow/Pillow/commit/31c473898c29d1b7cb6555ce67d9503a4906b83f", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/commit/31c473898c29d1b7cb6555ce67d9503a4906b83f" }, { "reference_url": "https://github.com/python-pillow/Pillow/pull/5567", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/pull/5567" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34552", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34552" }, { "reference_url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow" }, { "reference_url": "https://pillow.readthedocs.io/en/stable/releasenotes/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pillow.readthedocs.io/en/stable/releasenotes/index.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982378", "reference_id": "1982378", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982378" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991293", "reference_id": "991293", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991293" }, { "reference_url": "https://security.archlinux.org/ASA-202107-26", "reference_id": "ASA-202107-26", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-26" }, { "reference_url": "https://security.archlinux.org/AVG-2150", "reference_id": "AVG-2150", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3917", "reference_id": "RHSA-2021:3917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4149", "reference_id": "RHSA-2021:4149", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4149" }, { "reference_url": "https://usn.ubuntu.com/5227-1/", "reference_id": "USN-5227-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5227-1/" }, { "reference_url": "https://usn.ubuntu.com/5227-2/", "reference_id": "USN-5227-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5227-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65423?format=api", "purl": "pkg:pypi/pillow@8.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v7q-fxc9-9yb8" }, { "vulnerability": "VCID-2uxp-k5y1-ffg2" }, { "vulnerability": "VCID-3sds-6wh7-b7ah" }, { "vulnerability": "VCID-8ba1-6ady-t3bu" }, { "vulnerability": "VCID-97zh-3c1e-r7bj" }, { "vulnerability": "VCID-dgk5-xebs-8ka4" }, { "vulnerability": "VCID-e4kb-5eye-v3bf" }, { "vulnerability": "VCID-ewzb-us31-dbha" }, { "vulnerability": "VCID-g84r-5413-jfdx" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-kc7d-ufbg-8yd2" }, { "vulnerability": "VCID-tegz-zqnk-63cj" }, { "vulnerability": "VCID-ujay-jc8b-g3bx" }, { "vulnerability": "VCID-w8tu-h2gw-due5" }, { "vulnerability": "VCID-yb52-znrq-sbg6" }, { "vulnerability": "VCID-ymvw-jvaw-wfav" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.3.0" } ], "aliases": [ "BIT-pillow-2021-34552", "CVE-2021-34552", "GHSA-7534-mm45-c74v", "PYSEC-2021-331" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8dt4-cmd4-pubh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208400?format=api", "vulnerability_id": "VCID-97zh-3c1e-r7bj", "summary": "Infinite loop in Pillow", "references": [ { "reference_url": "https://github.com/python-pillow/Pillow", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow" }, { "reference_url": "https://github.com/python-pillow/Pillow/commit/baae9ec4b67c68e3adaf1208cf54e8de5e38a6fd", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/commit/baae9ec4b67c68e3adaf1208cf54e8de5e38a6fd" }, { "reference_url": "https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#ensure-jpegimageplugin-stops-at-the-end-of-a-truncated-file", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#ensure-jpegimageplugin-stops-at-the-end-of-a-truncated-file" }, { "reference_url": "https://github.com/advisories/GHSA-4fx9-vc88-q2xc", "reference_id": "GHSA-4fx9-vc88-q2xc", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4fx9-vc88-q2xc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18647?format=api", "purl": "pkg:pypi/pillow@9.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v7q-fxc9-9yb8" }, { "vulnerability": "VCID-2uxp-k5y1-ffg2" }, { "vulnerability": "VCID-3sds-6wh7-b7ah" }, { "vulnerability": "VCID-8ba1-6ady-t3bu" }, { "vulnerability": "VCID-dgk5-xebs-8ka4" }, { "vulnerability": "VCID-e4kb-5eye-v3bf" }, { "vulnerability": "VCID-ewzb-us31-dbha" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-tegz-zqnk-63cj" }, { "vulnerability": "VCID-w8tu-h2gw-due5" }, { "vulnerability": "VCID-yb52-znrq-sbg6" }, { "vulnerability": "VCID-ymvw-jvaw-wfav" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0" } ], "aliases": [ "GHSA-4fx9-vc88-q2xc", "GMS-2022-347" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-97zh-3c1e-r7bj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18960?format=api", "vulnerability_id": "VCID-dgk5-xebs-8ka4", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28219.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28219.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-28219", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.58147", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.58265", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.58276", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.58261", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-28219" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python-pillow/Pillow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow" }, { "reference_url": "https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M" }, { "reference_url": "https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security", "reference_id": "10.3.0.html#security", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:R" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-03T18:09:55Z/" } ], "url": "https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272563", "reference_id": "2272563", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272563" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M/", "reference_id": "4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:R" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-03T18:09:55Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28219", "reference_id": "CVE-2024-28219", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28219" }, { "reference_url": "https://github.com/advisories/GHSA-44wm-f244-xhp3", "reference_id": "GHSA-44wm-f244-xhp3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-44wm-f244-xhp3" }, { "reference_url": "https://security.gentoo.org/glsa/202411-07", "reference_id": "GLSA-202411-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202411-07" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html", "reference_id": "msg00008.html", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:R" }, { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-03T18:09:55Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3781", "reference_id": "RHSA-2024:3781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4227", "reference_id": "RHSA-2024:4227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5662", "reference_id": "RHSA-2024:5662", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5662" }, { "reference_url": "https://usn.ubuntu.com/6744-1/", "reference_id": "USN-6744-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6744-1/" }, { "reference_url": "https://usn.ubuntu.com/6744-2/", "reference_id": "USN-6744-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6744-2/" }, { "reference_url": "https://usn.ubuntu.com/6744-3/", "reference_id": "USN-6744-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6744-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30132?format=api", "purl": "pkg:pypi/pillow@10.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uxp-k5y1-ffg2" }, { "vulnerability": "VCID-55d8-a8bp-m7hp" }, { "vulnerability": "VCID-e4kb-5eye-v3bf" }, { "vulnerability": "VCID-q5qz-c2bu-d3cn" }, { "vulnerability": "VCID-u313-1va2-tubg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.3.0" } ], "aliases": [ "CVE-2024-28219", "GHSA-44wm-f244-xhp3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dgk5-xebs-8ka4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28661?format=api", "vulnerability_id": "VCID-e4kb-5eye-v3bf", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42310.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42310.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42310", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02696", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0269", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02701", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42310" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python-pillow/Pillow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42310", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42310" }, { "reference_url": "https://github.com/python-pillow/Pillow/releases/tag/12.2.0", "reference_id": "12.2.0", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:33:37Z/" } ], "url": "https://github.com/python-pillow/Pillow/releases/tag/12.2.0" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468461", "reference_id": "2468461", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468461" }, { "reference_url": "https://github.com/python-pillow/Pillow/commit/3bf614e4b8615d0ce1d5039efaf6db447fe7c468", "reference_id": "3bf614e4b8615d0ce1d5039efaf6db447fe7c468", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:33:37Z/" } ], "url": "https://github.com/python-pillow/Pillow/commit/3bf614e4b8615d0ce1d5039efaf6db447fe7c468" }, { "reference_url": "https://github.com/python-pillow/Pillow/pull/9519", "reference_id": "9519", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:33:37Z/" } ], "url": "https://github.com/python-pillow/Pillow/pull/9519" }, { "reference_url": "https://github.com/advisories/GHSA-r73j-pqj5-w3x7", "reference_id": "GHSA-r73j-pqj5-w3x7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r73j-pqj5-w3x7" }, { "reference_url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-r73j-pqj5-w3x7", "reference_id": "GHSA-r73j-pqj5-w3x7", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:33:37Z/" } ], "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-r73j-pqj5-w3x7" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16008", "reference_id": "RHSA-2026:16008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16008" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16009", "reference_id": "RHSA-2026:16009", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16009" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16030", "reference_id": "RHSA-2026:16030", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16030" }, { "reference_url": "https://usn.ubuntu.com/8399-1/", "reference_id": "USN-8399-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8399-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92845?format=api", "purl": "pkg:pypi/pillow@12.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@12.2.0" } ], "aliases": [ "CVE-2026-42310", "GHSA-r73j-pqj5-w3x7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e4kb-5eye-v3bf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218341?format=api", "vulnerability_id": "VCID-ewzb-us31-dbha", "summary": "Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.", "references": [ { "reference_url": "https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5129" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78312?format=api", "purl": "pkg:pypi/pillow@10.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uxp-k5y1-ffg2" }, { "vulnerability": "VCID-dgk5-xebs-8ka4" }, { "vulnerability": "VCID-e4kb-5eye-v3bf" }, { "vulnerability": "VCID-tegz-zqnk-63cj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.1" } ], "aliases": [ "PYSEC-2023-175" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ewzb-us31-dbha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9121?format=api", "vulnerability_id": "VCID-g84r-5413-jfdx", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23437.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23437.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45694", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.4568", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45538", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45685", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23437" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-98vv-pw6r-q6q4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-98vv-pw6r-q6q4" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-317.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-317.yaml" }, { "reference_url": "https://github.com/python-pillow/Pillow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow" }, { "reference_url": "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23437", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23437" }, { "reference_url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html" }, { "reference_url": "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001907", "reference_id": "2001907", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001907" }, { "reference_url": "https://security.archlinux.org/AVG-2366", "reference_id": "AVG-2366", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2366" }, { "reference_url": "https://usn.ubuntu.com/5227-1/", "reference_id": "USN-5227-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5227-1/" }, { "reference_url": "https://usn.ubuntu.com/5227-2/", "reference_id": "USN-5227-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5227-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66124?format=api", "purl": "pkg:pypi/pillow@8.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v7q-fxc9-9yb8" }, { "vulnerability": "VCID-2uxp-k5y1-ffg2" }, { "vulnerability": "VCID-3sds-6wh7-b7ah" }, { "vulnerability": "VCID-8ba1-6ady-t3bu" }, { "vulnerability": "VCID-97zh-3c1e-r7bj" }, { "vulnerability": "VCID-dgk5-xebs-8ka4" }, { "vulnerability": "VCID-e4kb-5eye-v3bf" }, { "vulnerability": "VCID-ewzb-us31-dbha" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-kc7d-ufbg-8yd2" }, { "vulnerability": "VCID-tegz-zqnk-63cj" }, { "vulnerability": "VCID-ujay-jc8b-g3bx" }, { "vulnerability": "VCID-w8tu-h2gw-due5" }, { "vulnerability": "VCID-yb52-znrq-sbg6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.3.2" } ], "aliases": [ "BIT-pillow-2021-23437", "CVE-2021-23437", "GHSA-98vv-pw6r-q6q4", "PYSEC-2021-317", "SNYK-PYTHON-PILLOW-1319443" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g84r-5413-jfdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16073?format=api", "vulnerability_id": "VCID-jw6f-farc-7bhq", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4863.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4863.json" }, { "reference_url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4863", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93301", "scoring_system": "epss", "scoring_elements": "0.99817", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.93301", "scoring_system": "epss", "scoring_elements": "0.99818", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4863" }, { "reference_url": "https://blog.isosceles.com/the-webp-0day", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.isosceles.com/the-webp-0day" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863" }, { "reference_url": "https://en.bandisoft.com/honeyview/history", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://en.bandisoft.com/honeyview/history" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0" }, { "reference_url": "https://github.com/electron/electron/pull/39823", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/39823" }, { "reference_url": "https://github.com/electron/electron/pull/39825", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/39825" }, { "reference_url": "https://github.com/electron/electron/pull/39826", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/39826" }, { "reference_url": "https://github.com/electron/electron/pull/39827", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/39827" }, { "reference_url": "https://github.com/electron/electron/pull/39828", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/39828" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/discussions/6664", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/discussions/6664" }, { "reference_url": "https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc" }, { "reference_url": "https://github.com/jaredforth/webp/pull/30", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jaredforth/webp/pull/30" }, { "reference_url": "https://github.com/python-pillow/Pillow/pull/7395", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/pull/7395" }, { "reference_url": "https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b" }, { "reference_url": "https://github.com/qnighy/libwebp-sys2-rs/pull/21", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/qnighy/libwebp-sys2-rs/pull/21" }, { "reference_url": "https://github.com/webmproject/libwebp", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/webmproject/libwebp" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I" }, { "reference_url": "https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2023-0060.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2023-0060.html" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2023-0061.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2023-0061.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230929-0011", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230929-0011" }, { "reference_url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863" }, { "reference_url": "https://www.bentley.com/advisories/be-2023-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.bentley.com/advisories/be-2023-0001" }, { "reference_url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/22/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/26/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/26/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/28/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051787", "reference_id": "1051787", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051787" }, { "reference_url": "https://crbug.com/1479274", "reference_id": "1479274", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://crbug.com/1479274" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/28/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/2" }, { "reference_url": "https://security.gentoo.org/glsa/202309-05", "reference_id": "202309-05", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://security.gentoo.org/glsa/202309-05" }, { "reference_url": "https://security.gentoo.org/glsa/202401-10", "reference_id": "202401-10", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://security.gentoo.org/glsa/202401-10" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", "reference_id": "2238431", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/22/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/21/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/21/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/22/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/28/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/22/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/22/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/", "reference_id": "6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/22/7", "reference_id": "7", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/7" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/26/7", "reference_id": "7", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/26/7" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/22/8", "reference_id": "8", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/8" }, { "reference_url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a", "reference_id": "902bc9190331343b2017211debcec8d2ab87e17a", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a" }, { "reference_url": "https://www.bentley.com/advisories/be-2023-0001/", "reference_id": "be-2023-0001", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://www.bentley.com/advisories/be-2023-0001/" }, { "reference_url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", "reference_id": "critical-vulnerability-in-webp-codec-cve-2023-4863", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/" }, { "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863", "reference_id": "CVE-2023-4863", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", "reference_id": "CVE-2023-4863", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2023-4863", "reference_id": "CVE-2023-4863", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2023-4863" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5496", "reference_id": "dsa-5496", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5496" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5497", "reference_id": "dsa-5497", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5497" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5498", "reference_id": "dsa-5498", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5498" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/", "reference_id": "FYYKLG6CRGEDTNRBSU26EEWAO6D6U645", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/" }, { "reference_url": "https://github.com/advisories/GHSA-j7hp-h8jx-5ppr", "reference_id": "GHSA-j7hp-h8jx-5ppr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j7hp-h8jx-5ppr" }, { "reference_url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/", "reference_id": "google-fixes-another-chrome-zero-day-bug-exploited-in-attacks", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/" }, { "reference_url": "https://en.bandisoft.com/honeyview/history/", "reference_id": "history", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://en.bandisoft.com/honeyview/history/" }, { "reference_url": "https://news.ycombinator.com/item?id=37478403", "reference_id": "item?id=37478403", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://news.ycombinator.com/item?id=37478403" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/", "reference_id": "KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", "reference_id": "mfsa2023-40", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html", "reference_id": "msg00015.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html", "reference_id": "msg00016.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html", "reference_id": "msg00017.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230929-0011/", "reference_id": "ntap-20230929-0011", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230929-0011/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/", "reference_id": "OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/", "reference_id": "PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5183", "reference_id": "RHSA-2023:5183", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5183" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5184", "reference_id": "RHSA-2023:5184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5185", "reference_id": "RHSA-2023:5185", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5185" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5186", "reference_id": "RHSA-2023:5186", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5186" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5187", "reference_id": "RHSA-2023:5187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5187" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5188", "reference_id": "RHSA-2023:5188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5189", "reference_id": "RHSA-2023:5189", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5189" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5190", "reference_id": "RHSA-2023:5190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5191", "reference_id": "RHSA-2023:5191", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5191" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5192", "reference_id": "RHSA-2023:5192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5197", "reference_id": "RHSA-2023:5197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5198", "reference_id": "RHSA-2023:5198", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5198" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5200", "reference_id": "RHSA-2023:5200", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5200" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5201", "reference_id": "RHSA-2023:5201", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5201" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5202", "reference_id": "RHSA-2023:5202", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5202" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5204", "reference_id": "RHSA-2023:5204", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5204" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5205", "reference_id": "RHSA-2023:5205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5214", "reference_id": "RHSA-2023:5214", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5214" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5222", "reference_id": "RHSA-2023:5222", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5222" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5223", "reference_id": "RHSA-2023:5223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5224", "reference_id": "RHSA-2023:5224", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5224" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5236", "reference_id": "RHSA-2023:5236", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5236" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5309", "reference_id": "RHSA-2023:5309", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5309" }, { "reference_url": "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16", "reference_id": "security-developer-in-residence-weekly-report-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231", "reference_id": "show_bug.cgi?id=1215231", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231" }, { "reference_url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html", "reference_id": "stable-channel-update-for-desktop_11.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html" }, { "reference_url": "https://blog.isosceles.com/the-webp-0day/", "reference_id": "the-webp-0day", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://blog.isosceles.com/the-webp-0day/" }, { "reference_url": "https://usn.ubuntu.com/6367-1/", "reference_id": "USN-6367-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6367-1/" }, { "reference_url": "https://usn.ubuntu.com/6368-1/", "reference_id": "USN-6368-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6368-1/" }, { "reference_url": "https://usn.ubuntu.com/6369-1/", "reference_id": "USN-6369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6369-1/" }, { "reference_url": "https://usn.ubuntu.com/6369-2/", "reference_id": "USN-6369-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6369-2/" }, { "reference_url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2", "reference_id": "v1.3.2", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/", "reference_id": "WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/" }, { "reference_url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/", "reference_id": "whose-cve-is-it-anyway", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/", "reference_id": "WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78312?format=api", "purl": "pkg:pypi/pillow@10.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uxp-k5y1-ffg2" }, { "vulnerability": "VCID-dgk5-xebs-8ka4" }, { "vulnerability": "VCID-e4kb-5eye-v3bf" }, { "vulnerability": "VCID-tegz-zqnk-63cj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.1" } ], "aliases": [ "CVE-2023-4863", "GHSA-j7hp-h8jx-5ppr" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jw6f-farc-7bhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11447?format=api", "vulnerability_id": "VCID-kc7d-ufbg-8yd2", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22816.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22816.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22816", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33627", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33623", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33446", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33649", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22816" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-9.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-9.yaml" }, { "reference_url": "https://github.com/python-pillow/Pillow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow" }, { "reference_url": "https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331" }, { "reference_url": "https://github.com/python-pillow/Pillow/commit/5543e4e2d409cd9e409bc64cdc77be0af007a31f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/commit/5543e4e2d409cd9e409bc64cdc77be0af007a31f" }, { "reference_url": "https://github.com/python-pillow/Pillow/pull/5920", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/pull/5920" }, { "reference_url": "https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042522", "reference_id": "2042522", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042522" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22816", "reference_id": "CVE-2022-22816", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22816" }, { "reference_url": "https://github.com/advisories/GHSA-xrcv-f9gm-v42c", "reference_id": "GHSA-xrcv-f9gm-v42c", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xrcv-f9gm-v42c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0609", "reference_id": "RHSA-2022:0609", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0609" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0643", "reference_id": "RHSA-2022:0643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0643" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0665", "reference_id": "RHSA-2022:0665", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0665" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0667", "reference_id": "RHSA-2022:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0669", "reference_id": "RHSA-2022:0669", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0669" }, { "reference_url": "https://usn.ubuntu.com/5227-1/", "reference_id": "USN-5227-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5227-1/" }, { "reference_url": "https://usn.ubuntu.com/5227-2/", "reference_id": "USN-5227-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5227-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18647?format=api", "purl": "pkg:pypi/pillow@9.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v7q-fxc9-9yb8" }, { "vulnerability": "VCID-2uxp-k5y1-ffg2" }, { "vulnerability": "VCID-3sds-6wh7-b7ah" }, { "vulnerability": "VCID-8ba1-6ady-t3bu" }, { "vulnerability": "VCID-dgk5-xebs-8ka4" }, { "vulnerability": "VCID-e4kb-5eye-v3bf" }, { "vulnerability": "VCID-ewzb-us31-dbha" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-tegz-zqnk-63cj" }, { "vulnerability": "VCID-w8tu-h2gw-due5" }, { "vulnerability": "VCID-yb52-znrq-sbg6" }, { "vulnerability": "VCID-ymvw-jvaw-wfav" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0" } ], "aliases": [ "BIT-pillow-2022-22816", "CVE-2022-22816", "GHSA-xrcv-f9gm-v42c", "PYSEC-2022-9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kc7d-ufbg-8yd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16132?format=api", "vulnerability_id": "VCID-tegz-zqnk-63cj", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50447.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50447.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00754", "scoring_system": "epss", "scoring_elements": "0.73672", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00754", "scoring_system": "epss", "scoring_elements": "0.73762", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00754", "scoring_system": "epss", "scoring_elements": "0.73763", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00754", "scoring_system": "epss", "scoring_elements": "0.73747", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219" }, { "reference_url": "https://duartecsantos.github.io/2023-01-02-CVE-2023-50447", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://duartecsantos.github.io/2023-01-02-CVE-2023-50447" }, { "reference_url": "https://duartecsantos.github.io/2024-01-02-CVE-2023-50447", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://duartecsantos.github.io/2024-01-02-CVE-2023-50447" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python-pillow/Pillow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow" }, { "reference_url": "https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a" }, { "reference_url": "https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#security", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#security" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/20/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/20/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061172", "reference_id": "1061172", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061172" }, { "reference_url": "https://duartecsantos.github.io/2024-01-02-CVE-2023-50447/", "reference_id": "2024-01-02-CVE-2023-50447", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/" } ], "url": "https://duartecsantos.github.io/2024-01-02-CVE-2023-50447/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259479", "reference_id": "2259479", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259479" }, { "reference_url": "https://devhub.checkmarx.com/cve-details/CVE-2023-50447", "reference_id": "CVE-2023-50447", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://devhub.checkmarx.com/cve-details/CVE-2023-50447" }, { "reference_url": "https://devhub.checkmarx.com/cve-details/CVE-2023-50447/", "reference_id": "CVE-2023-50447", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/" } ], "url": "https://devhub.checkmarx.com/cve-details/CVE-2023-50447/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50447", "reference_id": "CVE-2023-50447", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50447" }, { "reference_url": "https://github.com/advisories/GHSA-3f63-hfp8-52jq", "reference_id": "GHSA-3f63-hfp8-52jq", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3f63-hfp8-52jq" }, { "reference_url": "https://security.gentoo.org/glsa/202405-12", "reference_id": "GLSA-202405-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-12" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00019.html", "reference_id": "msg00019.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00019.html" }, { "reference_url": "https://github.com/python-pillow/Pillow/releases", "reference_id": "releases", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/" } ], "url": "https://github.com/python-pillow/Pillow/releases" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0754", "reference_id": "RHSA-2024:0754", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0754" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0857", "reference_id": "RHSA-2024:0857", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0893", "reference_id": "RHSA-2024:0893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0893" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1058", "reference_id": "RHSA-2024:1058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1059", "reference_id": "RHSA-2024:1059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1060", "reference_id": "RHSA-2024:1060", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1060" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3781", "reference_id": "RHSA-2024:3781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3781" }, { "reference_url": "https://usn.ubuntu.com/6618-1/", "reference_id": "USN-6618-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6618-1/" }, { "reference_url": "https://usn.ubuntu.com/8135-1/", "reference_id": "USN-8135-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8135-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28466?format=api", "purl": "pkg:pypi/pillow@10.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uxp-k5y1-ffg2" }, { "vulnerability": "VCID-dgk5-xebs-8ka4" }, { "vulnerability": "VCID-e4kb-5eye-v3bf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.2.0" } ], "aliases": [ "CVE-2023-50447", "GHSA-3f63-hfp8-52jq" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tegz-zqnk-63cj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11446?format=api", "vulnerability_id": "VCID-ujay-jc8b-g3bx", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22815.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22815.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22815", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26552", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26551", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26349", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26566", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22815" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-8.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-8.yaml" }, { "reference_url": "https://github.com/python-pillow/Pillow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow" }, { "reference_url": "https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331" }, { "reference_url": "https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1187", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1187" }, { "reference_url": "https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c" }, { "reference_url": "https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c" }, { "reference_url": "https://github.com/python-pillow/Pillow/pull/5920", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/pull/5920" }, { "reference_url": "https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042511", "reference_id": "2042511", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042511" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22815", "reference_id": "CVE-2022-22815", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22815" }, { "reference_url": "https://github.com/advisories/GHSA-pw3c-h7wp-cvhx", "reference_id": "GHSA-pw3c-h7wp-cvhx", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pw3c-h7wp-cvhx" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0643", "reference_id": "RHSA-2022:0643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0643" }, { "reference_url": "https://usn.ubuntu.com/5227-1/", "reference_id": "USN-5227-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5227-1/" }, { "reference_url": "https://usn.ubuntu.com/5227-2/", "reference_id": "USN-5227-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5227-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18647?format=api", "purl": "pkg:pypi/pillow@9.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v7q-fxc9-9yb8" }, { "vulnerability": "VCID-2uxp-k5y1-ffg2" }, { "vulnerability": "VCID-3sds-6wh7-b7ah" }, { "vulnerability": "VCID-8ba1-6ady-t3bu" }, { "vulnerability": "VCID-dgk5-xebs-8ka4" }, { "vulnerability": "VCID-e4kb-5eye-v3bf" }, { "vulnerability": "VCID-ewzb-us31-dbha" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-tegz-zqnk-63cj" }, { "vulnerability": "VCID-w8tu-h2gw-due5" }, { "vulnerability": "VCID-yb52-znrq-sbg6" }, { "vulnerability": "VCID-ymvw-jvaw-wfav" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0" } ], "aliases": [ "BIT-pillow-2022-22815", "CVE-2022-22815", "GHSA-pw3c-h7wp-cvhx", "PYSEC-2022-8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ujay-jc8b-g3bx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12590?format=api", "vulnerability_id": "VCID-w8tu-h2gw-due5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45198", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56733", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56609", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56744", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56729", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45198" }, { "reference_url": "https://bugs.gentoo.org/855683", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.gentoo.org/855683" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45198", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45198" }, { "reference_url": "https://cwe.mitre.org/data/definitions/409.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwe.mitre.org/data/definitions/409.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-42979.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-42979.yaml" }, { "reference_url": "https://github.com/python-pillow/Pillow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow" }, { "reference_url": "https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4" }, { "reference_url": "https://github.com/python-pillow/Pillow/pull/6402", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/pull/6402" }, { "reference_url": "https://github.com/python-pillow/Pillow/pull/6402/commits/c9f1b35e981075110a23487a8d4a6cbb59a588ea", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/pull/6402/commits/c9f1b35e981075110a23487a8d4a6cbb59a588ea" }, { "reference_url": "https://github.com/python-pillow/Pillow/releases/tag/9.2.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/releases/tag/9.2.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45198", "reference_id": "CVE-2022-45198", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45198" }, { "reference_url": "https://github.com/advisories/GHSA-m2vv-5vj5-2hm7", "reference_id": "GHSA-m2vv-5vj5-2hm7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m2vv-5vj5-2hm7" }, { "reference_url": "https://usn.ubuntu.com/5777-1/", "reference_id": "USN-5777-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5777-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5777-2/", "reference_id": "USN-USN-5777-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5777-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27850?format=api", "purl": "pkg:pypi/pillow@9.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uxp-k5y1-ffg2" }, { "vulnerability": "VCID-8ba1-6ady-t3bu" }, { "vulnerability": "VCID-dgk5-xebs-8ka4" }, { "vulnerability": "VCID-e4kb-5eye-v3bf" }, { "vulnerability": "VCID-ewzb-us31-dbha" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-tegz-zqnk-63cj" }, { "vulnerability": "VCID-yb52-znrq-sbg6" }, { "vulnerability": "VCID-ymvw-jvaw-wfav" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.2.0" } ], "aliases": [ "BIT-pillow-2022-45198", "CVE-2022-45198", "GHSA-m2vv-5vj5-2hm7", "PYSEC-2022-42979" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w8tu-h2gw-due5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15912?format=api", "vulnerability_id": "VCID-yb52-znrq-sbg6", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44271.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44271.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44271", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46957", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46815", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46953", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46971", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44271" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219" }, { "reference_url": "https://devhub.checkmarx.com/cve-details/CVE-2023-44271", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://devhub.checkmarx.com/cve-details/CVE-2023-44271" }, { "reference_url": "https://devhub.checkmarx.com/cve-details/CVE-2023-44271/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://devhub.checkmarx.com/cve-details/CVE-2023-44271/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-8ghj-p4vj-mr35", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8ghj-p4vj-mr35" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-227.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-227.yaml" }, { "reference_url": "https://github.com/python-pillow/Pillow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow" }, { "reference_url": "https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7" }, { "reference_url": "https://github.com/python-pillow/Pillow/pull/7244", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/pull/7244" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44271", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44271" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247820", "reference_id": "2247820", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247820" }, { "reference_url": "https://security.gentoo.org/glsa/202405-12", "reference_id": "GLSA-202405-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0345", "reference_id": "RHSA-2024:0345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1057", "reference_id": "RHSA-2024:1057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3005", "reference_id": "RHSA-2024:3005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3005" }, { "reference_url": "https://usn.ubuntu.com/6618-1/", "reference_id": "USN-6618-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6618-1/" }, { "reference_url": "https://usn.ubuntu.com/8135-1/", "reference_id": "USN-8135-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8135-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78311?format=api", "purl": "pkg:pypi/pillow@10.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uxp-k5y1-ffg2" }, { "vulnerability": "VCID-8ba1-6ady-t3bu" }, { "vulnerability": "VCID-dgk5-xebs-8ka4" }, { "vulnerability": "VCID-e4kb-5eye-v3bf" }, { "vulnerability": "VCID-ewzb-us31-dbha" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-tegz-zqnk-63cj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.0" } ], "aliases": [ "BIT-pillow-2023-44271", "CVE-2023-44271", "GHSA-8ghj-p4vj-mr35", "PYSEC-2023-227" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yb52-znrq-sbg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12591?format=api", "vulnerability_id": "VCID-ymvw-jvaw-wfav", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45199", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38638", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38627", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38443", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38616", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45199" }, { "reference_url": "https://bugs.gentoo.org/878769", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.gentoo.org/878769" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-42980.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-42980.yaml" }, { "reference_url": "https://github.com/python-pillow/Pillow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow" }, { "reference_url": "https://github.com/python-pillow/Pillow/commit/2444cddab2f83f28687c7c20871574acbb6dbcf3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/commit/2444cddab2f83f28687c7c20871574acbb6dbcf3" }, { "reference_url": "https://github.com/python-pillow/Pillow/pull/6700", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/pull/6700" }, { "reference_url": "https://github.com/python-pillow/Pillow/releases/tag/9.3.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/releases/tag/9.3.0" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024512", "reference_id": "1024512", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024512" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45199", "reference_id": "CVE-2022-45199", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45199" }, { "reference_url": "https://github.com/advisories/GHSA-q4mp-jvh2-76fj", "reference_id": "GHSA-q4mp-jvh2-76fj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q4mp-jvh2-76fj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27851?format=api", "purl": "pkg:pypi/pillow@9.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uxp-k5y1-ffg2" }, { "vulnerability": "VCID-8ba1-6ady-t3bu" }, { "vulnerability": "VCID-dgk5-xebs-8ka4" }, { "vulnerability": "VCID-e4kb-5eye-v3bf" }, { "vulnerability": "VCID-ewzb-us31-dbha" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-tegz-zqnk-63cj" }, { "vulnerability": "VCID-yb52-znrq-sbg6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.3.0" } ], "aliases": [ "BIT-pillow-2022-45199", "CVE-2022-45199", "GHSA-q4mp-jvh2-76fj", "PYSEC-2022-42980" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ymvw-jvaw-wfav" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9302?format=api", "vulnerability_id": "VCID-1kye-11pz-yke5", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28678.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28678.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28678", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29217", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29014", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29224", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29236", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28678" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-hjfx-8p6c-g7gx", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hjfx-8p6c-g7gx" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-94.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-94.yaml" }, { "reference_url": "https://github.com/python-pillow/Pillow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow" }, { "reference_url": "https://github.com/python-pillow/Pillow/pull/5377", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/pull/5377" }, { "reference_url": "https://github.com/python-pillow/Pillow/pull/5377/commits/496245aa4365d0827390bd0b6fbd11287453b3a1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/pull/5377/commits/496245aa4365d0827390bd0b6fbd11287453b3a1" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28678", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28678" }, { "reference_url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958263", "reference_id": "1958263", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958263" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062", "reference_id": "989062", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062" }, { "reference_url": "https://security.gentoo.org/glsa/202107-33", "reference_id": "GLSA-202107-33", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202107-33" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4149", "reference_id": "RHSA-2021:4149", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4149" }, { "reference_url": "https://usn.ubuntu.com/4963-1/", "reference_id": "USN-4963-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4963-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64754?format=api", "purl": "pkg:pypi/pillow@8.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v7q-fxc9-9yb8" }, { "vulnerability": "VCID-2uxp-k5y1-ffg2" }, { "vulnerability": "VCID-3sds-6wh7-b7ah" }, { "vulnerability": "VCID-8ba1-6ady-t3bu" }, { "vulnerability": "VCID-8dt4-cmd4-pubh" }, { "vulnerability": "VCID-97zh-3c1e-r7bj" }, { "vulnerability": "VCID-dgk5-xebs-8ka4" }, { "vulnerability": "VCID-e4kb-5eye-v3bf" }, { "vulnerability": "VCID-ewzb-us31-dbha" }, { "vulnerability": "VCID-g84r-5413-jfdx" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-kc7d-ufbg-8yd2" }, { "vulnerability": "VCID-tegz-zqnk-63cj" }, { "vulnerability": "VCID-ujay-jc8b-g3bx" }, { "vulnerability": "VCID-w8tu-h2gw-due5" }, { "vulnerability": "VCID-yb52-znrq-sbg6" }, { "vulnerability": "VCID-ymvw-jvaw-wfav" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0" } ], "aliases": [ "BIT-pillow-2021-28678", "CVE-2021-28678", "GHSA-hjfx-8p6c-g7gx", "PYSEC-2021-94" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1kye-11pz-yke5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9299?format=api", "vulnerability_id": "VCID-3qnz-hn1v-tffk", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28675.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28675.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28675", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34672", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34495", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34676", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34696", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28675" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28675" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-g6rj-rv7j-xwp4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g6rj-rv7j-xwp4" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-139.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-139.yaml" }, { "reference_url": "https://github.com/python-pillow/Pillow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow" }, { "reference_url": "https://github.com/python-pillow/Pillow/pull/5377/commits/22e9bee4ef225c0edbb9323f94c26cee0c623497", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/pull/5377/commits/22e9bee4ef225c0edbb9323f94c26cee0c623497" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28675", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28675" }, { "reference_url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958240", "reference_id": "1958240", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958240" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062", "reference_id": "989062", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062" }, { "reference_url": "https://security.gentoo.org/glsa/202107-33", "reference_id": "GLSA-202107-33", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202107-33" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4149", "reference_id": "RHSA-2021:4149", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4149" }, { "reference_url": "https://usn.ubuntu.com/4963-1/", "reference_id": "USN-4963-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4963-1/" }, { "reference_url": "https://usn.ubuntu.com/8135-1/", "reference_id": "USN-8135-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8135-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64754?format=api", "purl": "pkg:pypi/pillow@8.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v7q-fxc9-9yb8" }, { "vulnerability": "VCID-2uxp-k5y1-ffg2" }, { "vulnerability": "VCID-3sds-6wh7-b7ah" }, { "vulnerability": "VCID-8ba1-6ady-t3bu" }, { "vulnerability": "VCID-8dt4-cmd4-pubh" }, { "vulnerability": "VCID-97zh-3c1e-r7bj" }, { "vulnerability": "VCID-dgk5-xebs-8ka4" }, { "vulnerability": "VCID-e4kb-5eye-v3bf" }, { "vulnerability": "VCID-ewzb-us31-dbha" }, { "vulnerability": "VCID-g84r-5413-jfdx" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-kc7d-ufbg-8yd2" }, { "vulnerability": "VCID-tegz-zqnk-63cj" }, { "vulnerability": "VCID-ujay-jc8b-g3bx" }, { "vulnerability": "VCID-w8tu-h2gw-due5" }, { "vulnerability": "VCID-yb52-znrq-sbg6" }, { "vulnerability": "VCID-ymvw-jvaw-wfav" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0" } ], "aliases": [ "BIT-pillow-2021-28675", "CVE-2021-28675", "GHSA-g6rj-rv7j-xwp4", "PYSEC-2021-139" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3qnz-hn1v-tffk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9186?format=api", "vulnerability_id": "VCID-4ssq-s4n5-1yfa", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25288.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25288.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25288", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50608", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50474", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50612", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50626", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25288" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25288", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25288" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-rwv7-3v45-hg29", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rwv7-3v45-hg29" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-138.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-138.yaml" }, { "reference_url": "https://github.com/python-pillow/Pillow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow" }, { "reference_url": "https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87" }, { "reference_url": "https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25288", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25288" }, { "reference_url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958231", "reference_id": "1958231", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958231" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062", "reference_id": "989062", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062" }, { "reference_url": "https://security.gentoo.org/glsa/202107-33", "reference_id": "GLSA-202107-33", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202107-33" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4149", "reference_id": "RHSA-2021:4149", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4149" }, { "reference_url": "https://usn.ubuntu.com/4963-1/", "reference_id": "USN-4963-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4963-1/" }, { "reference_url": "https://usn.ubuntu.com/8135-1/", "reference_id": "USN-8135-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8135-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64754?format=api", "purl": "pkg:pypi/pillow@8.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v7q-fxc9-9yb8" }, { "vulnerability": "VCID-2uxp-k5y1-ffg2" }, { "vulnerability": "VCID-3sds-6wh7-b7ah" }, { "vulnerability": "VCID-8ba1-6ady-t3bu" }, { "vulnerability": "VCID-8dt4-cmd4-pubh" }, { "vulnerability": "VCID-97zh-3c1e-r7bj" }, { "vulnerability": "VCID-dgk5-xebs-8ka4" }, { "vulnerability": "VCID-e4kb-5eye-v3bf" }, { "vulnerability": "VCID-ewzb-us31-dbha" }, { "vulnerability": "VCID-g84r-5413-jfdx" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-kc7d-ufbg-8yd2" }, { "vulnerability": "VCID-tegz-zqnk-63cj" }, { "vulnerability": "VCID-ujay-jc8b-g3bx" }, { "vulnerability": "VCID-w8tu-h2gw-due5" }, { "vulnerability": "VCID-yb52-znrq-sbg6" }, { "vulnerability": "VCID-ymvw-jvaw-wfav" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0" } ], "aliases": [ "BIT-pillow-2021-25288", "CVE-2021-25288", "GHSA-rwv7-3v45-hg29", "PYSEC-2021-138" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4ssq-s4n5-1yfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9301?format=api", "vulnerability_id": "VCID-dyqk-wnp7-eyfp", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28677.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28677.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28677", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52538", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52409", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52532", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.5255", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28677", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28677" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-q5hq-fp76-qmrc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q5hq-fp76-qmrc" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-93.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-93.yaml" }, { "reference_url": "https://github.com/python-pillow/Pillow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow" }, { "reference_url": "https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92" }, { "reference_url": "https://github.com/python-pillow/Pillow/pull/5377", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/pull/5377" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28677", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28677" }, { "reference_url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958257", "reference_id": "1958257", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958257" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062", "reference_id": "989062", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062" }, { "reference_url": "https://security.gentoo.org/glsa/202107-33", "reference_id": "GLSA-202107-33", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202107-33" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4149", "reference_id": "RHSA-2021:4149", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4149" }, { "reference_url": "https://usn.ubuntu.com/4963-1/", "reference_id": "USN-4963-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4963-1/" }, { "reference_url": "https://usn.ubuntu.com/8135-1/", "reference_id": "USN-8135-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8135-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64754?format=api", "purl": "pkg:pypi/pillow@8.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v7q-fxc9-9yb8" }, { "vulnerability": "VCID-2uxp-k5y1-ffg2" }, { "vulnerability": "VCID-3sds-6wh7-b7ah" }, { "vulnerability": "VCID-8ba1-6ady-t3bu" }, { "vulnerability": "VCID-8dt4-cmd4-pubh" }, { "vulnerability": "VCID-97zh-3c1e-r7bj" }, { "vulnerability": "VCID-dgk5-xebs-8ka4" }, { "vulnerability": "VCID-e4kb-5eye-v3bf" }, { "vulnerability": "VCID-ewzb-us31-dbha" }, { "vulnerability": "VCID-g84r-5413-jfdx" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-kc7d-ufbg-8yd2" }, { "vulnerability": "VCID-tegz-zqnk-63cj" }, { "vulnerability": "VCID-ujay-jc8b-g3bx" }, { "vulnerability": "VCID-w8tu-h2gw-due5" }, { "vulnerability": "VCID-yb52-znrq-sbg6" }, { "vulnerability": "VCID-ymvw-jvaw-wfav" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0" } ], "aliases": [ "BIT-pillow-2021-28677", "CVE-2021-28677", "GHSA-q5hq-fp76-qmrc", "PYSEC-2021-93" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dyqk-wnp7-eyfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9300?format=api", "vulnerability_id": "VCID-h55k-x8gz-h3dq", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28676.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28676.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28676", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.61144", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.61038", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.61151", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.61152", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28676", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28676" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-7r7m-5h27-29hp", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7r7m-5h27-29hp" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-92.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-92.yaml" }, { "reference_url": "https://github.com/python-pillow/Pillow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow" }, { "reference_url": "https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856" }, { "reference_url": "https://github.com/python-pillow/Pillow/pull/5377", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/pull/5377" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28676", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28676" }, { "reference_url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958252", "reference_id": "1958252", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958252" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062", "reference_id": "989062", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062" }, { "reference_url": "https://security.gentoo.org/glsa/202107-33", "reference_id": "GLSA-202107-33", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202107-33" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4149", "reference_id": "RHSA-2021:4149", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4149" }, { "reference_url": "https://usn.ubuntu.com/4963-1/", "reference_id": "USN-4963-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4963-1/" }, { "reference_url": "https://usn.ubuntu.com/8135-1/", "reference_id": "USN-8135-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8135-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64754?format=api", "purl": "pkg:pypi/pillow@8.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v7q-fxc9-9yb8" }, { "vulnerability": "VCID-2uxp-k5y1-ffg2" }, { "vulnerability": "VCID-3sds-6wh7-b7ah" }, { "vulnerability": "VCID-8ba1-6ady-t3bu" }, { "vulnerability": "VCID-8dt4-cmd4-pubh" }, { "vulnerability": "VCID-97zh-3c1e-r7bj" }, { "vulnerability": "VCID-dgk5-xebs-8ka4" }, { "vulnerability": "VCID-e4kb-5eye-v3bf" }, { "vulnerability": "VCID-ewzb-us31-dbha" }, { "vulnerability": "VCID-g84r-5413-jfdx" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-kc7d-ufbg-8yd2" }, { "vulnerability": "VCID-tegz-zqnk-63cj" }, { "vulnerability": "VCID-ujay-jc8b-g3bx" }, { "vulnerability": "VCID-w8tu-h2gw-due5" }, { "vulnerability": "VCID-yb52-znrq-sbg6" }, { "vulnerability": "VCID-ymvw-jvaw-wfav" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0" } ], "aliases": [ "BIT-pillow-2021-28676", "CVE-2021-28676", "GHSA-7r7m-5h27-29hp", "PYSEC-2021-92" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h55k-x8gz-h3dq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9189?format=api", "vulnerability_id": "VCID-pnq5-zmre-ruay", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25291.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25291.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00459", "scoring_system": "epss", "scoring_elements": "0.6457", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00459", "scoring_system": "epss", "scoring_elements": "0.64578", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00459", "scoring_system": "epss", "scoring_elements": "0.64469", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00459", "scoring_system": "epss", "scoring_elements": "0.64583", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25291" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-mvg9-xffr-p774", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mvg9-xffr-p774" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-37.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-37.yaml" }, { "reference_url": "https://github.com/python-pillow/Pillow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow" }, { "reference_url": "https://github.com/python-pillow/Pillow/commit/8b8076bdcb3815be0ef0d279651d8d1342b8ea61", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/commit/8b8076bdcb3815be0ef0d279651d8d1342b8ea61" }, { "reference_url": "https://github.com/python-pillow/Pillow/commit/cbdce6c5d054fccaf4af34b47f212355c64ace7a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/commit/cbdce6c5d054fccaf4af34b47f212355c64ace7a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25291", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25291" }, { "reference_url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934692", "reference_id": "1934692", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934692" }, { "reference_url": "https://security.archlinux.org/AVG-1635", "reference_id": "AVG-1635", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1635" }, { "reference_url": "https://security.gentoo.org/glsa/202107-33", "reference_id": "GLSA-202107-33", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202107-33" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3917", "reference_id": "RHSA-2021:3917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3917" }, { "reference_url": "https://usn.ubuntu.com/4763-1/", "reference_id": "USN-4763-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4763-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62786?format=api", "purl": "pkg:pypi/pillow@8.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kye-11pz-yke5" }, { "vulnerability": "VCID-1v7q-fxc9-9yb8" }, { "vulnerability": "VCID-2uxp-k5y1-ffg2" }, { "vulnerability": "VCID-3qnz-hn1v-tffk" }, { "vulnerability": "VCID-3sds-6wh7-b7ah" }, { "vulnerability": "VCID-4ssq-s4n5-1yfa" }, { "vulnerability": "VCID-8ba1-6ady-t3bu" }, { "vulnerability": "VCID-8dt4-cmd4-pubh" }, { "vulnerability": "VCID-9422-kttr-vqdz" }, { "vulnerability": "VCID-94pt-152z-jucr" }, { "vulnerability": "VCID-97zh-3c1e-r7bj" }, { "vulnerability": "VCID-dgk5-xebs-8ka4" }, { "vulnerability": "VCID-dpb6-a1n4-hyf5" }, { "vulnerability": "VCID-dyqk-wnp7-eyfp" }, { "vulnerability": "VCID-e4kb-5eye-v3bf" }, { "vulnerability": "VCID-ewzb-us31-dbha" }, { "vulnerability": "VCID-g84r-5413-jfdx" }, { "vulnerability": "VCID-h55k-x8gz-h3dq" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-kc7d-ufbg-8yd2" }, { "vulnerability": "VCID-pnq5-zmre-ruay" }, { "vulnerability": "VCID-rdnw-86tj-wkbv" }, { "vulnerability": "VCID-tegz-zqnk-63cj" }, { "vulnerability": "VCID-ujay-jc8b-g3bx" }, { "vulnerability": "VCID-w8tu-h2gw-due5" }, { "vulnerability": "VCID-yb52-znrq-sbg6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/64754?format=api", "purl": "pkg:pypi/pillow@8.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v7q-fxc9-9yb8" }, { "vulnerability": "VCID-2uxp-k5y1-ffg2" }, { "vulnerability": "VCID-3sds-6wh7-b7ah" }, { "vulnerability": "VCID-8ba1-6ady-t3bu" }, { "vulnerability": "VCID-8dt4-cmd4-pubh" }, { "vulnerability": "VCID-97zh-3c1e-r7bj" }, { "vulnerability": "VCID-dgk5-xebs-8ka4" }, { "vulnerability": "VCID-e4kb-5eye-v3bf" }, { "vulnerability": "VCID-ewzb-us31-dbha" }, { "vulnerability": "VCID-g84r-5413-jfdx" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-kc7d-ufbg-8yd2" }, { "vulnerability": "VCID-tegz-zqnk-63cj" }, { "vulnerability": "VCID-ujay-jc8b-g3bx" }, { "vulnerability": "VCID-w8tu-h2gw-due5" }, { "vulnerability": "VCID-yb52-znrq-sbg6" }, { "vulnerability": "VCID-ymvw-jvaw-wfav" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0" } ], "aliases": [ "BIT-pillow-2021-25291", "CVE-2021-25291", "GHSA-mvg9-xffr-p774", "PYSEC-2021-37" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pnq5-zmre-ruay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9185?format=api", "vulnerability_id": "VCID-rdnw-86tj-wkbv", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25287.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25287.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25287", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57442", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57323", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57447", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57455", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25287" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-77gc-v2xv-rvvh", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-77gc-v2xv-rvvh" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-137.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-137.yaml" }, { "reference_url": "https://github.com/python-pillow/Pillow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow" }, { "reference_url": "https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87" }, { "reference_url": "https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87" }, { "reference_url": "https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25287", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25287" }, { "reference_url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958226", "reference_id": "1958226", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958226" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062", "reference_id": "989062", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062" }, { "reference_url": "https://security.gentoo.org/glsa/202107-33", "reference_id": "GLSA-202107-33", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202107-33" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4149", "reference_id": "RHSA-2021:4149", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4149" }, { "reference_url": "https://usn.ubuntu.com/4963-1/", "reference_id": "USN-4963-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4963-1/" }, { "reference_url": "https://usn.ubuntu.com/8135-1/", "reference_id": "USN-8135-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8135-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64754?format=api", "purl": "pkg:pypi/pillow@8.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1v7q-fxc9-9yb8" }, { "vulnerability": "VCID-2uxp-k5y1-ffg2" }, { "vulnerability": "VCID-3sds-6wh7-b7ah" }, { "vulnerability": "VCID-8ba1-6ady-t3bu" }, { "vulnerability": "VCID-8dt4-cmd4-pubh" }, { "vulnerability": "VCID-97zh-3c1e-r7bj" }, { "vulnerability": "VCID-dgk5-xebs-8ka4" }, { "vulnerability": "VCID-e4kb-5eye-v3bf" }, { "vulnerability": "VCID-ewzb-us31-dbha" }, { "vulnerability": "VCID-g84r-5413-jfdx" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-kc7d-ufbg-8yd2" }, { "vulnerability": "VCID-tegz-zqnk-63cj" }, { "vulnerability": "VCID-ujay-jc8b-g3bx" }, { "vulnerability": "VCID-w8tu-h2gw-due5" }, { "vulnerability": "VCID-yb52-znrq-sbg6" }, { "vulnerability": "VCID-ymvw-jvaw-wfav" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0" } ], "aliases": [ "BIT-pillow-2021-25287", "CVE-2021-25287", "GHSA-77gc-v2xv-rvvh", "PYSEC-2021-137" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rdnw-86tj-wkbv" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0" }