Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pillow@1.7.6
Typepypi
Namespace
Namepillow
Version1.7.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version12.2.0
Latest_non_vulnerable_version12.2.0
Affected_by_vulnerabilities
0
url VCID-129s-129z-nygm
vulnerability_id VCID-129s-129z-nygm
summary An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0566
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0566
1
reference_url https://access.redhat.com/errata/RHSA-2020:0578
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0578
2
reference_url https://access.redhat.com/errata/RHSA-2020:0580
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0580
3
reference_url https://access.redhat.com/errata/RHSA-2020:0681
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0681
4
reference_url https://access.redhat.com/errata/RHSA-2020:0683
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0683
5
reference_url https://access.redhat.com/errata/RHSA-2020:0694
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0694
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16865.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16865.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16865
reference_id
reference_type
scores
0
value 0.03942
scoring_system epss
scoring_elements 0.8854
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16865
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16865
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16865
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://github.com/advisories/GHSA-j7mj-748x-7p78
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-j7mj-748x-7p78
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2019-110.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2019-110.yaml
12
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
13
reference_url https://github.com/python-pillow/Pillow/commit/ab52630d0644e42a75eb88b78b9a9d7438a6fbeb
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/ab52630d0644e42a75eb88b78b9a9d7438a6fbeb
14
reference_url https://github.com/python-pillow/Pillow/issues/4123
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/issues/4123
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3/
19
reference_url https://pillow.readthedocs.io/en/latest/releasenotes/6.2.0.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/latest/releasenotes/6.2.0.html
20
reference_url https://ubuntu.com/security/notices/USN-4272-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://ubuntu.com/security/notices/USN-4272-1
21
reference_url https://usn.ubuntu.com/4272-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4272-1
22
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
23
reference_url https://www.debian.org/security/2020/dsa-4631
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4631
24
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1774066
reference_id 1774066
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1774066
25
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16865
reference_id CVE-2019-16865
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16865
fixed_packages
0
url pkg:pypi/pillow@6.2.0
purl pkg:pypi/pillow@6.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-2jfs-uqp3-bqhc
2
vulnerability VCID-38rp-4m7c-4ue2
3
vulnerability VCID-5g7c-1486-7udv
4
vulnerability VCID-5q9f-rt3h-u3fx
5
vulnerability VCID-73b3-qaq6-jbhp
6
vulnerability VCID-7sua-cya7-gka4
7
vulnerability VCID-83et-rgnm-euc1
8
vulnerability VCID-845b-aeaq-3feb
9
vulnerability VCID-8apd-dsj2-9khf
10
vulnerability VCID-8mdk-5vqg-3ff9
11
vulnerability VCID-942z-u5pd-mye6
12
vulnerability VCID-9c72-qu4z-5kf7
13
vulnerability VCID-9x88-j4j1-kfe8
14
vulnerability VCID-ahkz-51ka-fbd6
15
vulnerability VCID-axd2-f48y-bfc8
16
vulnerability VCID-bje4-2uha-5ub7
17
vulnerability VCID-cetn-48cj-6ba8
18
vulnerability VCID-cmau-9zzd-rybf
19
vulnerability VCID-cwt1-ntk3-m7bw
20
vulnerability VCID-dayw-85a5-qba2
21
vulnerability VCID-ebcb-9v6a-kkeu
22
vulnerability VCID-gprf-a2wh-2kev
23
vulnerability VCID-gzp4-1t5f-ryht
24
vulnerability VCID-hasv-eaqf-9kdn
25
vulnerability VCID-hav3-e9x5-a3ch
26
vulnerability VCID-j538-67dv-jkbw
27
vulnerability VCID-jfuf-62k6-tyem
28
vulnerability VCID-js6q-sank-e3d3
29
vulnerability VCID-jypy-efwx-ybc8
30
vulnerability VCID-mj43-253b-m3dm
31
vulnerability VCID-mvhz-n5yp-73ch
32
vulnerability VCID-mz11-74c9-nyg4
33
vulnerability VCID-qd5b-unsy-97dz
34
vulnerability VCID-r226-tfhq-cuhv
35
vulnerability VCID-u4mn-ezb3-qkh3
36
vulnerability VCID-uhfy-dfrh-ayeh
37
vulnerability VCID-uwvh-bgst-t7ce
38
vulnerability VCID-v7pu-vaj7-zkev
39
vulnerability VCID-vh6h-7ru5-cqdt
40
vulnerability VCID-vx51-x6y6-h7ch
41
vulnerability VCID-wjsn-e7sj-n3gv
42
vulnerability VCID-wpn4-pqtk-tqb6
43
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.0
aliases CVE-2019-16865, GHSA-j7mj-748x-7p78, PYSEC-2019-110
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-129s-129z-nygm
1
url VCID-25gs-7e4x-9yga
vulnerability_id VCID-25gs-7e4x-9yga
summary 
Arbitrary Code Execution in Pillow
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50447.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50447.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-50447
reference_id
reference_type
scores
0
value 0.00754
scoring_system epss
scoring_elements 0.73529
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-50447
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219
5
reference_url https://duartecsantos.github.io/2023-01-02-CVE-2023-50447
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://duartecsantos.github.io/2023-01-02-CVE-2023-50447
6
reference_url https://duartecsantos.github.io/2024-01-02-CVE-2023-50447
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://duartecsantos.github.io/2024-01-02-CVE-2023-50447
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a
10
reference_url https://github.com/python-pillow/Pillow/releases
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/
url https://github.com/python-pillow/Pillow/releases
11
reference_url https://lists.debian.org/debian-lts-announce/2024/01/msg00019.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/
url https://lists.debian.org/debian-lts-announce/2024/01/msg00019.html
12
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#security
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#security
13
reference_url http://www.openwall.com/lists/oss-security/2024/01/20/1
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/
url http://www.openwall.com/lists/oss-security/2024/01/20/1
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061172
reference_id 1061172
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061172
15
reference_url https://duartecsantos.github.io/2024-01-02-CVE-2023-50447/
reference_id 2024-01-02-CVE-2023-50447
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/
url https://duartecsantos.github.io/2024-01-02-CVE-2023-50447/
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2259479
reference_id 2259479
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2259479
17
reference_url https://devhub.checkmarx.com/cve-details/CVE-2023-50447
reference_id CVE-2023-50447
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://devhub.checkmarx.com/cve-details/CVE-2023-50447
18
reference_url https://devhub.checkmarx.com/cve-details/CVE-2023-50447/
reference_id CVE-2023-50447
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/
url https://devhub.checkmarx.com/cve-details/CVE-2023-50447/
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50447
reference_id CVE-2023-50447
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-50447
20
reference_url https://github.com/advisories/GHSA-3f63-hfp8-52jq
reference_id GHSA-3f63-hfp8-52jq
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3f63-hfp8-52jq
21
reference_url https://security.gentoo.org/glsa/202405-12
reference_id GLSA-202405-12
reference_type
scores
url https://security.gentoo.org/glsa/202405-12
22
reference_url https://access.redhat.com/errata/RHSA-2024:0754
reference_id RHSA-2024:0754
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0754
23
reference_url https://access.redhat.com/errata/RHSA-2024:0857
reference_id RHSA-2024:0857
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0857
24
reference_url https://access.redhat.com/errata/RHSA-2024:0893
reference_id RHSA-2024:0893
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0893
25
reference_url https://access.redhat.com/errata/RHSA-2024:1058
reference_id RHSA-2024:1058
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1058
26
reference_url https://access.redhat.com/errata/RHSA-2024:1059
reference_id RHSA-2024:1059
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1059
27
reference_url https://access.redhat.com/errata/RHSA-2024:1060
reference_id RHSA-2024:1060
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1060
28
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
29
reference_url https://usn.ubuntu.com/6618-1/
reference_id USN-6618-1
reference_type
scores
url https://usn.ubuntu.com/6618-1/
30
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@10.2.0
purl pkg:pypi/pillow@10.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9x88-j4j1-kfe8
1
vulnerability VCID-dayw-85a5-qba2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.2.0
aliases CVE-2023-50447, GHSA-3f63-hfp8-52jq
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-25gs-7e4x-9yga
2
url VCID-2jfs-uqp3-bqhc
vulnerability_id VCID-2jfs-uqp3-bqhc
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27923.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27923.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27923
reference_id
reference_type
scores
0
value 0.00425
scoring_system epss
scoring_elements 0.62508
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27923
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27923
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27923
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-95q3-8gr9-gm8w
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-95q3-8gr9-gm8w
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-42.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-42.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27923
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27923
18
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
19
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1935401
reference_id 1935401
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1935401
21
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
22
reference_url https://security.gentoo.org/glsa/202107-33
reference_id GLSA-202107-33
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
23
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
24
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
25
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-2jfs-uqp3-bqhc
2
vulnerability VCID-38rp-4m7c-4ue2
3
vulnerability VCID-5q9f-rt3h-u3fx
4
vulnerability VCID-73b3-qaq6-jbhp
5
vulnerability VCID-7sua-cya7-gka4
6
vulnerability VCID-9c72-qu4z-5kf7
7
vulnerability VCID-9x88-j4j1-kfe8
8
vulnerability VCID-ahkz-51ka-fbd6
9
vulnerability VCID-bje4-2uha-5ub7
10
vulnerability VCID-cetn-48cj-6ba8
11
vulnerability VCID-cmau-9zzd-rybf
12
vulnerability VCID-dayw-85a5-qba2
13
vulnerability VCID-gprf-a2wh-2kev
14
vulnerability VCID-hav3-e9x5-a3ch
15
vulnerability VCID-jfuf-62k6-tyem
16
vulnerability VCID-jypy-efwx-ybc8
17
vulnerability VCID-mj43-253b-m3dm
18
vulnerability VCID-qd5b-unsy-97dz
19
vulnerability VCID-uhfy-dfrh-ayeh
20
vulnerability VCID-uwvh-bgst-t7ce
21
vulnerability VCID-v7pu-vaj7-zkev
22
vulnerability VCID-vh6h-7ru5-cqdt
23
vulnerability VCID-wjsn-e7sj-n3gv
24
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
1
url pkg:pypi/pillow@8.1.2
purl pkg:pypi/pillow@8.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-38rp-4m7c-4ue2
2
vulnerability VCID-73b3-qaq6-jbhp
3
vulnerability VCID-7sua-cya7-gka4
4
vulnerability VCID-9c72-qu4z-5kf7
5
vulnerability VCID-9x88-j4j1-kfe8
6
vulnerability VCID-ahkz-51ka-fbd6
7
vulnerability VCID-cetn-48cj-6ba8
8
vulnerability VCID-cmau-9zzd-rybf
9
vulnerability VCID-dayw-85a5-qba2
10
vulnerability VCID-gprf-a2wh-2kev
11
vulnerability VCID-hav3-e9x5-a3ch
12
vulnerability VCID-jfuf-62k6-tyem
13
vulnerability VCID-jypy-efwx-ybc8
14
vulnerability VCID-mj43-253b-m3dm
15
vulnerability VCID-qd5b-unsy-97dz
16
vulnerability VCID-uhfy-dfrh-ayeh
17
vulnerability VCID-uwvh-bgst-t7ce
18
vulnerability VCID-v7pu-vaj7-zkev
19
vulnerability VCID-vh6h-7ru5-cqdt
20
vulnerability VCID-wjsn-e7sj-n3gv
21
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2
aliases BIT-pillow-2021-27923, CVE-2021-27923, GHSA-95q3-8gr9-gm8w, PYSEC-2021-42
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2jfs-uqp3-bqhc
3
url VCID-38rp-4m7c-4ue2
vulnerability_id VCID-38rp-4m7c-4ue2
summary An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44271.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44271.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-44271
reference_id
reference_type
scores
0
value 0.00236
scoring_system epss
scoring_elements 0.46711
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-44271
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271
3
reference_url https://devhub.checkmarx.com/cve-details/CVE-2023-44271/
reference_id
reference_type
scores
url https://devhub.checkmarx.com/cve-details/CVE-2023-44271/
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-227.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-227.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7
8
reference_url https://github.com/python-pillow/Pillow/pull/7244
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/7244
9
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2247820
reference_id 2247820
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2247820
12
reference_url https://devhub.checkmarx.com/cve-details/CVE-2023-44271
reference_id CVE-2023-44271
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://devhub.checkmarx.com/cve-details/CVE-2023-44271
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-44271
reference_id CVE-2023-44271
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-44271
14
reference_url https://github.com/advisories/GHSA-8ghj-p4vj-mr35
reference_id GHSA-8ghj-p4vj-mr35
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8ghj-p4vj-mr35
15
reference_url https://security.gentoo.org/glsa/202405-12
reference_id GLSA-202405-12
reference_type
scores
url https://security.gentoo.org/glsa/202405-12
16
reference_url https://access.redhat.com/errata/RHSA-2024:0345
reference_id RHSA-2024:0345
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0345
17
reference_url https://access.redhat.com/errata/RHSA-2024:1057
reference_id RHSA-2024:1057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1057
18
reference_url https://access.redhat.com/errata/RHSA-2024:3005
reference_id RHSA-2024:3005
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3005
19
reference_url https://usn.ubuntu.com/6618-1/
reference_id USN-6618-1
reference_type
scores
url https://usn.ubuntu.com/6618-1/
20
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@10.0.0
purl pkg:pypi/pillow@10.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-9x88-j4j1-kfe8
2
vulnerability VCID-dayw-85a5-qba2
3
vulnerability VCID-jfuf-62k6-tyem
4
vulnerability VCID-jypy-efwx-ybc8
5
vulnerability VCID-vh6h-7ru5-cqdt
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.0
aliases BIT-pillow-2023-44271, CVE-2023-44271, GHSA-8ghj-p4vj-mr35, PYSEC-2023-227
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-38rp-4m7c-4ue2
4
url VCID-4vbr-582f-zyen
vulnerability_id VCID-4vbr-582f-zyen
summary The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1932.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1932.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-1932
reference_id
reference_type
scores
0
value 0.00098
scoring_system epss
scoring_elements 0.26946
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-1932
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1932
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1932
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-22.yaml
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-22.yaml
6
reference_url https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7
7
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-1932
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-1932
9
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-52
10
reference_url https://web.archive.org/web/20170103151725/http://www.securityfocus.com/bid/65511
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170103151725/http://www.securityfocus.com/bid/65511
11
reference_url http://www.openwall.com/lists/oss-security/2014/02/11/1
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/02/11/1
12
reference_url http://www.securityfocus.com/bid/65511
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/65511
13
reference_url http://www.ubuntu.com/usn/USN-2168-1
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2168-1
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1063658
reference_id 1063658
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1063658
15
reference_url https://github.com/advisories/GHSA-x895-2wrm-hvp7
reference_id GHSA-x895-2wrm-hvp7
reference_type
scores
url https://github.com/advisories/GHSA-x895-2wrm-hvp7
16
reference_url https://usn.ubuntu.com/2168-1/
reference_id USN-2168-1
reference_type
scores
url https://usn.ubuntu.com/2168-1/
fixed_packages
0
url pkg:pypi/pillow@2.3.1
purl pkg:pypi/pillow@2.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-129s-129z-nygm
1
vulnerability VCID-25gs-7e4x-9yga
2
vulnerability VCID-2jfs-uqp3-bqhc
3
vulnerability VCID-38rp-4m7c-4ue2
4
vulnerability VCID-5pa7-anfu-dff2
5
vulnerability VCID-5q9f-rt3h-u3fx
6
vulnerability VCID-73b3-qaq6-jbhp
7
vulnerability VCID-7sua-cya7-gka4
8
vulnerability VCID-83et-rgnm-euc1
9
vulnerability VCID-845b-aeaq-3feb
10
vulnerability VCID-8apd-dsj2-9khf
11
vulnerability VCID-8mdk-5vqg-3ff9
12
vulnerability VCID-942z-u5pd-mye6
13
vulnerability VCID-9c72-qu4z-5kf7
14
vulnerability VCID-9x88-j4j1-kfe8
15
vulnerability VCID-ahkz-51ka-fbd6
16
vulnerability VCID-axd2-f48y-bfc8
17
vulnerability VCID-bje4-2uha-5ub7
18
vulnerability VCID-cetn-48cj-6ba8
19
vulnerability VCID-cmau-9zzd-rybf
20
vulnerability VCID-cwt1-ntk3-m7bw
21
vulnerability VCID-dayw-85a5-qba2
22
vulnerability VCID-ebcb-9v6a-kkeu
23
vulnerability VCID-fns1-8rfu-suar
24
vulnerability VCID-g4xk-8bvx-zyhz
25
vulnerability VCID-gprf-a2wh-2kev
26
vulnerability VCID-gzp4-1t5f-ryht
27
vulnerability VCID-hasv-eaqf-9kdn
28
vulnerability VCID-hav3-e9x5-a3ch
29
vulnerability VCID-j538-67dv-jkbw
30
vulnerability VCID-jfuf-62k6-tyem
31
vulnerability VCID-js6q-sank-e3d3
32
vulnerability VCID-jsqz-ry1z-a7ck
33
vulnerability VCID-jypy-efwx-ybc8
34
vulnerability VCID-mj43-253b-m3dm
35
vulnerability VCID-mvhz-n5yp-73ch
36
vulnerability VCID-mz11-74c9-nyg4
37
vulnerability VCID-pfk8-a2qg-jbhb
38
vulnerability VCID-qd5b-unsy-97dz
39
vulnerability VCID-r226-tfhq-cuhv
40
vulnerability VCID-rw7n-6hbe-43ef
41
vulnerability VCID-t6m2-dbrf-v3gy
42
vulnerability VCID-u4mn-ezb3-qkh3
43
vulnerability VCID-uhfy-dfrh-ayeh
44
vulnerability VCID-uwvh-bgst-t7ce
45
vulnerability VCID-uxdf-6rrb-sbe3
46
vulnerability VCID-v7pu-vaj7-zkev
47
vulnerability VCID-vh6h-7ru5-cqdt
48
vulnerability VCID-vmfr-8ypx-4uaw
49
vulnerability VCID-vs1g-f7nv-cqar
50
vulnerability VCID-vvca-akc1-uubk
51
vulnerability VCID-vx51-x6y6-h7ch
52
vulnerability VCID-wjsn-e7sj-n3gv
53
vulnerability VCID-wpn4-pqtk-tqb6
54
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.3.1
aliases CVE-2014-1932, GHSA-x895-2wrm-hvp7, PYSEC-2014-22
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4vbr-582f-zyen
5
url VCID-5pa7-anfu-dff2
vulnerability_id VCID-5pa7-anfu-dff2
summary Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0740.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0740.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-0740
reference_id
reference_type
scores
0
value 0.00146
scoring_system epss
scoring_elements 0.34707
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-0740
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0740
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0740
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0775
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0775
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2533
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2533
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-hggx-3h72-49ww
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hggx-3h72-49ww
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-5.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-5.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
10
reference_url https://github.com/python-pillow/Pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e
11
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-52
12
reference_url http://www.debian.org/security/2016/dsa-3499
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3499
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1298874
reference_id 1298874
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1298874
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813905
reference_id 813905
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813905
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-0740
reference_id CVE-2016-0740
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-0740
16
reference_url https://usn.ubuntu.com/3090-1/
reference_id USN-3090-1
reference_type
scores
url https://usn.ubuntu.com/3090-1/
fixed_packages
0
url pkg:pypi/pillow@3.1.1
purl pkg:pypi/pillow@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-129s-129z-nygm
1
vulnerability VCID-25gs-7e4x-9yga
2
vulnerability VCID-2jfs-uqp3-bqhc
3
vulnerability VCID-38rp-4m7c-4ue2
4
vulnerability VCID-5q9f-rt3h-u3fx
5
vulnerability VCID-73b3-qaq6-jbhp
6
vulnerability VCID-7sua-cya7-gka4
7
vulnerability VCID-83et-rgnm-euc1
8
vulnerability VCID-845b-aeaq-3feb
9
vulnerability VCID-8apd-dsj2-9khf
10
vulnerability VCID-8mdk-5vqg-3ff9
11
vulnerability VCID-942z-u5pd-mye6
12
vulnerability VCID-9c72-qu4z-5kf7
13
vulnerability VCID-9x88-j4j1-kfe8
14
vulnerability VCID-ahkz-51ka-fbd6
15
vulnerability VCID-axd2-f48y-bfc8
16
vulnerability VCID-bje4-2uha-5ub7
17
vulnerability VCID-cetn-48cj-6ba8
18
vulnerability VCID-cmau-9zzd-rybf
19
vulnerability VCID-cwt1-ntk3-m7bw
20
vulnerability VCID-dayw-85a5-qba2
21
vulnerability VCID-ebcb-9v6a-kkeu
22
vulnerability VCID-gprf-a2wh-2kev
23
vulnerability VCID-gzp4-1t5f-ryht
24
vulnerability VCID-hasv-eaqf-9kdn
25
vulnerability VCID-hav3-e9x5-a3ch
26
vulnerability VCID-j1t4-wd8r-dybq
27
vulnerability VCID-j538-67dv-jkbw
28
vulnerability VCID-jfuf-62k6-tyem
29
vulnerability VCID-js6q-sank-e3d3
30
vulnerability VCID-jypy-efwx-ybc8
31
vulnerability VCID-mj43-253b-m3dm
32
vulnerability VCID-mvhz-n5yp-73ch
33
vulnerability VCID-mz11-74c9-nyg4
34
vulnerability VCID-qd5b-unsy-97dz
35
vulnerability VCID-r226-tfhq-cuhv
36
vulnerability VCID-u4mn-ezb3-qkh3
37
vulnerability VCID-uhfy-dfrh-ayeh
38
vulnerability VCID-uwvh-bgst-t7ce
39
vulnerability VCID-v7pu-vaj7-zkev
40
vulnerability VCID-vh6h-7ru5-cqdt
41
vulnerability VCID-vmfr-8ypx-4uaw
42
vulnerability VCID-vs1g-f7nv-cqar
43
vulnerability VCID-vvca-akc1-uubk
44
vulnerability VCID-vx51-x6y6-h7ch
45
vulnerability VCID-wjsn-e7sj-n3gv
46
vulnerability VCID-wpn4-pqtk-tqb6
47
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.1.1
aliases CVE-2016-0740, GHSA-hggx-3h72-49ww, PYSEC-2016-5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5pa7-anfu-dff2
6
url VCID-5q9f-rt3h-u3fx
vulnerability_id VCID-5q9f-rt3h-u3fx
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27922.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27922.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27922
reference_id
reference_type
scores
0
value 0.00315
scoring_system epss
scoring_elements 0.54832
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27922
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27922
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27922
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-3wvg-mj6g-m9cv
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3wvg-mj6g-m9cv
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-41.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-41.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27922
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27922
18
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
19
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1935396
reference_id 1935396
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1935396
21
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
22
reference_url https://security.gentoo.org/glsa/202107-33
reference_id GLSA-202107-33
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
23
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
24
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
25
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-2jfs-uqp3-bqhc
2
vulnerability VCID-38rp-4m7c-4ue2
3
vulnerability VCID-5q9f-rt3h-u3fx
4
vulnerability VCID-73b3-qaq6-jbhp
5
vulnerability VCID-7sua-cya7-gka4
6
vulnerability VCID-9c72-qu4z-5kf7
7
vulnerability VCID-9x88-j4j1-kfe8
8
vulnerability VCID-ahkz-51ka-fbd6
9
vulnerability VCID-bje4-2uha-5ub7
10
vulnerability VCID-cetn-48cj-6ba8
11
vulnerability VCID-cmau-9zzd-rybf
12
vulnerability VCID-dayw-85a5-qba2
13
vulnerability VCID-gprf-a2wh-2kev
14
vulnerability VCID-hav3-e9x5-a3ch
15
vulnerability VCID-jfuf-62k6-tyem
16
vulnerability VCID-jypy-efwx-ybc8
17
vulnerability VCID-mj43-253b-m3dm
18
vulnerability VCID-qd5b-unsy-97dz
19
vulnerability VCID-uhfy-dfrh-ayeh
20
vulnerability VCID-uwvh-bgst-t7ce
21
vulnerability VCID-v7pu-vaj7-zkev
22
vulnerability VCID-vh6h-7ru5-cqdt
23
vulnerability VCID-wjsn-e7sj-n3gv
24
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
1
url pkg:pypi/pillow@8.1.2
purl pkg:pypi/pillow@8.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-38rp-4m7c-4ue2
2
vulnerability VCID-73b3-qaq6-jbhp
3
vulnerability VCID-7sua-cya7-gka4
4
vulnerability VCID-9c72-qu4z-5kf7
5
vulnerability VCID-9x88-j4j1-kfe8
6
vulnerability VCID-ahkz-51ka-fbd6
7
vulnerability VCID-cetn-48cj-6ba8
8
vulnerability VCID-cmau-9zzd-rybf
9
vulnerability VCID-dayw-85a5-qba2
10
vulnerability VCID-gprf-a2wh-2kev
11
vulnerability VCID-hav3-e9x5-a3ch
12
vulnerability VCID-jfuf-62k6-tyem
13
vulnerability VCID-jypy-efwx-ybc8
14
vulnerability VCID-mj43-253b-m3dm
15
vulnerability VCID-qd5b-unsy-97dz
16
vulnerability VCID-uhfy-dfrh-ayeh
17
vulnerability VCID-uwvh-bgst-t7ce
18
vulnerability VCID-v7pu-vaj7-zkev
19
vulnerability VCID-vh6h-7ru5-cqdt
20
vulnerability VCID-wjsn-e7sj-n3gv
21
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2
aliases BIT-pillow-2021-27922, CVE-2021-27922, GHSA-3wvg-mj6g-m9cv, PYSEC-2021-41
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5q9f-rt3h-u3fx
7
url VCID-73b3-qaq6-jbhp
vulnerability_id VCID-73b3-qaq6-jbhp
summary Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24303.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24303.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24303
reference_id
reference_type
scores
0
value 0.02197
scoring_system epss
scoring_elements 0.84688
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24303
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/advisories/GHSA-9j59-75qj-795w
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-9j59-75qj-795w
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-168.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-168.yaml
5
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
6
reference_url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1172
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1172
7
reference_url https://github.com/python-pillow/Pillow/commit/10c4f75aaa383bd9671e923e3b91d391ea12d781
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/10c4f75aaa383bd9671e923e3b91d391ea12d781
8
reference_url https://github.com/python-pillow/Pillow/commit/143032103c9f2d55a0a7960bd3e630cb72549e8a
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/143032103c9f2d55a0a7960bd3e630cb72549e8a
9
reference_url https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26
10
reference_url https://github.com/python-pillow/Pillow/pull/3450
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/3450
11
reference_url https://github.com/python-pillow/Pillow/pull/6010
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/6010
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W4ZUXPKEX72O3E5IHBPVY5ZCPMJ4GHHV
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W4ZUXPKEX72O3E5IHBPVY5ZCPMJ4GHHV
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XR6UP2XONXOVXI4446VY72R63YRO2YTP
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XR6UP2XONXOVXI4446VY72R63YRO2YTP
14
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
15
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202211-10
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2052682
reference_id 2052682
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2052682
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24303
reference_id CVE-2022-24303
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24303
18
reference_url https://usn.ubuntu.com/5777-1/
reference_id USN-5777-1
reference_type
scores
url https://usn.ubuntu.com/5777-1/
19
reference_url https://usn.ubuntu.com/USN-5777-2/
reference_id USN-USN-5777-2
reference_type
scores
url https://usn.ubuntu.com/USN-5777-2/
fixed_packages
0
url pkg:pypi/pillow@9.0.1
purl pkg:pypi/pillow@9.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-38rp-4m7c-4ue2
2
vulnerability VCID-9x88-j4j1-kfe8
3
vulnerability VCID-cetn-48cj-6ba8
4
vulnerability VCID-dayw-85a5-qba2
5
vulnerability VCID-jfuf-62k6-tyem
6
vulnerability VCID-jypy-efwx-ybc8
7
vulnerability VCID-vh6h-7ru5-cqdt
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.1
aliases BIT-pillow-2022-24303, CVE-2022-24303, GHSA-9j59-75qj-795w, GMS-2022-348, PYSEC-2022-168
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-73b3-qaq6-jbhp
8
url VCID-7sua-cya7-gka4
vulnerability_id VCID-7sua-cya7-gka4
summary path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22816.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22816.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22816
reference_id
reference_type
scores
0
value 0.00137
scoring_system epss
scoring_elements 0.33377
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22816
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-xrcv-f9gm-v42c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-xrcv-f9gm-v42c
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-9.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-9.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
10
reference_url https://github.com/python-pillow/Pillow/commit/5543e4e2d409cd9e409bc64cdc77be0af007a31f
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/5543e4e2d409cd9e409bc64cdc77be0af007a31f
11
reference_url https://github.com/python-pillow/Pillow/pull/5920
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5920
12
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
14
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202211-10
15
reference_url https://www.debian.org/security/2022/dsa-5053
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5053
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2042522
reference_id 2042522
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2042522
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22816
reference_id CVE-2022-22816
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22816
18
reference_url https://access.redhat.com/errata/RHSA-2022:0609
reference_id RHSA-2022:0609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0609
19
reference_url https://access.redhat.com/errata/RHSA-2022:0643
reference_id RHSA-2022:0643
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0643
20
reference_url https://access.redhat.com/errata/RHSA-2022:0665
reference_id RHSA-2022:0665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0665
21
reference_url https://access.redhat.com/errata/RHSA-2022:0667
reference_id RHSA-2022:0667
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0667
22
reference_url https://access.redhat.com/errata/RHSA-2022:0669
reference_id RHSA-2022:0669
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0669
23
reference_url https://usn.ubuntu.com/5227-1/
reference_id USN-5227-1
reference_type
scores
url https://usn.ubuntu.com/5227-1/
24
reference_url https://usn.ubuntu.com/5227-2/
reference_id USN-5227-2
reference_type
scores
url https://usn.ubuntu.com/5227-2/
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-38rp-4m7c-4ue2
2
vulnerability VCID-73b3-qaq6-jbhp
3
vulnerability VCID-9x88-j4j1-kfe8
4
vulnerability VCID-cetn-48cj-6ba8
5
vulnerability VCID-dayw-85a5-qba2
6
vulnerability VCID-gprf-a2wh-2kev
7
vulnerability VCID-jfuf-62k6-tyem
8
vulnerability VCID-jypy-efwx-ybc8
9
vulnerability VCID-vh6h-7ru5-cqdt
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
aliases BIT-pillow-2022-22816, CVE-2022-22816, GHSA-xrcv-f9gm-v42c, PYSEC-2022-9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7sua-cya7-gka4
9
url VCID-83et-rgnm-euc1
vulnerability_id VCID-83et-rgnm-euc1
summary libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5313.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5313.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5313
reference_id
reference_type
scores
0
value 0.00551
scoring_system epss
scoring_elements 0.68296
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5313
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19911
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5312
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5312
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5313
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5313
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-hj69-c76v-86wr
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hj69-c76v-86wr
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-84.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-84.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst#622-2020-01-02
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst#622-2020-01-02
10
reference_url https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
15
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
16
reference_url https://usn.ubuntu.com/4272-1
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4272-1
17
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
18
reference_url https://www.debian.org/security/2020/dsa-4631
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4631
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1789532
reference_id 1789532
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1789532
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948224
reference_id 948224
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948224
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5313
reference_id CVE-2020-5313
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-5313
22
reference_url https://access.redhat.com/errata/RHSA-2020:3185
reference_id RHSA-2020:3185
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3185
23
reference_url https://access.redhat.com/errata/RHSA-2020:3887
reference_id RHSA-2020:3887
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3887
24
reference_url https://access.redhat.com/errata/RHSA-2021:0420
reference_id RHSA-2021:0420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0420
fixed_packages
0
url pkg:pypi/pillow@6.2.2
purl pkg:pypi/pillow@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-2jfs-uqp3-bqhc
2
vulnerability VCID-38rp-4m7c-4ue2
3
vulnerability VCID-5g7c-1486-7udv
4
vulnerability VCID-5q9f-rt3h-u3fx
5
vulnerability VCID-73b3-qaq6-jbhp
6
vulnerability VCID-7sua-cya7-gka4
7
vulnerability VCID-845b-aeaq-3feb
8
vulnerability VCID-8apd-dsj2-9khf
9
vulnerability VCID-8mdk-5vqg-3ff9
10
vulnerability VCID-942z-u5pd-mye6
11
vulnerability VCID-9c72-qu4z-5kf7
12
vulnerability VCID-9x88-j4j1-kfe8
13
vulnerability VCID-ahkz-51ka-fbd6
14
vulnerability VCID-axd2-f48y-bfc8
15
vulnerability VCID-bje4-2uha-5ub7
16
vulnerability VCID-cetn-48cj-6ba8
17
vulnerability VCID-cmau-9zzd-rybf
18
vulnerability VCID-cwt1-ntk3-m7bw
19
vulnerability VCID-dayw-85a5-qba2
20
vulnerability VCID-ebcb-9v6a-kkeu
21
vulnerability VCID-gprf-a2wh-2kev
22
vulnerability VCID-hav3-e9x5-a3ch
23
vulnerability VCID-j538-67dv-jkbw
24
vulnerability VCID-jfuf-62k6-tyem
25
vulnerability VCID-jypy-efwx-ybc8
26
vulnerability VCID-mj43-253b-m3dm
27
vulnerability VCID-mvhz-n5yp-73ch
28
vulnerability VCID-mz11-74c9-nyg4
29
vulnerability VCID-qd5b-unsy-97dz
30
vulnerability VCID-u4mn-ezb3-qkh3
31
vulnerability VCID-uhfy-dfrh-ayeh
32
vulnerability VCID-uwvh-bgst-t7ce
33
vulnerability VCID-v7pu-vaj7-zkev
34
vulnerability VCID-vh6h-7ru5-cqdt
35
vulnerability VCID-wjsn-e7sj-n3gv
36
vulnerability VCID-wpn4-pqtk-tqb6
37
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2
aliases BIT-pillow-2020-5313, CVE-2020-5313, GHSA-hj69-c76v-86wr, PYSEC-2020-84
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-83et-rgnm-euc1
10
url VCID-845b-aeaq-3feb
vulnerability_id VCID-845b-aeaq-3feb
summary In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10378.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10378.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10378
reference_id
reference_type
scores
0
value 0.00319
scoring_system epss
scoring_elements 0.55223
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10378
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10378
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10378
3
reference_url https://github.com/advisories/GHSA-3xv8-3j54-hgrp
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-3xv8-3j54-hgrp
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-77.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-77.yaml
5
reference_url https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-77.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-77.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/124f4bb591e16212605d0e41c413ed53e242cba2
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/124f4bb591e16212605d0e41c413ed53e242cba2
8
reference_url https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac
9
reference_url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
10
reference_url https://github.com/python-pillow/Pillow/issues/4750
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/issues/4750
11
reference_url https://github.com/python-pillow/Pillow/pull/4538
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/4538
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
16
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html
17
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
18
reference_url https://usn.ubuntu.com/4430-1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4430-1
19
reference_url https://usn.ubuntu.com/4430-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-1/
20
reference_url https://usn.ubuntu.com/4430-2
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4430-2
21
reference_url https://usn.ubuntu.com/4430-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-2/
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1852832
reference_id 1852832
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1852832
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10378
reference_id CVE-2020-10378
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10378
24
reference_url https://access.redhat.com/errata/RHSA-2021:0420
reference_id RHSA-2021:0420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0420
fixed_packages
0
url pkg:pypi/pillow@7.1.0
purl pkg:pypi/pillow@7.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-2jfs-uqp3-bqhc
2
vulnerability VCID-38rp-4m7c-4ue2
3
vulnerability VCID-5g7c-1486-7udv
4
vulnerability VCID-5q9f-rt3h-u3fx
5
vulnerability VCID-73b3-qaq6-jbhp
6
vulnerability VCID-7sua-cya7-gka4
7
vulnerability VCID-8apd-dsj2-9khf
8
vulnerability VCID-942z-u5pd-mye6
9
vulnerability VCID-9c72-qu4z-5kf7
10
vulnerability VCID-9x88-j4j1-kfe8
11
vulnerability VCID-ahkz-51ka-fbd6
12
vulnerability VCID-axd2-f48y-bfc8
13
vulnerability VCID-bje4-2uha-5ub7
14
vulnerability VCID-cetn-48cj-6ba8
15
vulnerability VCID-cmau-9zzd-rybf
16
vulnerability VCID-cwt1-ntk3-m7bw
17
vulnerability VCID-dayw-85a5-qba2
18
vulnerability VCID-ebcb-9v6a-kkeu
19
vulnerability VCID-gprf-a2wh-2kev
20
vulnerability VCID-hav3-e9x5-a3ch
21
vulnerability VCID-jfuf-62k6-tyem
22
vulnerability VCID-jypy-efwx-ybc8
23
vulnerability VCID-mj43-253b-m3dm
24
vulnerability VCID-mvhz-n5yp-73ch
25
vulnerability VCID-qd5b-unsy-97dz
26
vulnerability VCID-u4mn-ezb3-qkh3
27
vulnerability VCID-uhfy-dfrh-ayeh
28
vulnerability VCID-uwvh-bgst-t7ce
29
vulnerability VCID-v7pu-vaj7-zkev
30
vulnerability VCID-vh6h-7ru5-cqdt
31
vulnerability VCID-wjsn-e7sj-n3gv
32
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0
aliases BIT-pillow-2020-10378, CVE-2020-10378, GHSA-3xv8-3j54-hgrp, PYSEC-2020-77
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-845b-aeaq-3feb
11
url VCID-8apd-dsj2-9khf
vulnerability_id VCID-8apd-dsj2-9khf
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35654.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35654.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35654
reference_id
reference_type
scores
0
value 0.00199
scoring_system epss
scoring_elements 0.41915
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35654
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35654
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-vqcj-wrf2-7v73
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-vqcj-wrf2-7v73
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-70.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-70.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/eb8c1206d6b170d4e798a00db7432e023853da5c
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/eb8c1206d6b170d4e798a00db7432e023853da5c
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-35654
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-35654
17
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1915424
reference_id 1915424
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1915424
19
reference_url https://security.archlinux.org/ASA-202101-11
reference_id ASA-202101-11
reference_type
scores
url https://security.archlinux.org/ASA-202101-11
20
reference_url https://security.archlinux.org/AVG-1438
reference_id AVG-1438
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1438
21
reference_url https://security.gentoo.org/glsa/202101-08
reference_id GLSA-202101-08
reference_type
scores
url https://security.gentoo.org/glsa/202101-08
22
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
23
reference_url https://usn.ubuntu.com/4697-1/
reference_id USN-4697-1
reference_type
scores
url https://usn.ubuntu.com/4697-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.0
purl pkg:pypi/pillow@8.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-2jfs-uqp3-bqhc
2
vulnerability VCID-38rp-4m7c-4ue2
3
vulnerability VCID-5q9f-rt3h-u3fx
4
vulnerability VCID-73b3-qaq6-jbhp
5
vulnerability VCID-7sua-cya7-gka4
6
vulnerability VCID-942z-u5pd-mye6
7
vulnerability VCID-9c72-qu4z-5kf7
8
vulnerability VCID-9x88-j4j1-kfe8
9
vulnerability VCID-ahkz-51ka-fbd6
10
vulnerability VCID-axd2-f48y-bfc8
11
vulnerability VCID-bje4-2uha-5ub7
12
vulnerability VCID-cetn-48cj-6ba8
13
vulnerability VCID-cmau-9zzd-rybf
14
vulnerability VCID-cwt1-ntk3-m7bw
15
vulnerability VCID-dayw-85a5-qba2
16
vulnerability VCID-gprf-a2wh-2kev
17
vulnerability VCID-hav3-e9x5-a3ch
18
vulnerability VCID-jfuf-62k6-tyem
19
vulnerability VCID-jypy-efwx-ybc8
20
vulnerability VCID-mj43-253b-m3dm
21
vulnerability VCID-mvhz-n5yp-73ch
22
vulnerability VCID-qd5b-unsy-97dz
23
vulnerability VCID-u4mn-ezb3-qkh3
24
vulnerability VCID-uhfy-dfrh-ayeh
25
vulnerability VCID-uwvh-bgst-t7ce
26
vulnerability VCID-v7pu-vaj7-zkev
27
vulnerability VCID-vh6h-7ru5-cqdt
28
vulnerability VCID-wjsn-e7sj-n3gv
29
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.0
aliases BIT-pillow-2020-35654, CVE-2020-35654, GHSA-vqcj-wrf2-7v73, PYSEC-2021-70
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8apd-dsj2-9khf
12
url VCID-8mdk-5vqg-3ff9
vulnerability_id VCID-8mdk-5vqg-3ff9
summary In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11538.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11538.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-11538
reference_id
reference_type
scores
0
value 0.00267
scoring_system epss
scoring_elements 0.50331
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-11538
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11538
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11538
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-43fq-w8qq-v88h
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-43fq-w8qq-v88h
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-80.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-80.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security
8
reference_url https://github.com/python-pillow/Pillow/commit/2ef59fdbaeb756bc512ab3f2ad15ac45665b303d
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/2ef59fdbaeb756bc512ab3f2ad15ac45665b303d
9
reference_url https://github.com/python-pillow/Pillow/pull/4504
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/4504
10
reference_url https://github.com/python-pillow/Pillow/pull/4538
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/4538
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
15
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
16
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
17
reference_url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574574
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574574
18
reference_url https://usn.ubuntu.com/4430-1
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4430-1
19
reference_url https://usn.ubuntu.com/4430-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-1/
20
reference_url https://usn.ubuntu.com/4430-2
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4430-2
21
reference_url https://usn.ubuntu.com/4430-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-2/
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1852814
reference_id 1852814
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1852814
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-11538
reference_id CVE-2020-11538
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-11538
24
reference_url https://access.redhat.com/errata/RHSA-2020:3185
reference_id RHSA-2020:3185
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3185
25
reference_url https://access.redhat.com/errata/RHSA-2020:3299
reference_id RHSA-2020:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3299
26
reference_url https://access.redhat.com/errata/RHSA-2020:3302
reference_id RHSA-2020:3302
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3302
27
reference_url https://access.redhat.com/errata/RHSA-2021:0420
reference_id RHSA-2021:0420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0420
fixed_packages
0
url pkg:pypi/pillow@7.1.0
purl pkg:pypi/pillow@7.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-2jfs-uqp3-bqhc
2
vulnerability VCID-38rp-4m7c-4ue2
3
vulnerability VCID-5g7c-1486-7udv
4
vulnerability VCID-5q9f-rt3h-u3fx
5
vulnerability VCID-73b3-qaq6-jbhp
6
vulnerability VCID-7sua-cya7-gka4
7
vulnerability VCID-8apd-dsj2-9khf
8
vulnerability VCID-942z-u5pd-mye6
9
vulnerability VCID-9c72-qu4z-5kf7
10
vulnerability VCID-9x88-j4j1-kfe8
11
vulnerability VCID-ahkz-51ka-fbd6
12
vulnerability VCID-axd2-f48y-bfc8
13
vulnerability VCID-bje4-2uha-5ub7
14
vulnerability VCID-cetn-48cj-6ba8
15
vulnerability VCID-cmau-9zzd-rybf
16
vulnerability VCID-cwt1-ntk3-m7bw
17
vulnerability VCID-dayw-85a5-qba2
18
vulnerability VCID-ebcb-9v6a-kkeu
19
vulnerability VCID-gprf-a2wh-2kev
20
vulnerability VCID-hav3-e9x5-a3ch
21
vulnerability VCID-jfuf-62k6-tyem
22
vulnerability VCID-jypy-efwx-ybc8
23
vulnerability VCID-mj43-253b-m3dm
24
vulnerability VCID-mvhz-n5yp-73ch
25
vulnerability VCID-qd5b-unsy-97dz
26
vulnerability VCID-u4mn-ezb3-qkh3
27
vulnerability VCID-uhfy-dfrh-ayeh
28
vulnerability VCID-uwvh-bgst-t7ce
29
vulnerability VCID-v7pu-vaj7-zkev
30
vulnerability VCID-vh6h-7ru5-cqdt
31
vulnerability VCID-wjsn-e7sj-n3gv
32
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0
aliases BIT-pillow-2020-11538, CVE-2020-11538, GHSA-43fq-w8qq-v88h, PYSEC-2020-80
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8mdk-5vqg-3ff9
13
url VCID-942z-u5pd-mye6
vulnerability_id VCID-942z-u5pd-mye6
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25292.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25292.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25292
reference_id
reference_type
scores
0
value 0.00185
scoring_system epss
scoring_elements 0.39949
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25292
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25292
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25292
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-9hx2-hgq2-2g4f
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-9hx2-hgq2-2g4f
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-38.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-38.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c
8
reference_url https://github.com/python-pillow/Pillow/commit/521dab94c7ab72b037bd9a83e9663401e0fd2cee
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/521dab94c7ab72b037bd9a83e9663401e0fd2cee
9
reference_url https://github.com/python-pillow/Pillow/commit/6207b44ab1ff4a91d8ddc7579619876d0bb191a4
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/6207b44ab1ff4a91d8ddc7579619876d0bb191a4
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25292
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25292
11
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1934699
reference_id 1934699
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1934699
13
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
14
reference_url https://security.gentoo.org/glsa/202107-33
reference_id GLSA-202107-33
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
15
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
16
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
17
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-2jfs-uqp3-bqhc
2
vulnerability VCID-38rp-4m7c-4ue2
3
vulnerability VCID-5q9f-rt3h-u3fx
4
vulnerability VCID-73b3-qaq6-jbhp
5
vulnerability VCID-7sua-cya7-gka4
6
vulnerability VCID-9c72-qu4z-5kf7
7
vulnerability VCID-9x88-j4j1-kfe8
8
vulnerability VCID-ahkz-51ka-fbd6
9
vulnerability VCID-bje4-2uha-5ub7
10
vulnerability VCID-cetn-48cj-6ba8
11
vulnerability VCID-cmau-9zzd-rybf
12
vulnerability VCID-dayw-85a5-qba2
13
vulnerability VCID-gprf-a2wh-2kev
14
vulnerability VCID-hav3-e9x5-a3ch
15
vulnerability VCID-jfuf-62k6-tyem
16
vulnerability VCID-jypy-efwx-ybc8
17
vulnerability VCID-mj43-253b-m3dm
18
vulnerability VCID-qd5b-unsy-97dz
19
vulnerability VCID-uhfy-dfrh-ayeh
20
vulnerability VCID-uwvh-bgst-t7ce
21
vulnerability VCID-v7pu-vaj7-zkev
22
vulnerability VCID-vh6h-7ru5-cqdt
23
vulnerability VCID-wjsn-e7sj-n3gv
24
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases BIT-pillow-2021-25292, CVE-2021-25292, GHSA-9hx2-hgq2-2g4f, PYSEC-2021-38
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-942z-u5pd-mye6
14
url VCID-9c72-qu4z-5kf7
vulnerability_id VCID-9c72-qu4z-5kf7
summary arbitrary code execution
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34552.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34552.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-34552
reference_id
reference_type
scores
0
value 0.00337
scoring_system epss
scoring_elements 0.5674
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-34552
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34552
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34552
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-7534-mm45-c74v
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-7534-mm45-c74v
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-331.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-331.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/31c473898c29d1b7cb6555ce67d9503a4906b83f
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/31c473898c29d1b7cb6555ce67d9503a4906b83f
8
reference_url https://github.com/python-pillow/Pillow/pull/5567
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5567
9
reference_url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/
14
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow
15
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
16
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202211-10
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1982378
reference_id 1982378
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1982378
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991293
reference_id 991293
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991293
19
reference_url https://security.archlinux.org/ASA-202107-26
reference_id ASA-202107-26
reference_type
scores
url https://security.archlinux.org/ASA-202107-26
20
reference_url https://security.archlinux.org/AVG-2150
reference_id AVG-2150
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2150
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-34552
reference_id CVE-2021-34552
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-34552
22
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
23
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
24
reference_url https://usn.ubuntu.com/5227-1/
reference_id USN-5227-1
reference_type
scores
url https://usn.ubuntu.com/5227-1/
25
reference_url https://usn.ubuntu.com/5227-2/
reference_id USN-5227-2
reference_type
scores
url https://usn.ubuntu.com/5227-2/
fixed_packages
0
url pkg:pypi/pillow@8.3.0
purl pkg:pypi/pillow@8.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-38rp-4m7c-4ue2
2
vulnerability VCID-73b3-qaq6-jbhp
3
vulnerability VCID-7sua-cya7-gka4
4
vulnerability VCID-9x88-j4j1-kfe8
5
vulnerability VCID-cetn-48cj-6ba8
6
vulnerability VCID-dayw-85a5-qba2
7
vulnerability VCID-gprf-a2wh-2kev
8
vulnerability VCID-jfuf-62k6-tyem
9
vulnerability VCID-jypy-efwx-ybc8
10
vulnerability VCID-mj43-253b-m3dm
11
vulnerability VCID-qd5b-unsy-97dz
12
vulnerability VCID-vh6h-7ru5-cqdt
13
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.3.0
aliases BIT-pillow-2021-34552, CVE-2021-34552, GHSA-7534-mm45-c74v, PYSEC-2021-331
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9c72-qu4z-5kf7
15
url VCID-9x88-j4j1-kfe8
vulnerability_id VCID-9x88-j4j1-kfe8
summary Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42308.json
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42308.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42308
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03149
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42308
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
4
reference_url https://github.com/python-pillow/Pillow/releases/tag/12.2.0
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T15:02:54Z/
url https://github.com/python-pillow/Pillow/releases/tag/12.2.0
5
reference_url https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T15:02:54Z/
url https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42308
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42308
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2468457
reference_id 2468457
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2468457
8
reference_url https://github.com/advisories/GHSA-wjx4-4jcj-g98j
reference_id GHSA-wjx4-4jcj-g98j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wjx4-4jcj-g98j
fixed_packages
0
url pkg:pypi/pillow@12.2.0
purl pkg:pypi/pillow@12.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@12.2.0
aliases BIT-pillow-2026-42308, CVE-2026-42308, GHSA-wjx4-4jcj-g98j, PYSEC-2026-165
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9x88-j4j1-kfe8
16
url VCID-ahkz-51ka-fbd6
vulnerability_id VCID-ahkz-51ka-fbd6
summary An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25288.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25288.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25288
reference_id
reference_type
scores
0
value 0.00267
scoring_system epss
scoring_elements 0.50342
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25288
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25288
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25288
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-rwv7-3v45-hg29
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rwv7-3v45-hg29
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-138.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-138.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
8
reference_url https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25288
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25288
12
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1958231
reference_id 1958231
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1958231
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
reference_id 989062
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
15
reference_url https://security.gentoo.org/glsa/202107-33
reference_id GLSA-202107-33
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
16
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
17
reference_url https://usn.ubuntu.com/4963-1/
reference_id USN-4963-1
reference_type
scores
url https://usn.ubuntu.com/4963-1/
18
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-38rp-4m7c-4ue2
2
vulnerability VCID-73b3-qaq6-jbhp
3
vulnerability VCID-7sua-cya7-gka4
4
vulnerability VCID-9c72-qu4z-5kf7
5
vulnerability VCID-9x88-j4j1-kfe8
6
vulnerability VCID-cetn-48cj-6ba8
7
vulnerability VCID-dayw-85a5-qba2
8
vulnerability VCID-gprf-a2wh-2kev
9
vulnerability VCID-jfuf-62k6-tyem
10
vulnerability VCID-jypy-efwx-ybc8
11
vulnerability VCID-mj43-253b-m3dm
12
vulnerability VCID-qd5b-unsy-97dz
13
vulnerability VCID-vh6h-7ru5-cqdt
14
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases BIT-pillow-2021-25288, CVE-2021-25288, GHSA-rwv7-3v45-hg29, PYSEC-2021-138
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ahkz-51ka-fbd6
17
url VCID-axd2-f48y-bfc8
vulnerability_id VCID-axd2-f48y-bfc8
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25290.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25290.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25290
reference_id
reference_type
scores
0
value 0.00261
scoring_system epss
scoring_elements 0.4962
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25290
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25290
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25290
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-8xjq-8fcg-g5hw
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-8xjq-8fcg-g5hw
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-36.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-36.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/86f02f7c70862a0954bfe8133736d352db978eaa
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/86f02f7c70862a0954bfe8133736d352db978eaa
8
reference_url https://github.com/python-pillow/Pillow/commit/e25be1e33dc526bfd1094bc778a54d8e29bf66c9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/e25be1e33dc526bfd1094bc778a54d8e29bf66c9
9
reference_url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25290
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25290
11
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1934685
reference_id 1934685
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1934685
13
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
14
reference_url https://security.gentoo.org/glsa/202107-33
reference_id GLSA-202107-33
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
15
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
16
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
17
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
18
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-2jfs-uqp3-bqhc
2
vulnerability VCID-38rp-4m7c-4ue2
3
vulnerability VCID-5q9f-rt3h-u3fx
4
vulnerability VCID-73b3-qaq6-jbhp
5
vulnerability VCID-7sua-cya7-gka4
6
vulnerability VCID-9c72-qu4z-5kf7
7
vulnerability VCID-9x88-j4j1-kfe8
8
vulnerability VCID-ahkz-51ka-fbd6
9
vulnerability VCID-bje4-2uha-5ub7
10
vulnerability VCID-cetn-48cj-6ba8
11
vulnerability VCID-cmau-9zzd-rybf
12
vulnerability VCID-dayw-85a5-qba2
13
vulnerability VCID-gprf-a2wh-2kev
14
vulnerability VCID-hav3-e9x5-a3ch
15
vulnerability VCID-jfuf-62k6-tyem
16
vulnerability VCID-jypy-efwx-ybc8
17
vulnerability VCID-mj43-253b-m3dm
18
vulnerability VCID-qd5b-unsy-97dz
19
vulnerability VCID-uhfy-dfrh-ayeh
20
vulnerability VCID-uwvh-bgst-t7ce
21
vulnerability VCID-v7pu-vaj7-zkev
22
vulnerability VCID-vh6h-7ru5-cqdt
23
vulnerability VCID-wjsn-e7sj-n3gv
24
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases BIT-pillow-2021-25290, CVE-2021-25290, GHSA-8xjq-8fcg-g5hw, PYSEC-2021-36
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-axd2-f48y-bfc8
18
url VCID-bje4-2uha-5ub7
vulnerability_id VCID-bje4-2uha-5ub7
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27921.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27921.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27921
reference_id
reference_type
scores
0
value 0.00425
scoring_system epss
scoring_elements 0.62508
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27921
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27921
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27921
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-f4w8-cv6p-x6r5
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f4w8-cv6p-x6r5
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-40.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-40.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27921
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27921
18
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
19
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1935384
reference_id 1935384
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1935384
21
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
22
reference_url https://security.gentoo.org/glsa/202107-33
reference_id GLSA-202107-33
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
23
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
24
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
25
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-2jfs-uqp3-bqhc
2
vulnerability VCID-38rp-4m7c-4ue2
3
vulnerability VCID-5q9f-rt3h-u3fx
4
vulnerability VCID-73b3-qaq6-jbhp
5
vulnerability VCID-7sua-cya7-gka4
6
vulnerability VCID-9c72-qu4z-5kf7
7
vulnerability VCID-9x88-j4j1-kfe8
8
vulnerability VCID-ahkz-51ka-fbd6
9
vulnerability VCID-bje4-2uha-5ub7
10
vulnerability VCID-cetn-48cj-6ba8
11
vulnerability VCID-cmau-9zzd-rybf
12
vulnerability VCID-dayw-85a5-qba2
13
vulnerability VCID-gprf-a2wh-2kev
14
vulnerability VCID-hav3-e9x5-a3ch
15
vulnerability VCID-jfuf-62k6-tyem
16
vulnerability VCID-jypy-efwx-ybc8
17
vulnerability VCID-mj43-253b-m3dm
18
vulnerability VCID-qd5b-unsy-97dz
19
vulnerability VCID-uhfy-dfrh-ayeh
20
vulnerability VCID-uwvh-bgst-t7ce
21
vulnerability VCID-v7pu-vaj7-zkev
22
vulnerability VCID-vh6h-7ru5-cqdt
23
vulnerability VCID-wjsn-e7sj-n3gv
24
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
1
url pkg:pypi/pillow@8.1.2
purl pkg:pypi/pillow@8.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-38rp-4m7c-4ue2
2
vulnerability VCID-73b3-qaq6-jbhp
3
vulnerability VCID-7sua-cya7-gka4
4
vulnerability VCID-9c72-qu4z-5kf7
5
vulnerability VCID-9x88-j4j1-kfe8
6
vulnerability VCID-ahkz-51ka-fbd6
7
vulnerability VCID-cetn-48cj-6ba8
8
vulnerability VCID-cmau-9zzd-rybf
9
vulnerability VCID-dayw-85a5-qba2
10
vulnerability VCID-gprf-a2wh-2kev
11
vulnerability VCID-hav3-e9x5-a3ch
12
vulnerability VCID-jfuf-62k6-tyem
13
vulnerability VCID-jypy-efwx-ybc8
14
vulnerability VCID-mj43-253b-m3dm
15
vulnerability VCID-qd5b-unsy-97dz
16
vulnerability VCID-uhfy-dfrh-ayeh
17
vulnerability VCID-uwvh-bgst-t7ce
18
vulnerability VCID-v7pu-vaj7-zkev
19
vulnerability VCID-vh6h-7ru5-cqdt
20
vulnerability VCID-wjsn-e7sj-n3gv
21
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2
aliases BIT-pillow-2021-27921, CVE-2021-27921, GHSA-f4w8-cv6p-x6r5, PYSEC-2021-40
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bje4-2uha-5ub7
19
url VCID-cetn-48cj-6ba8
vulnerability_id VCID-cetn-48cj-6ba8
summary Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-45198
reference_id
reference_type
scores
0
value 0.00334
scoring_system epss
scoring_elements 0.56462
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-45198
1
reference_url https://bugs.gentoo.org/855683
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.gentoo.org/855683
2
reference_url https://cwe.mitre.org/data/definitions/409.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwe.mitre.org/data/definitions/409.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-42979.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-42979.yaml
5
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
6
reference_url https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4
7
reference_url https://github.com/python-pillow/Pillow/pull/6402
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/6402
8
reference_url https://github.com/python-pillow/Pillow/pull/6402/commits/c9f1b35e981075110a23487a8d4a6cbb59a588ea
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/6402/commits/c9f1b35e981075110a23487a8d4a6cbb59a588ea
9
reference_url https://github.com/python-pillow/Pillow/releases/tag/9.2.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/releases/tag/9.2.0
10
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202211-10
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-45198
reference_id CVE-2022-45198
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-45198
12
reference_url https://github.com/advisories/GHSA-m2vv-5vj5-2hm7
reference_id GHSA-m2vv-5vj5-2hm7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m2vv-5vj5-2hm7
13
reference_url https://usn.ubuntu.com/5777-1/
reference_id USN-5777-1
reference_type
scores
url https://usn.ubuntu.com/5777-1/
14
reference_url https://usn.ubuntu.com/USN-5777-2/
reference_id USN-USN-5777-2
reference_type
scores
url https://usn.ubuntu.com/USN-5777-2/
fixed_packages
0
url pkg:pypi/pillow@9.2.0
purl pkg:pypi/pillow@9.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-38rp-4m7c-4ue2
2
vulnerability VCID-7y17-2827-cffm
3
vulnerability VCID-9x88-j4j1-kfe8
4
vulnerability VCID-dayw-85a5-qba2
5
vulnerability VCID-jfuf-62k6-tyem
6
vulnerability VCID-jypy-efwx-ybc8
7
vulnerability VCID-vh6h-7ru5-cqdt
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.2.0
aliases BIT-pillow-2022-45198, CVE-2022-45198, GHSA-m2vv-5vj5-2hm7, PYSEC-2022-42979
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cetn-48cj-6ba8
20
url VCID-cmau-9zzd-rybf
vulnerability_id VCID-cmau-9zzd-rybf
summary An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28677.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28677.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28677
reference_id
reference_type
scores
0
value 0.00286
scoring_system epss
scoring_elements 0.52288
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28677
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28677
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28677
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-q5hq-fp76-qmrc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-q5hq-fp76-qmrc
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-93.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-93.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92
8
reference_url https://github.com/python-pillow/Pillow/pull/5377
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5377
9
reference_url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28677
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28677
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1958257
reference_id 1958257
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1958257
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
reference_id 989062
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
16
reference_url https://security.gentoo.org/glsa/202107-33
reference_id GLSA-202107-33
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
17
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
18
reference_url https://usn.ubuntu.com/4963-1/
reference_id USN-4963-1
reference_type
scores
url https://usn.ubuntu.com/4963-1/
19
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-38rp-4m7c-4ue2
2
vulnerability VCID-73b3-qaq6-jbhp
3
vulnerability VCID-7sua-cya7-gka4
4
vulnerability VCID-9c72-qu4z-5kf7
5
vulnerability VCID-9x88-j4j1-kfe8
6
vulnerability VCID-cetn-48cj-6ba8
7
vulnerability VCID-dayw-85a5-qba2
8
vulnerability VCID-gprf-a2wh-2kev
9
vulnerability VCID-jfuf-62k6-tyem
10
vulnerability VCID-jypy-efwx-ybc8
11
vulnerability VCID-mj43-253b-m3dm
12
vulnerability VCID-qd5b-unsy-97dz
13
vulnerability VCID-vh6h-7ru5-cqdt
14
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases BIT-pillow-2021-28677, CVE-2021-28677, GHSA-q5hq-fp76-qmrc, PYSEC-2021-93
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cmau-9zzd-rybf
21
url VCID-cwt1-ntk3-m7bw
vulnerability_id VCID-cwt1-ntk3-m7bw
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25289.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25289.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25289
reference_id
reference_type
scores
0
value 0.00762
scoring_system epss
scoring_elements 0.73673
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25289
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25289
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25289
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-57h3-9rgr-c24m
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-57h3-9rgr-c24m
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-35.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-35.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/3fee28eb9479bf7d59e0fa08068f9cc4a6e2f04c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/3fee28eb9479bf7d59e0fa08068f9cc4a6e2f04c
8
reference_url https://github.com/python-pillow/Pillow/commit/cbfdde7b1f2295059a20a539ee9960f0bec7b299
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/cbfdde7b1f2295059a20a539ee9960f0bec7b299
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25289
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25289
10
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1934680
reference_id 1934680
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1934680
12
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
13
reference_url https://security.gentoo.org/glsa/202107-33
reference_id GLSA-202107-33
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
14
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
15
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-2jfs-uqp3-bqhc
2
vulnerability VCID-38rp-4m7c-4ue2
3
vulnerability VCID-5q9f-rt3h-u3fx
4
vulnerability VCID-73b3-qaq6-jbhp
5
vulnerability VCID-7sua-cya7-gka4
6
vulnerability VCID-9c72-qu4z-5kf7
7
vulnerability VCID-9x88-j4j1-kfe8
8
vulnerability VCID-ahkz-51ka-fbd6
9
vulnerability VCID-bje4-2uha-5ub7
10
vulnerability VCID-cetn-48cj-6ba8
11
vulnerability VCID-cmau-9zzd-rybf
12
vulnerability VCID-dayw-85a5-qba2
13
vulnerability VCID-gprf-a2wh-2kev
14
vulnerability VCID-hav3-e9x5-a3ch
15
vulnerability VCID-jfuf-62k6-tyem
16
vulnerability VCID-jypy-efwx-ybc8
17
vulnerability VCID-mj43-253b-m3dm
18
vulnerability VCID-qd5b-unsy-97dz
19
vulnerability VCID-uhfy-dfrh-ayeh
20
vulnerability VCID-uwvh-bgst-t7ce
21
vulnerability VCID-v7pu-vaj7-zkev
22
vulnerability VCID-vh6h-7ru5-cqdt
23
vulnerability VCID-wjsn-e7sj-n3gv
24
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases BIT-pillow-2021-25289, CVE-2021-25289, GHSA-57h3-9rgr-c24m, PYSEC-2021-35
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cwt1-ntk3-m7bw
22
url VCID-dayw-85a5-qba2
vulnerability_id VCID-dayw-85a5-qba2
summary 
Pillow buffer overflow vulnerability
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28219.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28219.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28219
reference_id
reference_type
scores
0
value 0.00354
scoring_system epss
scoring_elements 0.58013
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28219
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
4
reference_url https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061
5
reference_url https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:R
2
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-03T18:09:55Z/
url https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M
7
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:R
1
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-03T18:09:55Z/
url https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2272563
reference_id 2272563
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2272563
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M/
reference_id 4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:R
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-03T18:09:55Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M/
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28219
reference_id CVE-2024-28219
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28219
11
reference_url https://github.com/advisories/GHSA-44wm-f244-xhp3
reference_id GHSA-44wm-f244-xhp3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-44wm-f244-xhp3
12
reference_url https://security.gentoo.org/glsa/202411-07
reference_id GLSA-202411-07
reference_type
scores
url https://security.gentoo.org/glsa/202411-07
13
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
14
reference_url https://access.redhat.com/errata/RHSA-2024:4227
reference_id RHSA-2024:4227
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4227
15
reference_url https://access.redhat.com/errata/RHSA-2024:5662
reference_id RHSA-2024:5662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5662
16
reference_url https://usn.ubuntu.com/6744-1/
reference_id USN-6744-1
reference_type
scores
url https://usn.ubuntu.com/6744-1/
17
reference_url https://usn.ubuntu.com/6744-2/
reference_id USN-6744-2
reference_type
scores
url https://usn.ubuntu.com/6744-2/
18
reference_url https://usn.ubuntu.com/6744-3/
reference_id USN-6744-3
reference_type
scores
url https://usn.ubuntu.com/6744-3/
fixed_packages
0
url pkg:pypi/pillow@10.3.0
purl pkg:pypi/pillow@10.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9x88-j4j1-kfe8
1
vulnerability VCID-bnps-2xy8-x3gt
2
vulnerability VCID-txe7-yuu7-3qhj
3
vulnerability VCID-v5xc-5ttc-bqff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.3.0
aliases CVE-2024-28219, GHSA-44wm-f244-xhp3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dayw-85a5-qba2
23
url VCID-ebcb-9v6a-kkeu
vulnerability_id VCID-ebcb-9v6a-kkeu
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35653.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35653.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35653
reference_id
reference_type
scores
0
value 0.00293
scoring_system epss
scoring_elements 0.52875
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35653
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35653
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-f5g8-5qq7-938w
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-f5g8-5qq7-938w
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-69.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-69.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf
8
reference_url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-35653
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-35653
14
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1915420
reference_id 1915420
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1915420
16
reference_url https://security.archlinux.org/ASA-202101-11
reference_id ASA-202101-11
reference_type
scores
url https://security.archlinux.org/ASA-202101-11
17
reference_url https://security.archlinux.org/AVG-1438
reference_id AVG-1438
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1438
18
reference_url https://security.gentoo.org/glsa/202101-08
reference_id GLSA-202101-08
reference_type
scores
url https://security.gentoo.org/glsa/202101-08
19
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
20
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
21
reference_url https://usn.ubuntu.com/4697-1/
reference_id USN-4697-1
reference_type
scores
url https://usn.ubuntu.com/4697-1/
22
reference_url https://usn.ubuntu.com/4697-2/
reference_id USN-4697-2
reference_type
scores
url https://usn.ubuntu.com/4697-2/
fixed_packages
0
url pkg:pypi/pillow@8.1.0
purl pkg:pypi/pillow@8.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-2jfs-uqp3-bqhc
2
vulnerability VCID-38rp-4m7c-4ue2
3
vulnerability VCID-5q9f-rt3h-u3fx
4
vulnerability VCID-73b3-qaq6-jbhp
5
vulnerability VCID-7sua-cya7-gka4
6
vulnerability VCID-942z-u5pd-mye6
7
vulnerability VCID-9c72-qu4z-5kf7
8
vulnerability VCID-9x88-j4j1-kfe8
9
vulnerability VCID-ahkz-51ka-fbd6
10
vulnerability VCID-axd2-f48y-bfc8
11
vulnerability VCID-bje4-2uha-5ub7
12
vulnerability VCID-cetn-48cj-6ba8
13
vulnerability VCID-cmau-9zzd-rybf
14
vulnerability VCID-cwt1-ntk3-m7bw
15
vulnerability VCID-dayw-85a5-qba2
16
vulnerability VCID-gprf-a2wh-2kev
17
vulnerability VCID-hav3-e9x5-a3ch
18
vulnerability VCID-jfuf-62k6-tyem
19
vulnerability VCID-jypy-efwx-ybc8
20
vulnerability VCID-mj43-253b-m3dm
21
vulnerability VCID-mvhz-n5yp-73ch
22
vulnerability VCID-qd5b-unsy-97dz
23
vulnerability VCID-u4mn-ezb3-qkh3
24
vulnerability VCID-uhfy-dfrh-ayeh
25
vulnerability VCID-uwvh-bgst-t7ce
26
vulnerability VCID-v7pu-vaj7-zkev
27
vulnerability VCID-vh6h-7ru5-cqdt
28
vulnerability VCID-wjsn-e7sj-n3gv
29
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.0
aliases BIT-pillow-2020-35653, CVE-2020-35653, GHSA-f5g8-5qq7-938w, PYSEC-2021-69
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ebcb-9v6a-kkeu
24
url VCID-fns1-8rfu-suar
vulnerability_id VCID-fns1-8rfu-suar
summary The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3598.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3598.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3598
reference_id
reference_type
scores
0
value 0.00403
scoring_system epss
scoring_elements 0.6112
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3598
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3598
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3598
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2015-15.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2015-15.yaml
5
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
6
reference_url https://github.com/python-pillow/Pillow/commit/347a1d8d956f9e64af4463ee25311b60cdd5657d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/347a1d8d956f9e64af4463ee25311b60cdd5657d
7
reference_url https://pypi.python.org/pypi/Pillow/2.5.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.python.org/pypi/Pillow/2.5.3
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1163441
reference_id 1163441
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1163441
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3598
reference_id CVE-2014-3598
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3598
10
reference_url https://github.com/advisories/GHSA-j6f7-g425-4gmx
reference_id GHSA-j6f7-g425-4gmx
reference_type
scores
url https://github.com/advisories/GHSA-j6f7-g425-4gmx
fixed_packages
0
url pkg:pypi/pillow@2.5.3
purl pkg:pypi/pillow@2.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-129s-129z-nygm
1
vulnerability VCID-25gs-7e4x-9yga
2
vulnerability VCID-2jfs-uqp3-bqhc
3
vulnerability VCID-38rp-4m7c-4ue2
4
vulnerability VCID-5pa7-anfu-dff2
5
vulnerability VCID-5q9f-rt3h-u3fx
6
vulnerability VCID-73b3-qaq6-jbhp
7
vulnerability VCID-7sua-cya7-gka4
8
vulnerability VCID-83et-rgnm-euc1
9
vulnerability VCID-845b-aeaq-3feb
10
vulnerability VCID-8apd-dsj2-9khf
11
vulnerability VCID-8mdk-5vqg-3ff9
12
vulnerability VCID-942z-u5pd-mye6
13
vulnerability VCID-9c72-qu4z-5kf7
14
vulnerability VCID-9x88-j4j1-kfe8
15
vulnerability VCID-ahkz-51ka-fbd6
16
vulnerability VCID-axd2-f48y-bfc8
17
vulnerability VCID-bje4-2uha-5ub7
18
vulnerability VCID-cetn-48cj-6ba8
19
vulnerability VCID-cmau-9zzd-rybf
20
vulnerability VCID-cwt1-ntk3-m7bw
21
vulnerability VCID-dayw-85a5-qba2
22
vulnerability VCID-ebcb-9v6a-kkeu
23
vulnerability VCID-gprf-a2wh-2kev
24
vulnerability VCID-gzp4-1t5f-ryht
25
vulnerability VCID-hasv-eaqf-9kdn
26
vulnerability VCID-hav3-e9x5-a3ch
27
vulnerability VCID-j1t4-wd8r-dybq
28
vulnerability VCID-j538-67dv-jkbw
29
vulnerability VCID-jfuf-62k6-tyem
30
vulnerability VCID-js6q-sank-e3d3
31
vulnerability VCID-jypy-efwx-ybc8
32
vulnerability VCID-mj43-253b-m3dm
33
vulnerability VCID-mvhz-n5yp-73ch
34
vulnerability VCID-mz11-74c9-nyg4
35
vulnerability VCID-pfk8-a2qg-jbhb
36
vulnerability VCID-qd5b-unsy-97dz
37
vulnerability VCID-r226-tfhq-cuhv
38
vulnerability VCID-rw7n-6hbe-43ef
39
vulnerability VCID-t6m2-dbrf-v3gy
40
vulnerability VCID-u4mn-ezb3-qkh3
41
vulnerability VCID-uhfy-dfrh-ayeh
42
vulnerability VCID-uwvh-bgst-t7ce
43
vulnerability VCID-uxdf-6rrb-sbe3
44
vulnerability VCID-v7pu-vaj7-zkev
45
vulnerability VCID-vh6h-7ru5-cqdt
46
vulnerability VCID-vmfr-8ypx-4uaw
47
vulnerability VCID-vs1g-f7nv-cqar
48
vulnerability VCID-vvca-akc1-uubk
49
vulnerability VCID-vx51-x6y6-h7ch
50
vulnerability VCID-wjsn-e7sj-n3gv
51
vulnerability VCID-wpn4-pqtk-tqb6
52
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.5.3
aliases CVE-2014-3598, GHSA-j6f7-g425-4gmx, PYSEC-2015-15
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fns1-8rfu-suar
25
url VCID-g4xk-8bvx-zyhz
vulnerability_id VCID-g4xk-8bvx-zyhz
summary Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.
references
0
reference_url http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3007.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3007.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3007
reference_id
reference_type
scores
0
value 0.03641
scoring_system epss
scoring_elements 0.88046
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3007
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3007
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3007
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-87.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-87.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3007
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3007
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1094101
reference_id 1094101
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1094101
9
reference_url https://github.com/advisories/GHSA-8m9x-pxwq-j236
reference_id GHSA-8m9x-pxwq-j236
reference_type
scores
url https://github.com/advisories/GHSA-8m9x-pxwq-j236
fixed_packages
0
url pkg:pypi/pillow@2.5.0
purl pkg:pypi/pillow@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-129s-129z-nygm
1
vulnerability VCID-25gs-7e4x-9yga
2
vulnerability VCID-2jfs-uqp3-bqhc
3
vulnerability VCID-38rp-4m7c-4ue2
4
vulnerability VCID-5pa7-anfu-dff2
5
vulnerability VCID-5q9f-rt3h-u3fx
6
vulnerability VCID-73b3-qaq6-jbhp
7
vulnerability VCID-7sua-cya7-gka4
8
vulnerability VCID-83et-rgnm-euc1
9
vulnerability VCID-845b-aeaq-3feb
10
vulnerability VCID-8apd-dsj2-9khf
11
vulnerability VCID-8mdk-5vqg-3ff9
12
vulnerability VCID-942z-u5pd-mye6
13
vulnerability VCID-9c72-qu4z-5kf7
14
vulnerability VCID-9x88-j4j1-kfe8
15
vulnerability VCID-ahkz-51ka-fbd6
16
vulnerability VCID-axd2-f48y-bfc8
17
vulnerability VCID-bje4-2uha-5ub7
18
vulnerability VCID-cetn-48cj-6ba8
19
vulnerability VCID-cmau-9zzd-rybf
20
vulnerability VCID-cwt1-ntk3-m7bw
21
vulnerability VCID-dayw-85a5-qba2
22
vulnerability VCID-ebcb-9v6a-kkeu
23
vulnerability VCID-fns1-8rfu-suar
24
vulnerability VCID-gprf-a2wh-2kev
25
vulnerability VCID-gzp4-1t5f-ryht
26
vulnerability VCID-hasv-eaqf-9kdn
27
vulnerability VCID-hav3-e9x5-a3ch
28
vulnerability VCID-j1t4-wd8r-dybq
29
vulnerability VCID-j538-67dv-jkbw
30
vulnerability VCID-jfuf-62k6-tyem
31
vulnerability VCID-js6q-sank-e3d3
32
vulnerability VCID-jsqz-ry1z-a7ck
33
vulnerability VCID-jypy-efwx-ybc8
34
vulnerability VCID-mj43-253b-m3dm
35
vulnerability VCID-mvhz-n5yp-73ch
36
vulnerability VCID-mz11-74c9-nyg4
37
vulnerability VCID-pfk8-a2qg-jbhb
38
vulnerability VCID-qd5b-unsy-97dz
39
vulnerability VCID-r226-tfhq-cuhv
40
vulnerability VCID-rw7n-6hbe-43ef
41
vulnerability VCID-t6m2-dbrf-v3gy
42
vulnerability VCID-u4mn-ezb3-qkh3
43
vulnerability VCID-uhfy-dfrh-ayeh
44
vulnerability VCID-uwvh-bgst-t7ce
45
vulnerability VCID-uxdf-6rrb-sbe3
46
vulnerability VCID-v7pu-vaj7-zkev
47
vulnerability VCID-vh6h-7ru5-cqdt
48
vulnerability VCID-vmfr-8ypx-4uaw
49
vulnerability VCID-vs1g-f7nv-cqar
50
vulnerability VCID-vvca-akc1-uubk
51
vulnerability VCID-vx51-x6y6-h7ch
52
vulnerability VCID-wjsn-e7sj-n3gv
53
vulnerability VCID-wpn4-pqtk-tqb6
54
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.5.0
aliases CVE-2014-3007, GHSA-8m9x-pxwq-j236, PYSEC-2014-87
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g4xk-8bvx-zyhz
26
url VCID-gprf-a2wh-2kev
vulnerability_id VCID-gprf-a2wh-2kev
summary PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22817.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22817.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22817
reference_id
reference_type
scores
0
value 0.02781
scoring_system epss
scoring_elements 0.86321
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22817
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-8vj2-vxx3-667w
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-8vj2-vxx3-667w
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-10.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-10.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11
10
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
11
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
12
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
14
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://security.gentoo.org/glsa/202211-10
15
reference_url https://www.debian.org/security/2022/dsa-5053
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://www.debian.org/security/2022/dsa-5053
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2042527
reference_id 2042527
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2042527
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22817
reference_id CVE-2022-22817
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22817
18
reference_url https://access.redhat.com/errata/RHSA-2022:0609
reference_id RHSA-2022:0609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0609
19
reference_url https://access.redhat.com/errata/RHSA-2022:0643
reference_id RHSA-2022:0643
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0643
20
reference_url https://access.redhat.com/errata/RHSA-2022:0665
reference_id RHSA-2022:0665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0665
21
reference_url https://access.redhat.com/errata/RHSA-2022:0667
reference_id RHSA-2022:0667
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0667
22
reference_url https://access.redhat.com/errata/RHSA-2022:0669
reference_id RHSA-2022:0669
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0669
23
reference_url https://usn.ubuntu.com/5227-1/
reference_id USN-5227-1
reference_type
scores
url https://usn.ubuntu.com/5227-1/
24
reference_url https://usn.ubuntu.com/5227-2/
reference_id USN-5227-2
reference_type
scores
url https://usn.ubuntu.com/5227-2/
25
reference_url https://usn.ubuntu.com/5227-3/
reference_id USN-5227-3
reference_type
scores
url https://usn.ubuntu.com/5227-3/
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-38rp-4m7c-4ue2
2
vulnerability VCID-73b3-qaq6-jbhp
3
vulnerability VCID-9x88-j4j1-kfe8
4
vulnerability VCID-cetn-48cj-6ba8
5
vulnerability VCID-dayw-85a5-qba2
6
vulnerability VCID-gprf-a2wh-2kev
7
vulnerability VCID-jfuf-62k6-tyem
8
vulnerability VCID-jypy-efwx-ybc8
9
vulnerability VCID-vh6h-7ru5-cqdt
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
1
url pkg:pypi/pillow@9.0.1
purl pkg:pypi/pillow@9.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-38rp-4m7c-4ue2
2
vulnerability VCID-9x88-j4j1-kfe8
3
vulnerability VCID-cetn-48cj-6ba8
4
vulnerability VCID-dayw-85a5-qba2
5
vulnerability VCID-jfuf-62k6-tyem
6
vulnerability VCID-jypy-efwx-ybc8
7
vulnerability VCID-vh6h-7ru5-cqdt
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.1
aliases BIT-pillow-2022-22817, CVE-2022-22817, GHSA-8vj2-vxx3-667w, PYSEC-2022-10
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gprf-a2wh-2kev
27
url VCID-gzp4-1t5f-ryht
vulnerability_id VCID-gzp4-1t5f-ryht
summary libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0566
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0566
1
reference_url https://access.redhat.com/errata/RHSA-2020:0578
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0578
2
reference_url https://access.redhat.com/errata/RHSA-2020:0580
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0580
3
reference_url https://access.redhat.com/errata/RHSA-2020:0681
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0681
4
reference_url https://access.redhat.com/errata/RHSA-2020:0683
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0683
5
reference_url https://access.redhat.com/errata/RHSA-2020:0694
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0694
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5312.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5312.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5312
reference_id
reference_type
scores
0
value 0.01753
scoring_system epss
scoring_elements 0.8289
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5312
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19911
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5312
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5312
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5313
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5313
11
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
12
reference_url https://github.com/advisories/GHSA-p49h-hjvm-jg3h
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-p49h-hjvm-jg3h
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-83.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-83.yaml
14
reference_url https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-83.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-83.yaml
15
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
16
reference_url https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
21
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
22
reference_url https://usn.ubuntu.com/4272-1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4272-1
23
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
24
reference_url https://www.debian.org/security/2020/dsa-4631
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4631
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1789533
reference_id 1789533
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1789533
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948224
reference_id 948224
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948224
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5312
reference_id CVE-2020-5312
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-5312
28
reference_url https://access.redhat.com/errata/RHSA-2020:0898
reference_id RHSA-2020:0898
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0898
29
reference_url https://access.redhat.com/errata/RHSA-2021:0420
reference_id RHSA-2021:0420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0420
fixed_packages
0
url pkg:pypi/pillow@6.2.2
purl pkg:pypi/pillow@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-2jfs-uqp3-bqhc
2
vulnerability VCID-38rp-4m7c-4ue2
3
vulnerability VCID-5g7c-1486-7udv
4
vulnerability VCID-5q9f-rt3h-u3fx
5
vulnerability VCID-73b3-qaq6-jbhp
6
vulnerability VCID-7sua-cya7-gka4
7
vulnerability VCID-845b-aeaq-3feb
8
vulnerability VCID-8apd-dsj2-9khf
9
vulnerability VCID-8mdk-5vqg-3ff9
10
vulnerability VCID-942z-u5pd-mye6
11
vulnerability VCID-9c72-qu4z-5kf7
12
vulnerability VCID-9x88-j4j1-kfe8
13
vulnerability VCID-ahkz-51ka-fbd6
14
vulnerability VCID-axd2-f48y-bfc8
15
vulnerability VCID-bje4-2uha-5ub7
16
vulnerability VCID-cetn-48cj-6ba8
17
vulnerability VCID-cmau-9zzd-rybf
18
vulnerability VCID-cwt1-ntk3-m7bw
19
vulnerability VCID-dayw-85a5-qba2
20
vulnerability VCID-ebcb-9v6a-kkeu
21
vulnerability VCID-gprf-a2wh-2kev
22
vulnerability VCID-hav3-e9x5-a3ch
23
vulnerability VCID-j538-67dv-jkbw
24
vulnerability VCID-jfuf-62k6-tyem
25
vulnerability VCID-jypy-efwx-ybc8
26
vulnerability VCID-mj43-253b-m3dm
27
vulnerability VCID-mvhz-n5yp-73ch
28
vulnerability VCID-mz11-74c9-nyg4
29
vulnerability VCID-qd5b-unsy-97dz
30
vulnerability VCID-u4mn-ezb3-qkh3
31
vulnerability VCID-uhfy-dfrh-ayeh
32
vulnerability VCID-uwvh-bgst-t7ce
33
vulnerability VCID-v7pu-vaj7-zkev
34
vulnerability VCID-vh6h-7ru5-cqdt
35
vulnerability VCID-wjsn-e7sj-n3gv
36
vulnerability VCID-wpn4-pqtk-tqb6
37
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2
aliases BIT-pillow-2020-5312, CVE-2020-5312, GHSA-p49h-hjvm-jg3h, PYSEC-2020-83
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gzp4-1t5f-ryht
28
url VCID-hasv-eaqf-9kdn
vulnerability_id VCID-hasv-eaqf-9kdn
summary There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19911.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19911.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19911
reference_id
reference_type
scores
0
value 0.0096
scoring_system epss
scoring_elements 0.76784
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19911
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19911
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5312
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5312
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5313
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5313
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-5gm3-px64-rw72
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-5gm3-px64-rw72
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-172.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-172.yaml
8
reference_url https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst#622-2020-01-02
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst#622-2020-01-02
9
reference_url https://github.com/python-pillow/Pillow/commit/774e53bb132461d8d5ebefec1162e29ec0ebc63d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/774e53bb132461d8d5ebefec1162e29ec0ebc63d
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
12
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
13
reference_url https://usn.ubuntu.com/4272-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4272-1
14
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
15
reference_url https://www.debian.org/security/2020/dsa-4631
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4631
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1789540
reference_id 1789540
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1789540
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948224
reference_id 948224
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948224
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19911
reference_id CVE-2019-19911
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19911
19
reference_url https://access.redhat.com/errata/RHSA-2021:0420
reference_id RHSA-2021:0420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0420
fixed_packages
0
url pkg:pypi/pillow@6.2.2
purl pkg:pypi/pillow@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-2jfs-uqp3-bqhc
2
vulnerability VCID-38rp-4m7c-4ue2
3
vulnerability VCID-5g7c-1486-7udv
4
vulnerability VCID-5q9f-rt3h-u3fx
5
vulnerability VCID-73b3-qaq6-jbhp
6
vulnerability VCID-7sua-cya7-gka4
7
vulnerability VCID-845b-aeaq-3feb
8
vulnerability VCID-8apd-dsj2-9khf
9
vulnerability VCID-8mdk-5vqg-3ff9
10
vulnerability VCID-942z-u5pd-mye6
11
vulnerability VCID-9c72-qu4z-5kf7
12
vulnerability VCID-9x88-j4j1-kfe8
13
vulnerability VCID-ahkz-51ka-fbd6
14
vulnerability VCID-axd2-f48y-bfc8
15
vulnerability VCID-bje4-2uha-5ub7
16
vulnerability VCID-cetn-48cj-6ba8
17
vulnerability VCID-cmau-9zzd-rybf
18
vulnerability VCID-cwt1-ntk3-m7bw
19
vulnerability VCID-dayw-85a5-qba2
20
vulnerability VCID-ebcb-9v6a-kkeu
21
vulnerability VCID-gprf-a2wh-2kev
22
vulnerability VCID-hav3-e9x5-a3ch
23
vulnerability VCID-j538-67dv-jkbw
24
vulnerability VCID-jfuf-62k6-tyem
25
vulnerability VCID-jypy-efwx-ybc8
26
vulnerability VCID-mj43-253b-m3dm
27
vulnerability VCID-mvhz-n5yp-73ch
28
vulnerability VCID-mz11-74c9-nyg4
29
vulnerability VCID-qd5b-unsy-97dz
30
vulnerability VCID-u4mn-ezb3-qkh3
31
vulnerability VCID-uhfy-dfrh-ayeh
32
vulnerability VCID-uwvh-bgst-t7ce
33
vulnerability VCID-v7pu-vaj7-zkev
34
vulnerability VCID-vh6h-7ru5-cqdt
35
vulnerability VCID-wjsn-e7sj-n3gv
36
vulnerability VCID-wpn4-pqtk-tqb6
37
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2
aliases CVE-2019-19911, GHSA-5gm3-px64-rw72, PYSEC-2020-172
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hasv-eaqf-9kdn
29
url VCID-hav3-e9x5-a3ch
vulnerability_id VCID-hav3-e9x5-a3ch
summary An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28676.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28676.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28676
reference_id
reference_type
scores
0
value 0.00398
scoring_system epss
scoring_elements 0.60887
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28676
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28676
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28676
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-7r7m-5h27-29hp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-7r7m-5h27-29hp
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-92.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-92.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856
8
reference_url https://github.com/python-pillow/Pillow/pull/5377
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5377
9
reference_url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28676
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28676
14
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1958252
reference_id 1958252
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1958252
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
reference_id 989062
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
17
reference_url https://security.gentoo.org/glsa/202107-33
reference_id GLSA-202107-33
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
18
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
19
reference_url https://usn.ubuntu.com/4963-1/
reference_id USN-4963-1
reference_type
scores
url https://usn.ubuntu.com/4963-1/
20
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-38rp-4m7c-4ue2
2
vulnerability VCID-73b3-qaq6-jbhp
3
vulnerability VCID-7sua-cya7-gka4
4
vulnerability VCID-9c72-qu4z-5kf7
5
vulnerability VCID-9x88-j4j1-kfe8
6
vulnerability VCID-cetn-48cj-6ba8
7
vulnerability VCID-dayw-85a5-qba2
8
vulnerability VCID-gprf-a2wh-2kev
9
vulnerability VCID-jfuf-62k6-tyem
10
vulnerability VCID-jypy-efwx-ybc8
11
vulnerability VCID-mj43-253b-m3dm
12
vulnerability VCID-qd5b-unsy-97dz
13
vulnerability VCID-vh6h-7ru5-cqdt
14
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases BIT-pillow-2021-28676, CVE-2021-28676, GHSA-7r7m-5h27-29hp, PYSEC-2021-92
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hav3-e9x5-a3ch
30
url VCID-j538-67dv-jkbw
vulnerability_id VCID-j538-67dv-jkbw
summary In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10994.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10994.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10994
reference_id
reference_type
scores
0
value 0.00424
scoring_system epss
scoring_elements 0.62457
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10994
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10994
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10994
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-vj42-xq3r-hr3r
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-vj42-xq3r-hr3r
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-79.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-79.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security
8
reference_url https://github.com/python-pillow/Pillow/commit/ff60894d697d1992147b791101ad53a8bf1352e4
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/ff60894d697d1992147b791101ad53a8bf1352e4
9
reference_url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
10
reference_url https://github.com/python-pillow/Pillow/commits/master/src/libImaging/
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commits/master/src/libImaging/
11
reference_url https://github.com/python-pillow/Pillow/pull/4505
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/4505
12
reference_url https://github.com/python-pillow/Pillow/pull/4538
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/4538
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
17
reference_url https://pillow.readthedocs.io/en/stable/releasenotes
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes
18
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/
19
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
20
reference_url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574575
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574575
21
reference_url https://usn.ubuntu.com/4430-1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4430-1
22
reference_url https://usn.ubuntu.com/4430-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-1/
23
reference_url https://usn.ubuntu.com/4430-2
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4430-2
24
reference_url https://usn.ubuntu.com/4430-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-2/
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1852820
reference_id 1852820
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1852820
26
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10994
reference_id CVE-2020-10994
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10994
27
reference_url https://access.redhat.com/errata/RHSA-2021:0420
reference_id RHSA-2021:0420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0420
fixed_packages
0
url pkg:pypi/pillow@7.0.0
purl pkg:pypi/pillow@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-2jfs-uqp3-bqhc
2
vulnerability VCID-38rp-4m7c-4ue2
3
vulnerability VCID-5g7c-1486-7udv
4
vulnerability VCID-5q9f-rt3h-u3fx
5
vulnerability VCID-73b3-qaq6-jbhp
6
vulnerability VCID-7sua-cya7-gka4
7
vulnerability VCID-845b-aeaq-3feb
8
vulnerability VCID-8apd-dsj2-9khf
9
vulnerability VCID-8mdk-5vqg-3ff9
10
vulnerability VCID-942z-u5pd-mye6
11
vulnerability VCID-9c72-qu4z-5kf7
12
vulnerability VCID-9x88-j4j1-kfe8
13
vulnerability VCID-ahkz-51ka-fbd6
14
vulnerability VCID-axd2-f48y-bfc8
15
vulnerability VCID-bje4-2uha-5ub7
16
vulnerability VCID-cetn-48cj-6ba8
17
vulnerability VCID-cmau-9zzd-rybf
18
vulnerability VCID-cwt1-ntk3-m7bw
19
vulnerability VCID-dayw-85a5-qba2
20
vulnerability VCID-ebcb-9v6a-kkeu
21
vulnerability VCID-gprf-a2wh-2kev
22
vulnerability VCID-hav3-e9x5-a3ch
23
vulnerability VCID-j538-67dv-jkbw
24
vulnerability VCID-jfuf-62k6-tyem
25
vulnerability VCID-jypy-efwx-ybc8
26
vulnerability VCID-mj43-253b-m3dm
27
vulnerability VCID-mvhz-n5yp-73ch
28
vulnerability VCID-mz11-74c9-nyg4
29
vulnerability VCID-qd5b-unsy-97dz
30
vulnerability VCID-u4mn-ezb3-qkh3
31
vulnerability VCID-uhfy-dfrh-ayeh
32
vulnerability VCID-uwvh-bgst-t7ce
33
vulnerability VCID-v7pu-vaj7-zkev
34
vulnerability VCID-vh6h-7ru5-cqdt
35
vulnerability VCID-wjsn-e7sj-n3gv
36
vulnerability VCID-wpn4-pqtk-tqb6
37
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.0.0
1
url pkg:pypi/pillow@7.1.0
purl pkg:pypi/pillow@7.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-2jfs-uqp3-bqhc
2
vulnerability VCID-38rp-4m7c-4ue2
3
vulnerability VCID-5g7c-1486-7udv
4
vulnerability VCID-5q9f-rt3h-u3fx
5
vulnerability VCID-73b3-qaq6-jbhp
6
vulnerability VCID-7sua-cya7-gka4
7
vulnerability VCID-8apd-dsj2-9khf
8
vulnerability VCID-942z-u5pd-mye6
9
vulnerability VCID-9c72-qu4z-5kf7
10
vulnerability VCID-9x88-j4j1-kfe8
11
vulnerability VCID-ahkz-51ka-fbd6
12
vulnerability VCID-axd2-f48y-bfc8
13
vulnerability VCID-bje4-2uha-5ub7
14
vulnerability VCID-cetn-48cj-6ba8
15
vulnerability VCID-cmau-9zzd-rybf
16
vulnerability VCID-cwt1-ntk3-m7bw
17
vulnerability VCID-dayw-85a5-qba2
18
vulnerability VCID-ebcb-9v6a-kkeu
19
vulnerability VCID-gprf-a2wh-2kev
20
vulnerability VCID-hav3-e9x5-a3ch
21
vulnerability VCID-jfuf-62k6-tyem
22
vulnerability VCID-jypy-efwx-ybc8
23
vulnerability VCID-mj43-253b-m3dm
24
vulnerability VCID-mvhz-n5yp-73ch
25
vulnerability VCID-qd5b-unsy-97dz
26
vulnerability VCID-u4mn-ezb3-qkh3
27
vulnerability VCID-uhfy-dfrh-ayeh
28
vulnerability VCID-uwvh-bgst-t7ce
29
vulnerability VCID-v7pu-vaj7-zkev
30
vulnerability VCID-vh6h-7ru5-cqdt
31
vulnerability VCID-wjsn-e7sj-n3gv
32
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0
aliases BIT-pillow-2020-10994, CVE-2020-10994, GHSA-vj42-xq3r-hr3r, PYSEC-2020-79
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j538-67dv-jkbw
31
url VCID-jfuf-62k6-tyem
vulnerability_id VCID-jfuf-62k6-tyem
summary Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.
references
0
reference_url https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
reference_id
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5129
reference_id
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-5129
fixed_packages
0
url pkg:pypi/pillow@10.0.1
purl pkg:pypi/pillow@10.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-9x88-j4j1-kfe8
2
vulnerability VCID-dayw-85a5-qba2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.1
aliases PYSEC-2023-175
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jfuf-62k6-tyem
32
url VCID-js6q-sank-e3d3
vulnerability_id VCID-js6q-sank-e3d3
summary libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5310.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5310.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5310
reference_id
reference_type
scores
0
value 0.00608
scoring_system epss
scoring_elements 0.7003
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5310
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5310
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5310
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-vcqg-3p29-xw73
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-vcqg-3p29-xw73
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-81.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-81.yaml
6
reference_url https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-81.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-81.yaml
7
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
8
reference_url https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
14
reference_url https://usn.ubuntu.com/4272-1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4272-1
15
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1789538
reference_id 1789538
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1789538
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948224
reference_id 948224
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948224
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5310
reference_id CVE-2020-5310
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-5310
19
reference_url https://access.redhat.com/errata/RHSA-2021:0420
reference_id RHSA-2021:0420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0420
fixed_packages
0
url pkg:pypi/pillow@6.2.2
purl pkg:pypi/pillow@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-2jfs-uqp3-bqhc
2
vulnerability VCID-38rp-4m7c-4ue2
3
vulnerability VCID-5g7c-1486-7udv
4
vulnerability VCID-5q9f-rt3h-u3fx
5
vulnerability VCID-73b3-qaq6-jbhp
6
vulnerability VCID-7sua-cya7-gka4
7
vulnerability VCID-845b-aeaq-3feb
8
vulnerability VCID-8apd-dsj2-9khf
9
vulnerability VCID-8mdk-5vqg-3ff9
10
vulnerability VCID-942z-u5pd-mye6
11
vulnerability VCID-9c72-qu4z-5kf7
12
vulnerability VCID-9x88-j4j1-kfe8
13
vulnerability VCID-ahkz-51ka-fbd6
14
vulnerability VCID-axd2-f48y-bfc8
15
vulnerability VCID-bje4-2uha-5ub7
16
vulnerability VCID-cetn-48cj-6ba8
17
vulnerability VCID-cmau-9zzd-rybf
18
vulnerability VCID-cwt1-ntk3-m7bw
19
vulnerability VCID-dayw-85a5-qba2
20
vulnerability VCID-ebcb-9v6a-kkeu
21
vulnerability VCID-gprf-a2wh-2kev
22
vulnerability VCID-hav3-e9x5-a3ch
23
vulnerability VCID-j538-67dv-jkbw
24
vulnerability VCID-jfuf-62k6-tyem
25
vulnerability VCID-jypy-efwx-ybc8
26
vulnerability VCID-mj43-253b-m3dm
27
vulnerability VCID-mvhz-n5yp-73ch
28
vulnerability VCID-mz11-74c9-nyg4
29
vulnerability VCID-qd5b-unsy-97dz
30
vulnerability VCID-u4mn-ezb3-qkh3
31
vulnerability VCID-uhfy-dfrh-ayeh
32
vulnerability VCID-uwvh-bgst-t7ce
33
vulnerability VCID-v7pu-vaj7-zkev
34
vulnerability VCID-vh6h-7ru5-cqdt
35
vulnerability VCID-wjsn-e7sj-n3gv
36
vulnerability VCID-wpn4-pqtk-tqb6
37
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2
aliases BIT-pillow-2020-5310, CVE-2020-5310, GHSA-vcqg-3p29-xw73, PYSEC-2020-81
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-js6q-sank-e3d3
33
url VCID-jsqz-ry1z-a7ck
vulnerability_id VCID-jsqz-ry1z-a7ck
summary PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html
1
reference_url http://osvdb.org/show/osvdb/110128
reference_id
reference_type
scores
url http://osvdb.org/show/osvdb/110128
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3589.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3589.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3589
reference_id
reference_type
scores
0
value 0.01389
scoring_system epss
scoring_elements 0.80658
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3589
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3589
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3589
5
reference_url http://seclists.org/bugtraq/2014/Sep/25
reference_id
reference_type
scores
url http://seclists.org/bugtraq/2014/Sep/25
6
reference_url http://secunia.com/advisories/59825
reference_id
reference_type
scores
url http://secunia.com/advisories/59825
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-10.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-10.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d
10
reference_url https://github.com/python-pillow/Pillow/commit/5efeed77666bfd17708f3434b1d2daa9db1e1335
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/5efeed77666bfd17708f3434b1d2daa9db1e1335
11
reference_url https://github.com/python-pillow/Pillow/commit/d47611e6fbb808ea109366781dd76559ffb80bcd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/d47611e6fbb808ea109366781dd76559ffb80bcd
12
reference_url https://pypi.python.org/pypi/Pillow/2.3.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.python.org/pypi/Pillow/2.3.2
13
reference_url https://pypi.python.org/pypi/Pillow/2.5.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.python.org/pypi/Pillow/2.5.2
14
reference_url http://www.debian.org/security/2014/dsa-3009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2014/dsa-3009
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1130711
reference_id 1130711
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1130711
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758772
reference_id 758772
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758772
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3589
reference_id CVE-2014-3589
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3589
18
reference_url https://github.com/advisories/GHSA-cfmr-38g9-f2h7
reference_id GHSA-cfmr-38g9-f2h7
reference_type
scores
url https://github.com/advisories/GHSA-cfmr-38g9-f2h7
19
reference_url https://usn.ubuntu.com/3080-1/
reference_id USN-3080-1
reference_type
scores
url https://usn.ubuntu.com/3080-1/
20
reference_url https://usn.ubuntu.com/3090-1/
reference_id USN-3090-1
reference_type
scores
url https://usn.ubuntu.com/3090-1/
fixed_packages
0
url pkg:pypi/pillow@2.3.2
purl pkg:pypi/pillow@2.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-129s-129z-nygm
1
vulnerability VCID-25gs-7e4x-9yga
2
vulnerability VCID-2jfs-uqp3-bqhc
3
vulnerability VCID-38rp-4m7c-4ue2
4
vulnerability VCID-5pa7-anfu-dff2
5
vulnerability VCID-5q9f-rt3h-u3fx
6
vulnerability VCID-73b3-qaq6-jbhp
7
vulnerability VCID-7sua-cya7-gka4
8
vulnerability VCID-83et-rgnm-euc1
9
vulnerability VCID-845b-aeaq-3feb
10
vulnerability VCID-8apd-dsj2-9khf
11
vulnerability VCID-8mdk-5vqg-3ff9
12
vulnerability VCID-942z-u5pd-mye6
13
vulnerability VCID-9c72-qu4z-5kf7
14
vulnerability VCID-9x88-j4j1-kfe8
15
vulnerability VCID-ahkz-51ka-fbd6
16
vulnerability VCID-axd2-f48y-bfc8
17
vulnerability VCID-bje4-2uha-5ub7
18
vulnerability VCID-cetn-48cj-6ba8
19
vulnerability VCID-cmau-9zzd-rybf
20
vulnerability VCID-cwt1-ntk3-m7bw
21
vulnerability VCID-dayw-85a5-qba2
22
vulnerability VCID-ebcb-9v6a-kkeu
23
vulnerability VCID-fns1-8rfu-suar
24
vulnerability VCID-g4xk-8bvx-zyhz
25
vulnerability VCID-gprf-a2wh-2kev
26
vulnerability VCID-gzp4-1t5f-ryht
27
vulnerability VCID-hasv-eaqf-9kdn
28
vulnerability VCID-hav3-e9x5-a3ch
29
vulnerability VCID-j538-67dv-jkbw
30
vulnerability VCID-jfuf-62k6-tyem
31
vulnerability VCID-js6q-sank-e3d3
32
vulnerability VCID-jypy-efwx-ybc8
33
vulnerability VCID-mj43-253b-m3dm
34
vulnerability VCID-mvhz-n5yp-73ch
35
vulnerability VCID-mz11-74c9-nyg4
36
vulnerability VCID-pfk8-a2qg-jbhb
37
vulnerability VCID-qd5b-unsy-97dz
38
vulnerability VCID-r226-tfhq-cuhv
39
vulnerability VCID-rw7n-6hbe-43ef
40
vulnerability VCID-t6m2-dbrf-v3gy
41
vulnerability VCID-u4mn-ezb3-qkh3
42
vulnerability VCID-uhfy-dfrh-ayeh
43
vulnerability VCID-uwvh-bgst-t7ce
44
vulnerability VCID-uxdf-6rrb-sbe3
45
vulnerability VCID-v7pu-vaj7-zkev
46
vulnerability VCID-vh6h-7ru5-cqdt
47
vulnerability VCID-vmfr-8ypx-4uaw
48
vulnerability VCID-vs1g-f7nv-cqar
49
vulnerability VCID-vvca-akc1-uubk
50
vulnerability VCID-vx51-x6y6-h7ch
51
vulnerability VCID-wjsn-e7sj-n3gv
52
vulnerability VCID-wpn4-pqtk-tqb6
53
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.3.2
1
url pkg:pypi/pillow@2.5.2
purl pkg:pypi/pillow@2.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-129s-129z-nygm
1
vulnerability VCID-25gs-7e4x-9yga
2
vulnerability VCID-2jfs-uqp3-bqhc
3
vulnerability VCID-38rp-4m7c-4ue2
4
vulnerability VCID-5pa7-anfu-dff2
5
vulnerability VCID-5q9f-rt3h-u3fx
6
vulnerability VCID-73b3-qaq6-jbhp
7
vulnerability VCID-7sua-cya7-gka4
8
vulnerability VCID-83et-rgnm-euc1
9
vulnerability VCID-845b-aeaq-3feb
10
vulnerability VCID-8apd-dsj2-9khf
11
vulnerability VCID-8mdk-5vqg-3ff9
12
vulnerability VCID-942z-u5pd-mye6
13
vulnerability VCID-9c72-qu4z-5kf7
14
vulnerability VCID-9x88-j4j1-kfe8
15
vulnerability VCID-ahkz-51ka-fbd6
16
vulnerability VCID-axd2-f48y-bfc8
17
vulnerability VCID-bje4-2uha-5ub7
18
vulnerability VCID-cetn-48cj-6ba8
19
vulnerability VCID-cmau-9zzd-rybf
20
vulnerability VCID-cwt1-ntk3-m7bw
21
vulnerability VCID-dayw-85a5-qba2
22
vulnerability VCID-ebcb-9v6a-kkeu
23
vulnerability VCID-fns1-8rfu-suar
24
vulnerability VCID-gprf-a2wh-2kev
25
vulnerability VCID-gzp4-1t5f-ryht
26
vulnerability VCID-hasv-eaqf-9kdn
27
vulnerability VCID-hav3-e9x5-a3ch
28
vulnerability VCID-j1t4-wd8r-dybq
29
vulnerability VCID-j538-67dv-jkbw
30
vulnerability VCID-jfuf-62k6-tyem
31
vulnerability VCID-js6q-sank-e3d3
32
vulnerability VCID-jypy-efwx-ybc8
33
vulnerability VCID-mj43-253b-m3dm
34
vulnerability VCID-mvhz-n5yp-73ch
35
vulnerability VCID-mz11-74c9-nyg4
36
vulnerability VCID-pfk8-a2qg-jbhb
37
vulnerability VCID-qd5b-unsy-97dz
38
vulnerability VCID-r226-tfhq-cuhv
39
vulnerability VCID-rw7n-6hbe-43ef
40
vulnerability VCID-t6m2-dbrf-v3gy
41
vulnerability VCID-u4mn-ezb3-qkh3
42
vulnerability VCID-uhfy-dfrh-ayeh
43
vulnerability VCID-uwvh-bgst-t7ce
44
vulnerability VCID-uxdf-6rrb-sbe3
45
vulnerability VCID-v7pu-vaj7-zkev
46
vulnerability VCID-vh6h-7ru5-cqdt
47
vulnerability VCID-vmfr-8ypx-4uaw
48
vulnerability VCID-vs1g-f7nv-cqar
49
vulnerability VCID-vvca-akc1-uubk
50
vulnerability VCID-vx51-x6y6-h7ch
51
vulnerability VCID-wjsn-e7sj-n3gv
52
vulnerability VCID-wpn4-pqtk-tqb6
53
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.5.2
aliases CVE-2014-3589, GHSA-cfmr-38g9-f2h7, PYSEC-2014-10
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jsqz-ry1z-a7ck
34
url VCID-jypy-efwx-ybc8
vulnerability_id VCID-jypy-efwx-ybc8
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-175.yaml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-175.yaml
1
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
2
reference_url https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5129
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5129
5
reference_url https://github.com/advisories/GHSA-56pw-mpj4-fxww
reference_id GHSA-56pw-mpj4-fxww
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-56pw-mpj4-fxww
fixed_packages
0
url pkg:pypi/pillow@10.0.1
purl pkg:pypi/pillow@10.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-9x88-j4j1-kfe8
2
vulnerability VCID-dayw-85a5-qba2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.1
aliases GHSA-56pw-mpj4-fxww, GMS-2023-3137
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jypy-efwx-ybc8
35
url VCID-k2qv-ruzz-t7bg
vulnerability_id VCID-k2qv-ruzz-t7bg
summary The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1933.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1933.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-1933
reference_id
reference_type
scores
0
value 0.00111
scoring_system epss
scoring_elements 0.29197
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-1933
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1933
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1933
4
reference_url https://github.com/advisories/GHSA-r854-96gq-rfg3
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r854-96gq-rfg3
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-23.yaml
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-23.yaml
6
reference_url https://github.com/python-imaging/Pillow
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-imaging/Pillow
7
reference_url https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7
8
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-52
9
reference_url http://www.openwall.com/lists/oss-security/2014/02/10/15
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/02/10/15
10
reference_url http://www.openwall.com/lists/oss-security/2014/02/11/1
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/02/11/1
11
reference_url http://www.securityfocus.com/bid/65513
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/65513
12
reference_url http://www.ubuntu.com/usn/USN-2168-1
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2168-1
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1063660
reference_id 1063660
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1063660
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-1933
reference_id CVE-2014-1933
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-1933
15
reference_url https://usn.ubuntu.com/2168-1/
reference_id USN-2168-1
reference_type
scores
url https://usn.ubuntu.com/2168-1/
fixed_packages
0
url pkg:pypi/pillow@2.3.1
purl pkg:pypi/pillow@2.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-129s-129z-nygm
1
vulnerability VCID-25gs-7e4x-9yga
2
vulnerability VCID-2jfs-uqp3-bqhc
3
vulnerability VCID-38rp-4m7c-4ue2
4
vulnerability VCID-5pa7-anfu-dff2
5
vulnerability VCID-5q9f-rt3h-u3fx
6
vulnerability VCID-73b3-qaq6-jbhp
7
vulnerability VCID-7sua-cya7-gka4
8
vulnerability VCID-83et-rgnm-euc1
9
vulnerability VCID-845b-aeaq-3feb
10
vulnerability VCID-8apd-dsj2-9khf
11
vulnerability VCID-8mdk-5vqg-3ff9
12
vulnerability VCID-942z-u5pd-mye6
13
vulnerability VCID-9c72-qu4z-5kf7
14
vulnerability VCID-9x88-j4j1-kfe8
15
vulnerability VCID-ahkz-51ka-fbd6
16
vulnerability VCID-axd2-f48y-bfc8
17
vulnerability VCID-bje4-2uha-5ub7
18
vulnerability VCID-cetn-48cj-6ba8
19
vulnerability VCID-cmau-9zzd-rybf
20
vulnerability VCID-cwt1-ntk3-m7bw
21
vulnerability VCID-dayw-85a5-qba2
22
vulnerability VCID-ebcb-9v6a-kkeu
23
vulnerability VCID-fns1-8rfu-suar
24
vulnerability VCID-g4xk-8bvx-zyhz
25
vulnerability VCID-gprf-a2wh-2kev
26
vulnerability VCID-gzp4-1t5f-ryht
27
vulnerability VCID-hasv-eaqf-9kdn
28
vulnerability VCID-hav3-e9x5-a3ch
29
vulnerability VCID-j538-67dv-jkbw
30
vulnerability VCID-jfuf-62k6-tyem
31
vulnerability VCID-js6q-sank-e3d3
32
vulnerability VCID-jsqz-ry1z-a7ck
33
vulnerability VCID-jypy-efwx-ybc8
34
vulnerability VCID-mj43-253b-m3dm
35
vulnerability VCID-mvhz-n5yp-73ch
36
vulnerability VCID-mz11-74c9-nyg4
37
vulnerability VCID-pfk8-a2qg-jbhb
38
vulnerability VCID-qd5b-unsy-97dz
39
vulnerability VCID-r226-tfhq-cuhv
40
vulnerability VCID-rw7n-6hbe-43ef
41
vulnerability VCID-t6m2-dbrf-v3gy
42
vulnerability VCID-u4mn-ezb3-qkh3
43
vulnerability VCID-uhfy-dfrh-ayeh
44
vulnerability VCID-uwvh-bgst-t7ce
45
vulnerability VCID-uxdf-6rrb-sbe3
46
vulnerability VCID-v7pu-vaj7-zkev
47
vulnerability VCID-vh6h-7ru5-cqdt
48
vulnerability VCID-vmfr-8ypx-4uaw
49
vulnerability VCID-vs1g-f7nv-cqar
50
vulnerability VCID-vvca-akc1-uubk
51
vulnerability VCID-vx51-x6y6-h7ch
52
vulnerability VCID-wjsn-e7sj-n3gv
53
vulnerability VCID-wpn4-pqtk-tqb6
54
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.3.1
aliases CVE-2014-1933, GHSA-r854-96gq-rfg3, PYSEC-2014-23
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k2qv-ruzz-t7bg
36
url VCID-mj43-253b-m3dm
vulnerability_id VCID-mj43-253b-m3dm
summary denial of service
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23437.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23437.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-23437
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45441
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-23437
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-98vv-pw6r-q6q4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-98vv-pw6r-q6q4
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-317.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-317.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b
8
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html
14
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202211-10
15
reference_url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2001907
reference_id 2001907
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2001907
17
reference_url https://security.archlinux.org/AVG-2366
reference_id AVG-2366
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2366
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23437
reference_id CVE-2021-23437
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-23437
19
reference_url https://usn.ubuntu.com/5227-1/
reference_id USN-5227-1
reference_type
scores
url https://usn.ubuntu.com/5227-1/
20
reference_url https://usn.ubuntu.com/5227-2/
reference_id USN-5227-2
reference_type
scores
url https://usn.ubuntu.com/5227-2/
fixed_packages
0
url pkg:pypi/pillow@8.3.2
purl pkg:pypi/pillow@8.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-38rp-4m7c-4ue2
2
vulnerability VCID-73b3-qaq6-jbhp
3
vulnerability VCID-7sua-cya7-gka4
4
vulnerability VCID-9x88-j4j1-kfe8
5
vulnerability VCID-cetn-48cj-6ba8
6
vulnerability VCID-dayw-85a5-qba2
7
vulnerability VCID-gprf-a2wh-2kev
8
vulnerability VCID-jfuf-62k6-tyem
9
vulnerability VCID-jypy-efwx-ybc8
10
vulnerability VCID-qd5b-unsy-97dz
11
vulnerability VCID-vh6h-7ru5-cqdt
12
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.3.2
aliases BIT-pillow-2021-23437, CVE-2021-23437, GHSA-98vv-pw6r-q6q4, PYSEC-2021-317, SNYK-PYTHON-PILLOW-1319443
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mj43-253b-m3dm
37
url VCID-mvhz-n5yp-73ch
vulnerability_id VCID-mvhz-n5yp-73ch
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25293.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25293.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25293
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.37772
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25293
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25293
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25293
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-p43w-g3c5-g5mq
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-p43w-g3c5-g5mq
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-39.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-39.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/4853e522bddbec66022c0915b9a56255d0188bf9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/4853e522bddbec66022c0915b9a56255d0188bf9
8
reference_url https://github.com/python-pillow/Pillow/commit/f891baa604636cd2506a9360d170bc2cf4963cc5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/f891baa604636cd2506a9360d170bc2cf4963cc5
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25293
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25293
10
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1934705
reference_id 1934705
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1934705
12
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
13
reference_url https://security.gentoo.org/glsa/202107-33
reference_id GLSA-202107-33
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
14
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
15
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
16
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-2jfs-uqp3-bqhc
2
vulnerability VCID-38rp-4m7c-4ue2
3
vulnerability VCID-5q9f-rt3h-u3fx
4
vulnerability VCID-73b3-qaq6-jbhp
5
vulnerability VCID-7sua-cya7-gka4
6
vulnerability VCID-9c72-qu4z-5kf7
7
vulnerability VCID-9x88-j4j1-kfe8
8
vulnerability VCID-ahkz-51ka-fbd6
9
vulnerability VCID-bje4-2uha-5ub7
10
vulnerability VCID-cetn-48cj-6ba8
11
vulnerability VCID-cmau-9zzd-rybf
12
vulnerability VCID-dayw-85a5-qba2
13
vulnerability VCID-gprf-a2wh-2kev
14
vulnerability VCID-hav3-e9x5-a3ch
15
vulnerability VCID-jfuf-62k6-tyem
16
vulnerability VCID-jypy-efwx-ybc8
17
vulnerability VCID-mj43-253b-m3dm
18
vulnerability VCID-qd5b-unsy-97dz
19
vulnerability VCID-uhfy-dfrh-ayeh
20
vulnerability VCID-uwvh-bgst-t7ce
21
vulnerability VCID-v7pu-vaj7-zkev
22
vulnerability VCID-vh6h-7ru5-cqdt
23
vulnerability VCID-wjsn-e7sj-n3gv
24
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases BIT-pillow-2021-25293, CVE-2021-25293, GHSA-p43w-g3c5-g5mq, PYSEC-2021-39
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mvhz-n5yp-73ch
38
url VCID-mz11-74c9-nyg4
vulnerability_id VCID-mz11-74c9-nyg4
summary In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10379.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10379.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10379
reference_id
reference_type
scores
0
value 0.0036
scoring_system epss
scoring_elements 0.58467
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10379
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10379
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10379
3
reference_url https://github.com/advisories/GHSA-8843-m7mw-mxqm
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-8843-m7mw-mxqm
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-78.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-78.yaml
5
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
6
reference_url https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac
7
reference_url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
8
reference_url https://github.com/python-pillow/Pillow/issues/4750
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/issues/4750
9
reference_url https://github.com/python-pillow/Pillow/pull/4538
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/4538
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
14
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html
15
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
16
reference_url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574577
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574577
17
reference_url https://usn.ubuntu.com/4430-2
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4430-2
18
reference_url https://usn.ubuntu.com/4430-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-2/
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1852836
reference_id 1852836
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1852836
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10379
reference_id CVE-2020-10379
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10379
21
reference_url https://access.redhat.com/errata/RHSA-2021:0420
reference_id RHSA-2021:0420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0420
fixed_packages
0
url pkg:pypi/pillow@7.1.0
purl pkg:pypi/pillow@7.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-2jfs-uqp3-bqhc
2
vulnerability VCID-38rp-4m7c-4ue2
3
vulnerability VCID-5g7c-1486-7udv
4
vulnerability VCID-5q9f-rt3h-u3fx
5
vulnerability VCID-73b3-qaq6-jbhp
6
vulnerability VCID-7sua-cya7-gka4
7
vulnerability VCID-8apd-dsj2-9khf
8
vulnerability VCID-942z-u5pd-mye6
9
vulnerability VCID-9c72-qu4z-5kf7
10
vulnerability VCID-9x88-j4j1-kfe8
11
vulnerability VCID-ahkz-51ka-fbd6
12
vulnerability VCID-axd2-f48y-bfc8
13
vulnerability VCID-bje4-2uha-5ub7
14
vulnerability VCID-cetn-48cj-6ba8
15
vulnerability VCID-cmau-9zzd-rybf
16
vulnerability VCID-cwt1-ntk3-m7bw
17
vulnerability VCID-dayw-85a5-qba2
18
vulnerability VCID-ebcb-9v6a-kkeu
19
vulnerability VCID-gprf-a2wh-2kev
20
vulnerability VCID-hav3-e9x5-a3ch
21
vulnerability VCID-jfuf-62k6-tyem
22
vulnerability VCID-jypy-efwx-ybc8
23
vulnerability VCID-mj43-253b-m3dm
24
vulnerability VCID-mvhz-n5yp-73ch
25
vulnerability VCID-qd5b-unsy-97dz
26
vulnerability VCID-u4mn-ezb3-qkh3
27
vulnerability VCID-uhfy-dfrh-ayeh
28
vulnerability VCID-uwvh-bgst-t7ce
29
vulnerability VCID-v7pu-vaj7-zkev
30
vulnerability VCID-vh6h-7ru5-cqdt
31
vulnerability VCID-wjsn-e7sj-n3gv
32
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0
aliases BIT-pillow-2020-10379, CVE-2020-10379, GHSA-8843-m7mw-mxqm, PYSEC-2020-78
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mz11-74c9-nyg4
39
url VCID-pfk8-a2qg-jbhb
vulnerability_id VCID-pfk8-a2qg-jbhb
summary Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4009.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4009.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4009
reference_id
reference_type
scores
0
value 0.05263
scoring_system epss
scoring_elements 0.90137
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4009
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4009
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4009
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-hvr8-466p-75rh
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hvr8-466p-75rh
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-7.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-7.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
8
reference_url https://github.com/python-pillow/Pillow/commit/4e0d9b0b9740d258ade40cce248c93777362ac1e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/4e0d9b0b9740d258ade40cce248c93777362ac1e
9
reference_url https://github.com/python-pillow/Pillow/pull/1714
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/1714
10
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-52
11
reference_url http://www.securityfocus.com/bid/86064
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/86064
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1327134
reference_id 1327134
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1327134
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4009
reference_id CVE-2016-4009
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4009
fixed_packages
0
url pkg:pypi/pillow@3.1.1
purl pkg:pypi/pillow@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-129s-129z-nygm
1
vulnerability VCID-25gs-7e4x-9yga
2
vulnerability VCID-2jfs-uqp3-bqhc
3
vulnerability VCID-38rp-4m7c-4ue2
4
vulnerability VCID-5q9f-rt3h-u3fx
5
vulnerability VCID-73b3-qaq6-jbhp
6
vulnerability VCID-7sua-cya7-gka4
7
vulnerability VCID-83et-rgnm-euc1
8
vulnerability VCID-845b-aeaq-3feb
9
vulnerability VCID-8apd-dsj2-9khf
10
vulnerability VCID-8mdk-5vqg-3ff9
11
vulnerability VCID-942z-u5pd-mye6
12
vulnerability VCID-9c72-qu4z-5kf7
13
vulnerability VCID-9x88-j4j1-kfe8
14
vulnerability VCID-ahkz-51ka-fbd6
15
vulnerability VCID-axd2-f48y-bfc8
16
vulnerability VCID-bje4-2uha-5ub7
17
vulnerability VCID-cetn-48cj-6ba8
18
vulnerability VCID-cmau-9zzd-rybf
19
vulnerability VCID-cwt1-ntk3-m7bw
20
vulnerability VCID-dayw-85a5-qba2
21
vulnerability VCID-ebcb-9v6a-kkeu
22
vulnerability VCID-gprf-a2wh-2kev
23
vulnerability VCID-gzp4-1t5f-ryht
24
vulnerability VCID-hasv-eaqf-9kdn
25
vulnerability VCID-hav3-e9x5-a3ch
26
vulnerability VCID-j1t4-wd8r-dybq
27
vulnerability VCID-j538-67dv-jkbw
28
vulnerability VCID-jfuf-62k6-tyem
29
vulnerability VCID-js6q-sank-e3d3
30
vulnerability VCID-jypy-efwx-ybc8
31
vulnerability VCID-mj43-253b-m3dm
32
vulnerability VCID-mvhz-n5yp-73ch
33
vulnerability VCID-mz11-74c9-nyg4
34
vulnerability VCID-qd5b-unsy-97dz
35
vulnerability VCID-r226-tfhq-cuhv
36
vulnerability VCID-u4mn-ezb3-qkh3
37
vulnerability VCID-uhfy-dfrh-ayeh
38
vulnerability VCID-uwvh-bgst-t7ce
39
vulnerability VCID-v7pu-vaj7-zkev
40
vulnerability VCID-vh6h-7ru5-cqdt
41
vulnerability VCID-vmfr-8ypx-4uaw
42
vulnerability VCID-vs1g-f7nv-cqar
43
vulnerability VCID-vvca-akc1-uubk
44
vulnerability VCID-vx51-x6y6-h7ch
45
vulnerability VCID-wjsn-e7sj-n3gv
46
vulnerability VCID-wpn4-pqtk-tqb6
47
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.1.1
aliases CVE-2016-4009, GHSA-hvr8-466p-75rh, PYSEC-2016-7
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pfk8-a2qg-jbhb
40
url VCID-qd5b-unsy-97dz
vulnerability_id VCID-qd5b-unsy-97dz
summary 
Infinite loop in Pillow
JpegImagePlugin may append an EOF marker to the end of a truncated file, so that the last segment of the data will still be processed by the decoder.

If the EOF marker is not detected as such however, this could lead to an infinite loop where JpegImagePlugin keeps trying to end the file.
references
0
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
1
reference_url https://github.com/python-pillow/Pillow/commit/baae9ec4b67c68e3adaf1208cf54e8de5e38a6fd
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/baae9ec4b67c68e3adaf1208cf54e8de5e38a6fd
2
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#ensure-jpegimageplugin-stops-at-the-end-of-a-truncated-file
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#ensure-jpegimageplugin-stops-at-the-end-of-a-truncated-file
3
reference_url https://github.com/advisories/GHSA-4fx9-vc88-q2xc
reference_id GHSA-4fx9-vc88-q2xc
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4fx9-vc88-q2xc
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-38rp-4m7c-4ue2
2
vulnerability VCID-73b3-qaq6-jbhp
3
vulnerability VCID-9x88-j4j1-kfe8
4
vulnerability VCID-cetn-48cj-6ba8
5
vulnerability VCID-dayw-85a5-qba2
6
vulnerability VCID-gprf-a2wh-2kev
7
vulnerability VCID-jfuf-62k6-tyem
8
vulnerability VCID-jypy-efwx-ybc8
9
vulnerability VCID-vh6h-7ru5-cqdt
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
aliases GHSA-4fx9-vc88-q2xc, GMS-2022-347
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qd5b-unsy-97dz
41
url VCID-r226-tfhq-cuhv
vulnerability_id VCID-r226-tfhq-cuhv
summary There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.
references
0
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
1
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
2
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
3
reference_url https://www.debian.org/security/2020/dsa-4631
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4631
fixed_packages
0
url pkg:pypi/pillow@6.2.2
purl pkg:pypi/pillow@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-2jfs-uqp3-bqhc
2
vulnerability VCID-38rp-4m7c-4ue2
3
vulnerability VCID-5g7c-1486-7udv
4
vulnerability VCID-5q9f-rt3h-u3fx
5
vulnerability VCID-73b3-qaq6-jbhp
6
vulnerability VCID-7sua-cya7-gka4
7
vulnerability VCID-845b-aeaq-3feb
8
vulnerability VCID-8apd-dsj2-9khf
9
vulnerability VCID-8mdk-5vqg-3ff9
10
vulnerability VCID-942z-u5pd-mye6
11
vulnerability VCID-9c72-qu4z-5kf7
12
vulnerability VCID-9x88-j4j1-kfe8
13
vulnerability VCID-ahkz-51ka-fbd6
14
vulnerability VCID-axd2-f48y-bfc8
15
vulnerability VCID-bje4-2uha-5ub7
16
vulnerability VCID-cetn-48cj-6ba8
17
vulnerability VCID-cmau-9zzd-rybf
18
vulnerability VCID-cwt1-ntk3-m7bw
19
vulnerability VCID-dayw-85a5-qba2
20
vulnerability VCID-ebcb-9v6a-kkeu
21
vulnerability VCID-gprf-a2wh-2kev
22
vulnerability VCID-hav3-e9x5-a3ch
23
vulnerability VCID-j538-67dv-jkbw
24
vulnerability VCID-jfuf-62k6-tyem
25
vulnerability VCID-jypy-efwx-ybc8
26
vulnerability VCID-mj43-253b-m3dm
27
vulnerability VCID-mvhz-n5yp-73ch
28
vulnerability VCID-mz11-74c9-nyg4
29
vulnerability VCID-qd5b-unsy-97dz
30
vulnerability VCID-u4mn-ezb3-qkh3
31
vulnerability VCID-uhfy-dfrh-ayeh
32
vulnerability VCID-uwvh-bgst-t7ce
33
vulnerability VCID-v7pu-vaj7-zkev
34
vulnerability VCID-vh6h-7ru5-cqdt
35
vulnerability VCID-wjsn-e7sj-n3gv
36
vulnerability VCID-wpn4-pqtk-tqb6
37
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2
aliases PYSEC-2020-191
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r226-tfhq-cuhv
42
url VCID-rw7n-6hbe-43ef
vulnerability_id VCID-rw7n-6hbe-43ef
summary Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2533.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2533.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-2533
reference_id
reference_type
scores
0
value 0.02207
scoring_system epss
scoring_elements 0.84725
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-2533
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0740
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0740
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0775
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0775
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2533
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2533
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-3c5c-7235-994j
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-3c5c-7235-994j
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-19.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-19.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
10
reference_url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst?plain=1#L53
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst?plain=1#L53
11
reference_url https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9
12
reference_url https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9#diff-8ff6909c159597e22288ad818938fd6b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9#diff-8ff6909c159597e22288ad818938fd6b
13
reference_url https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b
14
reference_url https://github.com/python-pillow/Pillow/pull/1706
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/1706
15
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-52
16
reference_url http://www.debian.org/security/2016/dsa-3499
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3499
17
reference_url http://www.openwall.com/lists/oss-security/2016/02/02/5
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/02/02/5
18
reference_url http://www.openwall.com/lists/oss-security/2016/02/22/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/02/22/2
19
reference_url http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1304504
reference_id 1304504
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1304504
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-2533
reference_id CVE-2016-2533
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-2533
22
reference_url http://www.cvedetails.com/cve/CVE-2016-2533/
reference_id CVE-2016-2533
reference_type
scores
url http://www.cvedetails.com/cve/CVE-2016-2533/
23
reference_url https://usn.ubuntu.com/3080-1/
reference_id USN-3080-1
reference_type
scores
url https://usn.ubuntu.com/3080-1/
24
reference_url https://usn.ubuntu.com/3090-1/
reference_id USN-3090-1
reference_type
scores
url https://usn.ubuntu.com/3090-1/
fixed_packages
0
url pkg:pypi/pillow@3.1.1
purl pkg:pypi/pillow@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-129s-129z-nygm
1
vulnerability VCID-25gs-7e4x-9yga
2
vulnerability VCID-2jfs-uqp3-bqhc
3
vulnerability VCID-38rp-4m7c-4ue2
4
vulnerability VCID-5q9f-rt3h-u3fx
5
vulnerability VCID-73b3-qaq6-jbhp
6
vulnerability VCID-7sua-cya7-gka4
7
vulnerability VCID-83et-rgnm-euc1
8
vulnerability VCID-845b-aeaq-3feb
9
vulnerability VCID-8apd-dsj2-9khf
10
vulnerability VCID-8mdk-5vqg-3ff9
11
vulnerability VCID-942z-u5pd-mye6
12
vulnerability VCID-9c72-qu4z-5kf7
13
vulnerability VCID-9x88-j4j1-kfe8
14
vulnerability VCID-ahkz-51ka-fbd6
15
vulnerability VCID-axd2-f48y-bfc8
16
vulnerability VCID-bje4-2uha-5ub7
17
vulnerability VCID-cetn-48cj-6ba8
18
vulnerability VCID-cmau-9zzd-rybf
19
vulnerability VCID-cwt1-ntk3-m7bw
20
vulnerability VCID-dayw-85a5-qba2
21
vulnerability VCID-ebcb-9v6a-kkeu
22
vulnerability VCID-gprf-a2wh-2kev
23
vulnerability VCID-gzp4-1t5f-ryht
24
vulnerability VCID-hasv-eaqf-9kdn
25
vulnerability VCID-hav3-e9x5-a3ch
26
vulnerability VCID-j1t4-wd8r-dybq
27
vulnerability VCID-j538-67dv-jkbw
28
vulnerability VCID-jfuf-62k6-tyem
29
vulnerability VCID-js6q-sank-e3d3
30
vulnerability VCID-jypy-efwx-ybc8
31
vulnerability VCID-mj43-253b-m3dm
32
vulnerability VCID-mvhz-n5yp-73ch
33
vulnerability VCID-mz11-74c9-nyg4
34
vulnerability VCID-qd5b-unsy-97dz
35
vulnerability VCID-r226-tfhq-cuhv
36
vulnerability VCID-u4mn-ezb3-qkh3
37
vulnerability VCID-uhfy-dfrh-ayeh
38
vulnerability VCID-uwvh-bgst-t7ce
39
vulnerability VCID-v7pu-vaj7-zkev
40
vulnerability VCID-vh6h-7ru5-cqdt
41
vulnerability VCID-vmfr-8ypx-4uaw
42
vulnerability VCID-vs1g-f7nv-cqar
43
vulnerability VCID-vvca-akc1-uubk
44
vulnerability VCID-vx51-x6y6-h7ch
45
vulnerability VCID-wjsn-e7sj-n3gv
46
vulnerability VCID-wpn4-pqtk-tqb6
47
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.1.1
aliases CVE-2016-2533, GHSA-3c5c-7235-994j, PYSEC-2016-19
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rw7n-6hbe-43ef
43
url VCID-t6m2-dbrf-v3gy
vulnerability_id VCID-t6m2-dbrf-v3gy
summary Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148442.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148442.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html
2
reference_url http://pillow.readthedocs.org/releasenotes/2.7.0.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://pillow.readthedocs.org/releasenotes/2.7.0.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9601.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9601.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-9601
reference_id
reference_type
scores
0
value 0.01034
scoring_system epss
scoring_elements 0.77666
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-9601
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9601
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9601
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2015-16.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2015-16.yaml
7
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
8
reference_url https://github.com/python-pillow/Pillow/pull/1060
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/1060
9
reference_url https://web.archive.org/web/20200227221255/http://www.securityfocus.com/bid/77758
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227221255/http://www.securityfocus.com/bid/77758
10
reference_url https://www.djangoproject.com/weblog/2015/jan/02/pillow-security-release
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2015/jan/02/pillow-security-release
11
reference_url https://www.djangoproject.com/weblog/2015/jan/02/pillow-security-release/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/jan/02/pillow-security-release/
12
reference_url http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
13
reference_url http://www.securityfocus.com/bid/77758
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/77758
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1179354
reference_id 1179354
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1179354
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776303
reference_id 776303
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776303
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-9601
reference_id CVE-2014-9601
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-9601
17
reference_url https://github.com/advisories/GHSA-h5rf-vgqx-wjv2
reference_id GHSA-h5rf-vgqx-wjv2
reference_type
scores
url https://github.com/advisories/GHSA-h5rf-vgqx-wjv2
18
reference_url https://usn.ubuntu.com/3090-1/
reference_id USN-3090-1
reference_type
scores
url https://usn.ubuntu.com/3090-1/
19
reference_url https://usn.ubuntu.com/3090-2/
reference_id USN-3090-2
reference_type
scores
url https://usn.ubuntu.com/3090-2/
20
reference_url https://usn.ubuntu.com/3229-1/
reference_id USN-3229-1
reference_type
scores
url https://usn.ubuntu.com/3229-1/
21
reference_url https://usn.ubuntu.com/3230-1/
reference_id USN-3230-1
reference_type
scores
url https://usn.ubuntu.com/3230-1/
fixed_packages
0
url pkg:pypi/pillow@2.7.0
purl pkg:pypi/pillow@2.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-129s-129z-nygm
1
vulnerability VCID-25gs-7e4x-9yga
2
vulnerability VCID-2jfs-uqp3-bqhc
3
vulnerability VCID-38rp-4m7c-4ue2
4
vulnerability VCID-5pa7-anfu-dff2
5
vulnerability VCID-5q9f-rt3h-u3fx
6
vulnerability VCID-73b3-qaq6-jbhp
7
vulnerability VCID-7sua-cya7-gka4
8
vulnerability VCID-83et-rgnm-euc1
9
vulnerability VCID-845b-aeaq-3feb
10
vulnerability VCID-8apd-dsj2-9khf
11
vulnerability VCID-8mdk-5vqg-3ff9
12
vulnerability VCID-942z-u5pd-mye6
13
vulnerability VCID-9c72-qu4z-5kf7
14
vulnerability VCID-9x88-j4j1-kfe8
15
vulnerability VCID-ahkz-51ka-fbd6
16
vulnerability VCID-axd2-f48y-bfc8
17
vulnerability VCID-bje4-2uha-5ub7
18
vulnerability VCID-cetn-48cj-6ba8
19
vulnerability VCID-cmau-9zzd-rybf
20
vulnerability VCID-cwt1-ntk3-m7bw
21
vulnerability VCID-dayw-85a5-qba2
22
vulnerability VCID-ebcb-9v6a-kkeu
23
vulnerability VCID-gprf-a2wh-2kev
24
vulnerability VCID-gzp4-1t5f-ryht
25
vulnerability VCID-hasv-eaqf-9kdn
26
vulnerability VCID-hav3-e9x5-a3ch
27
vulnerability VCID-j1t4-wd8r-dybq
28
vulnerability VCID-j538-67dv-jkbw
29
vulnerability VCID-jfuf-62k6-tyem
30
vulnerability VCID-js6q-sank-e3d3
31
vulnerability VCID-jypy-efwx-ybc8
32
vulnerability VCID-mj43-253b-m3dm
33
vulnerability VCID-mvhz-n5yp-73ch
34
vulnerability VCID-mz11-74c9-nyg4
35
vulnerability VCID-pfk8-a2qg-jbhb
36
vulnerability VCID-qd5b-unsy-97dz
37
vulnerability VCID-r226-tfhq-cuhv
38
vulnerability VCID-rw7n-6hbe-43ef
39
vulnerability VCID-u4mn-ezb3-qkh3
40
vulnerability VCID-uhfy-dfrh-ayeh
41
vulnerability VCID-uwvh-bgst-t7ce
42
vulnerability VCID-uxdf-6rrb-sbe3
43
vulnerability VCID-v7pu-vaj7-zkev
44
vulnerability VCID-vh6h-7ru5-cqdt
45
vulnerability VCID-vmfr-8ypx-4uaw
46
vulnerability VCID-vs1g-f7nv-cqar
47
vulnerability VCID-vvca-akc1-uubk
48
vulnerability VCID-vx51-x6y6-h7ch
49
vulnerability VCID-wjsn-e7sj-n3gv
50
vulnerability VCID-wpn4-pqtk-tqb6
51
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.7.0
aliases CVE-2014-9601, GHSA-h5rf-vgqx-wjv2, PYSEC-2015-16
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t6m2-dbrf-v3gy
44
url VCID-u4mn-ezb3-qkh3
vulnerability_id VCID-u4mn-ezb3-qkh3
summary 
Uncontrolled Resource Consumption in pillow
### Impact
_Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large._

### Patches
_An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image._

### Workarounds
_An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image._

### References
https://nvd.nist.gov/vuln/detail/CVE-2021-27921

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [example link to repo](http://example.com)
* Email us at [example email address](mailto:example@example.com)
references
0
reference_url https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3
1
reference_url https://github.com/advisories/GHSA-jgpv-4h4c-xhw3
reference_id GHSA-jgpv-4h4c-xhw3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jgpv-4h4c-xhw3
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-2jfs-uqp3-bqhc
2
vulnerability VCID-38rp-4m7c-4ue2
3
vulnerability VCID-5q9f-rt3h-u3fx
4
vulnerability VCID-73b3-qaq6-jbhp
5
vulnerability VCID-7sua-cya7-gka4
6
vulnerability VCID-9c72-qu4z-5kf7
7
vulnerability VCID-9x88-j4j1-kfe8
8
vulnerability VCID-ahkz-51ka-fbd6
9
vulnerability VCID-bje4-2uha-5ub7
10
vulnerability VCID-cetn-48cj-6ba8
11
vulnerability VCID-cmau-9zzd-rybf
12
vulnerability VCID-dayw-85a5-qba2
13
vulnerability VCID-gprf-a2wh-2kev
14
vulnerability VCID-hav3-e9x5-a3ch
15
vulnerability VCID-jfuf-62k6-tyem
16
vulnerability VCID-jypy-efwx-ybc8
17
vulnerability VCID-mj43-253b-m3dm
18
vulnerability VCID-qd5b-unsy-97dz
19
vulnerability VCID-uhfy-dfrh-ayeh
20
vulnerability VCID-uwvh-bgst-t7ce
21
vulnerability VCID-v7pu-vaj7-zkev
22
vulnerability VCID-vh6h-7ru5-cqdt
23
vulnerability VCID-wjsn-e7sj-n3gv
24
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
1
url pkg:pypi/pillow@8.1.2
purl pkg:pypi/pillow@8.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-38rp-4m7c-4ue2
2
vulnerability VCID-73b3-qaq6-jbhp
3
vulnerability VCID-7sua-cya7-gka4
4
vulnerability VCID-9c72-qu4z-5kf7
5
vulnerability VCID-9x88-j4j1-kfe8
6
vulnerability VCID-ahkz-51ka-fbd6
7
vulnerability VCID-cetn-48cj-6ba8
8
vulnerability VCID-cmau-9zzd-rybf
9
vulnerability VCID-dayw-85a5-qba2
10
vulnerability VCID-gprf-a2wh-2kev
11
vulnerability VCID-hav3-e9x5-a3ch
12
vulnerability VCID-jfuf-62k6-tyem
13
vulnerability VCID-jypy-efwx-ybc8
14
vulnerability VCID-mj43-253b-m3dm
15
vulnerability VCID-qd5b-unsy-97dz
16
vulnerability VCID-uhfy-dfrh-ayeh
17
vulnerability VCID-uwvh-bgst-t7ce
18
vulnerability VCID-v7pu-vaj7-zkev
19
vulnerability VCID-vh6h-7ru5-cqdt
20
vulnerability VCID-wjsn-e7sj-n3gv
21
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2
aliases GHSA-jgpv-4h4c-xhw3, GMS-2021-167
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u4mn-ezb3-qkh3
45
url VCID-uhfy-dfrh-ayeh
vulnerability_id VCID-uhfy-dfrh-ayeh
summary An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28675.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28675.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28675
reference_id
reference_type
scores
0
value 0.00144
scoring_system epss
scoring_elements 0.34434
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28675
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28675
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28675
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-g6rj-rv7j-xwp4
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-g6rj-rv7j-xwp4
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-139.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-139.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/pull/5377/commits/22e9bee4ef225c0edbb9323f94c26cee0c623497
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5377/commits/22e9bee4ef225c0edbb9323f94c26cee0c623497
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28675
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28675
11
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1958240
reference_id 1958240
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1958240
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
reference_id 989062
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
14
reference_url https://security.gentoo.org/glsa/202107-33
reference_id GLSA-202107-33
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
15
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
16
reference_url https://usn.ubuntu.com/4963-1/
reference_id USN-4963-1
reference_type
scores
url https://usn.ubuntu.com/4963-1/
17
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-38rp-4m7c-4ue2
2
vulnerability VCID-73b3-qaq6-jbhp
3
vulnerability VCID-7sua-cya7-gka4
4
vulnerability VCID-9c72-qu4z-5kf7
5
vulnerability VCID-9x88-j4j1-kfe8
6
vulnerability VCID-cetn-48cj-6ba8
7
vulnerability VCID-dayw-85a5-qba2
8
vulnerability VCID-gprf-a2wh-2kev
9
vulnerability VCID-jfuf-62k6-tyem
10
vulnerability VCID-jypy-efwx-ybc8
11
vulnerability VCID-mj43-253b-m3dm
12
vulnerability VCID-qd5b-unsy-97dz
13
vulnerability VCID-vh6h-7ru5-cqdt
14
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases BIT-pillow-2021-28675, CVE-2021-28675, GHSA-g6rj-rv7j-xwp4, PYSEC-2021-139
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uhfy-dfrh-ayeh
46
url VCID-uwvh-bgst-t7ce
vulnerability_id VCID-uwvh-bgst-t7ce
summary An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25287.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25287.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25287
reference_id
reference_type
scores
0
value 0.00343
scoring_system epss
scoring_elements 0.57185
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25287
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-77gc-v2xv-rvvh
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-77gc-v2xv-rvvh
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-137.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-137.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
8
reference_url https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
9
reference_url https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25287
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25287
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1958226
reference_id 1958226
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1958226
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
reference_id 989062
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
16
reference_url https://security.gentoo.org/glsa/202107-33
reference_id GLSA-202107-33
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
17
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
18
reference_url https://usn.ubuntu.com/4963-1/
reference_id USN-4963-1
reference_type
scores
url https://usn.ubuntu.com/4963-1/
19
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-38rp-4m7c-4ue2
2
vulnerability VCID-73b3-qaq6-jbhp
3
vulnerability VCID-7sua-cya7-gka4
4
vulnerability VCID-9c72-qu4z-5kf7
5
vulnerability VCID-9x88-j4j1-kfe8
6
vulnerability VCID-cetn-48cj-6ba8
7
vulnerability VCID-dayw-85a5-qba2
8
vulnerability VCID-gprf-a2wh-2kev
9
vulnerability VCID-jfuf-62k6-tyem
10
vulnerability VCID-jypy-efwx-ybc8
11
vulnerability VCID-mj43-253b-m3dm
12
vulnerability VCID-qd5b-unsy-97dz
13
vulnerability VCID-vh6h-7ru5-cqdt
14
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases BIT-pillow-2021-25287, CVE-2021-25287, GHSA-77gc-v2xv-rvvh, PYSEC-2021-137
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uwvh-bgst-t7ce
47
url VCID-uxdf-6rrb-sbe3
vulnerability_id VCID-uxdf-6rrb-sbe3
summary Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0775.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0775.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-0775
reference_id
reference_type
scores
0
value 0.01069
scoring_system epss
scoring_elements 0.78029
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-0775
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0740
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0740
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0775
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0775
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2533
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2533
5
reference_url https://github.com/advisories/GHSA-8xjv-v9xq-m5h9
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-8xjv-v9xq-m5h9
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-6.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-6.yaml
7
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
8
reference_url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
9
reference_url https://github.com/python-pillow/Pillow/commit/893a40850c2d5da41537958e40569c029a6e127b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/893a40850c2d5da41537958e40569c029a6e127b
10
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-52
11
reference_url http://www.debian.org/security/2016/dsa-3499
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3499
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1301621
reference_id 1301621
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1301621
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813909
reference_id 813909
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813909
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-0775
reference_id CVE-2016-0775
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-0775
15
reference_url https://usn.ubuntu.com/3080-1/
reference_id USN-3080-1
reference_type
scores
url https://usn.ubuntu.com/3080-1/
16
reference_url https://usn.ubuntu.com/3090-1/
reference_id USN-3090-1
reference_type
scores
url https://usn.ubuntu.com/3090-1/
fixed_packages
0
url pkg:pypi/pillow@3.1.1
purl pkg:pypi/pillow@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-129s-129z-nygm
1
vulnerability VCID-25gs-7e4x-9yga
2
vulnerability VCID-2jfs-uqp3-bqhc
3
vulnerability VCID-38rp-4m7c-4ue2
4
vulnerability VCID-5q9f-rt3h-u3fx
5
vulnerability VCID-73b3-qaq6-jbhp
6
vulnerability VCID-7sua-cya7-gka4
7
vulnerability VCID-83et-rgnm-euc1
8
vulnerability VCID-845b-aeaq-3feb
9
vulnerability VCID-8apd-dsj2-9khf
10
vulnerability VCID-8mdk-5vqg-3ff9
11
vulnerability VCID-942z-u5pd-mye6
12
vulnerability VCID-9c72-qu4z-5kf7
13
vulnerability VCID-9x88-j4j1-kfe8
14
vulnerability VCID-ahkz-51ka-fbd6
15
vulnerability VCID-axd2-f48y-bfc8
16
vulnerability VCID-bje4-2uha-5ub7
17
vulnerability VCID-cetn-48cj-6ba8
18
vulnerability VCID-cmau-9zzd-rybf
19
vulnerability VCID-cwt1-ntk3-m7bw
20
vulnerability VCID-dayw-85a5-qba2
21
vulnerability VCID-ebcb-9v6a-kkeu
22
vulnerability VCID-gprf-a2wh-2kev
23
vulnerability VCID-gzp4-1t5f-ryht
24
vulnerability VCID-hasv-eaqf-9kdn
25
vulnerability VCID-hav3-e9x5-a3ch
26
vulnerability VCID-j1t4-wd8r-dybq
27
vulnerability VCID-j538-67dv-jkbw
28
vulnerability VCID-jfuf-62k6-tyem
29
vulnerability VCID-js6q-sank-e3d3
30
vulnerability VCID-jypy-efwx-ybc8
31
vulnerability VCID-mj43-253b-m3dm
32
vulnerability VCID-mvhz-n5yp-73ch
33
vulnerability VCID-mz11-74c9-nyg4
34
vulnerability VCID-qd5b-unsy-97dz
35
vulnerability VCID-r226-tfhq-cuhv
36
vulnerability VCID-u4mn-ezb3-qkh3
37
vulnerability VCID-uhfy-dfrh-ayeh
38
vulnerability VCID-uwvh-bgst-t7ce
39
vulnerability VCID-v7pu-vaj7-zkev
40
vulnerability VCID-vh6h-7ru5-cqdt
41
vulnerability VCID-vmfr-8ypx-4uaw
42
vulnerability VCID-vs1g-f7nv-cqar
43
vulnerability VCID-vvca-akc1-uubk
44
vulnerability VCID-vx51-x6y6-h7ch
45
vulnerability VCID-wjsn-e7sj-n3gv
46
vulnerability VCID-wpn4-pqtk-tqb6
47
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.1.1
aliases CVE-2016-0775, GHSA-8xjv-v9xq-m5h9, PYSEC-2016-6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uxdf-6rrb-sbe3
48
url VCID-v7pu-vaj7-zkev
vulnerability_id VCID-v7pu-vaj7-zkev
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25291.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25291.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25291
reference_id
reference_type
scores
0
value 0.00536
scoring_system epss
scoring_elements 0.67773
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25291
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25291
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25291
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-mvg9-xffr-p774
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-mvg9-xffr-p774
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-37.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-37.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/8b8076bdcb3815be0ef0d279651d8d1342b8ea61
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/8b8076bdcb3815be0ef0d279651d8d1342b8ea61
8
reference_url https://github.com/python-pillow/Pillow/commit/cbdce6c5d054fccaf4af34b47f212355c64ace7a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/cbdce6c5d054fccaf4af34b47f212355c64ace7a
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25291
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25291
10
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1934692
reference_id 1934692
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1934692
12
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
13
reference_url https://security.gentoo.org/glsa/202107-33
reference_id GLSA-202107-33
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
14
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
15
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-2jfs-uqp3-bqhc
2
vulnerability VCID-38rp-4m7c-4ue2
3
vulnerability VCID-5q9f-rt3h-u3fx
4
vulnerability VCID-73b3-qaq6-jbhp
5
vulnerability VCID-7sua-cya7-gka4
6
vulnerability VCID-9c72-qu4z-5kf7
7
vulnerability VCID-9x88-j4j1-kfe8
8
vulnerability VCID-ahkz-51ka-fbd6
9
vulnerability VCID-bje4-2uha-5ub7
10
vulnerability VCID-cetn-48cj-6ba8
11
vulnerability VCID-cmau-9zzd-rybf
12
vulnerability VCID-dayw-85a5-qba2
13
vulnerability VCID-gprf-a2wh-2kev
14
vulnerability VCID-hav3-e9x5-a3ch
15
vulnerability VCID-jfuf-62k6-tyem
16
vulnerability VCID-jypy-efwx-ybc8
17
vulnerability VCID-mj43-253b-m3dm
18
vulnerability VCID-qd5b-unsy-97dz
19
vulnerability VCID-uhfy-dfrh-ayeh
20
vulnerability VCID-uwvh-bgst-t7ce
21
vulnerability VCID-v7pu-vaj7-zkev
22
vulnerability VCID-vh6h-7ru5-cqdt
23
vulnerability VCID-wjsn-e7sj-n3gv
24
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
1
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-38rp-4m7c-4ue2
2
vulnerability VCID-73b3-qaq6-jbhp
3
vulnerability VCID-7sua-cya7-gka4
4
vulnerability VCID-9c72-qu4z-5kf7
5
vulnerability VCID-9x88-j4j1-kfe8
6
vulnerability VCID-cetn-48cj-6ba8
7
vulnerability VCID-dayw-85a5-qba2
8
vulnerability VCID-gprf-a2wh-2kev
9
vulnerability VCID-jfuf-62k6-tyem
10
vulnerability VCID-jypy-efwx-ybc8
11
vulnerability VCID-mj43-253b-m3dm
12
vulnerability VCID-qd5b-unsy-97dz
13
vulnerability VCID-vh6h-7ru5-cqdt
14
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases BIT-pillow-2021-25291, CVE-2021-25291, GHSA-mvg9-xffr-p774, PYSEC-2021-37
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v7pu-vaj7-zkev
49
url VCID-vh6h-7ru5-cqdt
vulnerability_id VCID-vh6h-7ru5-cqdt
summary 
libwebp: OOB write in BuildHuffmanTable
Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4863.json
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4863.json
1
reference_url https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway
2
reference_url https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-4863
reference_id
reference_type
scores
0
value 0.93301
scoring_system epss
scoring_elements 0.99816
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-4863
4
reference_url https://blog.isosceles.com/the-webp-0day
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.isosceles.com/the-webp-0day
5
reference_url https://bugzilla.suse.com/show_bug.cgi?id=1215231
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://bugzilla.suse.com/show_bug.cgi?id=1215231
6
reference_url https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
7
reference_url https://crbug.com/1479274
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://crbug.com/1479274
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863
9
reference_url https://en.bandisoft.com/honeyview/history
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://en.bandisoft.com/honeyview/history
10
reference_url https://en.bandisoft.com/honeyview/history/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://en.bandisoft.com/honeyview/history/
11
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
12
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0
13
reference_url https://github.com/electron/electron/pull/39823
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/39823
14
reference_url https://github.com/electron/electron/pull/39825
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/39825
15
reference_url https://github.com/electron/electron/pull/39826
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/39826
16
reference_url https://github.com/electron/electron/pull/39827
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/39827
17
reference_url https://github.com/electron/electron/pull/39828
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/39828
18
reference_url https://github.com/ImageMagick/ImageMagick/discussions/6664
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/discussions/6664
19
reference_url https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc
20
reference_url https://github.com/jaredforth/webp/pull/30
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jaredforth/webp/pull/30
21
reference_url https://github.com/python-pillow/Pillow/pull/7395
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/7395
22
reference_url https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b
23
reference_url https://github.com/qnighy/libwebp-sys2-rs/pull/21
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/qnighy/libwebp-sys2-rs/pull/21
24
reference_url https://github.com/webmproject/libwebp
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/webmproject/libwebp
25
reference_url https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a
26
reference_url https://github.com/webmproject/libwebp/releases/tag/v1.3.2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://github.com/webmproject/libwebp/releases/tag/v1.3.2
27
reference_url https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html
28
reference_url https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html
29
reference_url https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html
30
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT
31
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/
32
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645
33
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/
34
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/
37
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX
38
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/
39
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB
40
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/
41
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I
42
reference_url https://news.ycombinator.com/item?id=37478403
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://news.ycombinator.com/item?id=37478403
43
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
44
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security
45
reference_url https://rustsec.org/advisories/RUSTSEC-2023-0060.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2023-0060.html
46
reference_url https://rustsec.org/advisories/RUSTSEC-2023-0061.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2023-0061.html
47
reference_url https://security.gentoo.org/glsa/202309-05
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://security.gentoo.org/glsa/202309-05
48
reference_url https://security.gentoo.org/glsa/202401-10
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://security.gentoo.org/glsa/202401-10
49
reference_url https://security.netapp.com/advisory/ntap-20230929-0011
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230929-0011
50
reference_url https://sethmlarson.dev/security-developer-in-residence-weekly-report-16
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://sethmlarson.dev/security-developer-in-residence-weekly-report-16
51
reference_url https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863
52
reference_url https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/
53
reference_url https://www.bentley.com/advisories/be-2023-0001
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.bentley.com/advisories/be-2023-0001
54
reference_url https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks
55
reference_url https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/
56
reference_url https://www.debian.org/security/2023/dsa-5496
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://www.debian.org/security/2023/dsa-5496
57
reference_url https://www.debian.org/security/2023/dsa-5497
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://www.debian.org/security/2023/dsa-5497
58
reference_url https://www.debian.org/security/2023/dsa-5498
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://www.debian.org/security/2023/dsa-5498
59
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2023-40
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value critical
scoring_system generic_textual
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2023-40
60
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
61
reference_url https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863
62
reference_url http://www.openwall.com/lists/oss-security/2023/09/21/4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/21/4
63
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/1
64
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/3
65
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/4
66
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/5
67
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/6
68
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/7
69
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/8
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/8
70
reference_url http://www.openwall.com/lists/oss-security/2023/09/26/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/26/1
71
reference_url http://www.openwall.com/lists/oss-security/2023/09/26/7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/26/7
72
reference_url http://www.openwall.com/lists/oss-security/2023/09/28/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/28/1
73
reference_url http://www.openwall.com/lists/oss-security/2023/09/28/2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/28/2
74
reference_url http://www.openwall.com/lists/oss-security/2023/09/28/4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/28/4
75
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051787
reference_id 1051787
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051787
76
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2238431
reference_id 2238431
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2238431
77
reference_url https://www.bentley.com/advisories/be-2023-0001/
reference_id be-2023-0001
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://www.bentley.com/advisories/be-2023-0001/
78
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863
reference_id CVE-2023-4863
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863
79
reference_url https://security-tracker.debian.org/tracker/CVE-2023-4863
reference_id CVE-2023-4863
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://security-tracker.debian.org/tracker/CVE-2023-4863
80
reference_url https://github.com/advisories/GHSA-j7hp-h8jx-5ppr
reference_id GHSA-j7hp-h8jx-5ppr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j7hp-h8jx-5ppr
81
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/
reference_id KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/
82
reference_url https://security.netapp.com/advisory/ntap-20230929-0011/
reference_id ntap-20230929-0011
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://security.netapp.com/advisory/ntap-20230929-0011/
83
reference_url https://access.redhat.com/errata/RHSA-2023:5183
reference_id RHSA-2023:5183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5183
84
reference_url https://access.redhat.com/errata/RHSA-2023:5184
reference_id RHSA-2023:5184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5184
85
reference_url https://access.redhat.com/errata/RHSA-2023:5185
reference_id RHSA-2023:5185
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5185
86
reference_url https://access.redhat.com/errata/RHSA-2023:5186
reference_id RHSA-2023:5186
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5186
87
reference_url https://access.redhat.com/errata/RHSA-2023:5187
reference_id RHSA-2023:5187
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5187
88
reference_url https://access.redhat.com/errata/RHSA-2023:5188
reference_id RHSA-2023:5188
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5188
89
reference_url https://access.redhat.com/errata/RHSA-2023:5189
reference_id RHSA-2023:5189
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5189
90
reference_url https://access.redhat.com/errata/RHSA-2023:5190
reference_id RHSA-2023:5190
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5190
91
reference_url https://access.redhat.com/errata/RHSA-2023:5191
reference_id RHSA-2023:5191
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5191
92
reference_url https://access.redhat.com/errata/RHSA-2023:5192
reference_id RHSA-2023:5192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5192
93
reference_url https://access.redhat.com/errata/RHSA-2023:5197
reference_id RHSA-2023:5197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5197
94
reference_url https://access.redhat.com/errata/RHSA-2023:5198
reference_id RHSA-2023:5198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5198
95
reference_url https://access.redhat.com/errata/RHSA-2023:5200
reference_id RHSA-2023:5200
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5200
96
reference_url https://access.redhat.com/errata/RHSA-2023:5201
reference_id RHSA-2023:5201
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5201
97
reference_url https://access.redhat.com/errata/RHSA-2023:5202
reference_id RHSA-2023:5202
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5202
98
reference_url https://access.redhat.com/errata/RHSA-2023:5204
reference_id RHSA-2023:5204
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5204
99
reference_url https://access.redhat.com/errata/RHSA-2023:5205
reference_id RHSA-2023:5205
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5205
100
reference_url https://access.redhat.com/errata/RHSA-2023:5214
reference_id RHSA-2023:5214
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5214
101
reference_url https://access.redhat.com/errata/RHSA-2023:5222
reference_id RHSA-2023:5222
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5222
102
reference_url https://access.redhat.com/errata/RHSA-2023:5223
reference_id RHSA-2023:5223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5223
103
reference_url https://access.redhat.com/errata/RHSA-2023:5224
reference_id RHSA-2023:5224
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5224
104
reference_url https://access.redhat.com/errata/RHSA-2023:5236
reference_id RHSA-2023:5236
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5236
105
reference_url https://access.redhat.com/errata/RHSA-2023:5309
reference_id RHSA-2023:5309
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5309
106
reference_url https://usn.ubuntu.com/6367-1/
reference_id USN-6367-1
reference_type
scores
url https://usn.ubuntu.com/6367-1/
107
reference_url https://usn.ubuntu.com/6368-1/
reference_id USN-6368-1
reference_type
scores
url https://usn.ubuntu.com/6368-1/
108
reference_url https://usn.ubuntu.com/6369-1/
reference_id USN-6369-1
reference_type
scores
url https://usn.ubuntu.com/6369-1/
109
reference_url https://usn.ubuntu.com/6369-2/
reference_id USN-6369-2
reference_type
scores
url https://usn.ubuntu.com/6369-2/
fixed_packages
0
url pkg:pypi/pillow@10.0.1
purl pkg:pypi/pillow@10.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-9x88-j4j1-kfe8
2
vulnerability VCID-dayw-85a5-qba2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.1
aliases CVE-2023-4863, GHSA-j7hp-h8jx-5ppr
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vh6h-7ru5-cqdt
50
url VCID-vmfr-8ypx-4uaw
vulnerability_id VCID-vmfr-8ypx-4uaw
summary Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.
references
0
reference_url http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9190.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9190.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-9190
reference_id
reference_type
scores
0
value 0.00566
scoring_system epss
scoring_elements 0.6877
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-9190
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9189
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9189
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9190
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9190
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-w4vg-rf63-f3j3
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-w4vg-rf63-f3j3
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-9.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-9.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/issues/2105
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/issues/2105
10
reference_url https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af
11
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-52
12
reference_url http://www.debian.org/security/2016/dsa-3710
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3710
13
reference_url http://www.securityfocus.com/bid/94234
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/94234
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1382006
reference_id 1382006
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1382006
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-9190
reference_id CVE-2016-9190
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-9190
16
reference_url https://usn.ubuntu.com/3229-1/
reference_id USN-3229-1
reference_type
scores
url https://usn.ubuntu.com/3229-1/
17
reference_url https://usn.ubuntu.com/3230-1/
reference_id USN-3230-1
reference_type
scores
url https://usn.ubuntu.com/3230-1/
fixed_packages
0
url pkg:pypi/pillow@3.3.2
purl pkg:pypi/pillow@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-129s-129z-nygm
1
vulnerability VCID-25gs-7e4x-9yga
2
vulnerability VCID-2jfs-uqp3-bqhc
3
vulnerability VCID-38rp-4m7c-4ue2
4
vulnerability VCID-5q9f-rt3h-u3fx
5
vulnerability VCID-73b3-qaq6-jbhp
6
vulnerability VCID-7sua-cya7-gka4
7
vulnerability VCID-83et-rgnm-euc1
8
vulnerability VCID-845b-aeaq-3feb
9
vulnerability VCID-8apd-dsj2-9khf
10
vulnerability VCID-8mdk-5vqg-3ff9
11
vulnerability VCID-942z-u5pd-mye6
12
vulnerability VCID-9c72-qu4z-5kf7
13
vulnerability VCID-9x88-j4j1-kfe8
14
vulnerability VCID-ahkz-51ka-fbd6
15
vulnerability VCID-axd2-f48y-bfc8
16
vulnerability VCID-bje4-2uha-5ub7
17
vulnerability VCID-cetn-48cj-6ba8
18
vulnerability VCID-cmau-9zzd-rybf
19
vulnerability VCID-cwt1-ntk3-m7bw
20
vulnerability VCID-dayw-85a5-qba2
21
vulnerability VCID-ebcb-9v6a-kkeu
22
vulnerability VCID-gprf-a2wh-2kev
23
vulnerability VCID-gzp4-1t5f-ryht
24
vulnerability VCID-hasv-eaqf-9kdn
25
vulnerability VCID-hav3-e9x5-a3ch
26
vulnerability VCID-j538-67dv-jkbw
27
vulnerability VCID-jfuf-62k6-tyem
28
vulnerability VCID-js6q-sank-e3d3
29
vulnerability VCID-jypy-efwx-ybc8
30
vulnerability VCID-mj43-253b-m3dm
31
vulnerability VCID-mvhz-n5yp-73ch
32
vulnerability VCID-mz11-74c9-nyg4
33
vulnerability VCID-qd5b-unsy-97dz
34
vulnerability VCID-r226-tfhq-cuhv
35
vulnerability VCID-u4mn-ezb3-qkh3
36
vulnerability VCID-uhfy-dfrh-ayeh
37
vulnerability VCID-uwvh-bgst-t7ce
38
vulnerability VCID-v7pu-vaj7-zkev
39
vulnerability VCID-vh6h-7ru5-cqdt
40
vulnerability VCID-vs1g-f7nv-cqar
41
vulnerability VCID-vx51-x6y6-h7ch
42
vulnerability VCID-wjsn-e7sj-n3gv
43
vulnerability VCID-wpn4-pqtk-tqb6
44
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.3.2
aliases CVE-2016-9190, GHSA-w4vg-rf63-f3j3, PYSEC-2016-9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vmfr-8ypx-4uaw
51
url VCID-vs1g-f7nv-cqar
vulnerability_id VCID-vs1g-f7nv-cqar
summary An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0566
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0566
1
reference_url https://access.redhat.com/errata/RHSA-2020:0578
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0578
2
reference_url https://access.redhat.com/errata/RHSA-2020:0580
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0580
3
reference_url https://access.redhat.com/errata/RHSA-2020:0681
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0681
4
reference_url https://access.redhat.com/errata/RHSA-2020:0683
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0683
5
reference_url https://access.redhat.com/errata/RHSA-2020:0694
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0694
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3/
8
reference_url https://pillow.readthedocs.io/en/latest/releasenotes/6.2.0.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/latest/releasenotes/6.2.0.html
9
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
10
reference_url https://www.debian.org/security/2020/dsa-4631
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4631
fixed_packages
0
url pkg:pypi/pillow@6.2.0
purl pkg:pypi/pillow@6.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-2jfs-uqp3-bqhc
2
vulnerability VCID-38rp-4m7c-4ue2
3
vulnerability VCID-5g7c-1486-7udv
4
vulnerability VCID-5q9f-rt3h-u3fx
5
vulnerability VCID-73b3-qaq6-jbhp
6
vulnerability VCID-7sua-cya7-gka4
7
vulnerability VCID-83et-rgnm-euc1
8
vulnerability VCID-845b-aeaq-3feb
9
vulnerability VCID-8apd-dsj2-9khf
10
vulnerability VCID-8mdk-5vqg-3ff9
11
vulnerability VCID-942z-u5pd-mye6
12
vulnerability VCID-9c72-qu4z-5kf7
13
vulnerability VCID-9x88-j4j1-kfe8
14
vulnerability VCID-ahkz-51ka-fbd6
15
vulnerability VCID-axd2-f48y-bfc8
16
vulnerability VCID-bje4-2uha-5ub7
17
vulnerability VCID-cetn-48cj-6ba8
18
vulnerability VCID-cmau-9zzd-rybf
19
vulnerability VCID-cwt1-ntk3-m7bw
20
vulnerability VCID-dayw-85a5-qba2
21
vulnerability VCID-ebcb-9v6a-kkeu
22
vulnerability VCID-gprf-a2wh-2kev
23
vulnerability VCID-gzp4-1t5f-ryht
24
vulnerability VCID-hasv-eaqf-9kdn
25
vulnerability VCID-hav3-e9x5-a3ch
26
vulnerability VCID-j538-67dv-jkbw
27
vulnerability VCID-jfuf-62k6-tyem
28
vulnerability VCID-js6q-sank-e3d3
29
vulnerability VCID-jypy-efwx-ybc8
30
vulnerability VCID-mj43-253b-m3dm
31
vulnerability VCID-mvhz-n5yp-73ch
32
vulnerability VCID-mz11-74c9-nyg4
33
vulnerability VCID-qd5b-unsy-97dz
34
vulnerability VCID-r226-tfhq-cuhv
35
vulnerability VCID-u4mn-ezb3-qkh3
36
vulnerability VCID-uhfy-dfrh-ayeh
37
vulnerability VCID-uwvh-bgst-t7ce
38
vulnerability VCID-v7pu-vaj7-zkev
39
vulnerability VCID-vh6h-7ru5-cqdt
40
vulnerability VCID-vx51-x6y6-h7ch
41
vulnerability VCID-wjsn-e7sj-n3gv
42
vulnerability VCID-wpn4-pqtk-tqb6
43
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.0
aliases PYSEC-2019-40
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vs1g-f7nv-cqar
52
url VCID-vvca-akc1-uubk
vulnerability_id VCID-vvca-akc1-uubk
summary Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.
references
0
reference_url http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9189.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9189.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-9189
reference_id
reference_type
scores
0
value 0.00358
scoring_system epss
scoring_elements 0.58272
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-9189
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9189
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9189
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9190
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9190
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-rwr3-c2q8-gm56
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rwr3-c2q8-gm56
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-8.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-8.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/issues/2105
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/issues/2105
10
reference_url https://github.com/python-pillow/Pillow/pull/2146/commits/c50ebe6459a131a1ea8ca531f10da616d3ceaa0f
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/2146/commits/c50ebe6459a131a1ea8ca531f10da616d3ceaa0f
11
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-52
12
reference_url http://www.debian.org/security/2016/dsa-3710
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3710
13
reference_url http://www.securityfocus.com/bid/94234
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/94234
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1382000
reference_id 1382000
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1382000
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-9189
reference_id CVE-2016-9189
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-9189
16
reference_url https://usn.ubuntu.com/3229-1/
reference_id USN-3229-1
reference_type
scores
url https://usn.ubuntu.com/3229-1/
17
reference_url https://usn.ubuntu.com/3230-1/
reference_id USN-3230-1
reference_type
scores
url https://usn.ubuntu.com/3230-1/
fixed_packages
0
url pkg:pypi/pillow@3.3.2
purl pkg:pypi/pillow@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-129s-129z-nygm
1
vulnerability VCID-25gs-7e4x-9yga
2
vulnerability VCID-2jfs-uqp3-bqhc
3
vulnerability VCID-38rp-4m7c-4ue2
4
vulnerability VCID-5q9f-rt3h-u3fx
5
vulnerability VCID-73b3-qaq6-jbhp
6
vulnerability VCID-7sua-cya7-gka4
7
vulnerability VCID-83et-rgnm-euc1
8
vulnerability VCID-845b-aeaq-3feb
9
vulnerability VCID-8apd-dsj2-9khf
10
vulnerability VCID-8mdk-5vqg-3ff9
11
vulnerability VCID-942z-u5pd-mye6
12
vulnerability VCID-9c72-qu4z-5kf7
13
vulnerability VCID-9x88-j4j1-kfe8
14
vulnerability VCID-ahkz-51ka-fbd6
15
vulnerability VCID-axd2-f48y-bfc8
16
vulnerability VCID-bje4-2uha-5ub7
17
vulnerability VCID-cetn-48cj-6ba8
18
vulnerability VCID-cmau-9zzd-rybf
19
vulnerability VCID-cwt1-ntk3-m7bw
20
vulnerability VCID-dayw-85a5-qba2
21
vulnerability VCID-ebcb-9v6a-kkeu
22
vulnerability VCID-gprf-a2wh-2kev
23
vulnerability VCID-gzp4-1t5f-ryht
24
vulnerability VCID-hasv-eaqf-9kdn
25
vulnerability VCID-hav3-e9x5-a3ch
26
vulnerability VCID-j538-67dv-jkbw
27
vulnerability VCID-jfuf-62k6-tyem
28
vulnerability VCID-js6q-sank-e3d3
29
vulnerability VCID-jypy-efwx-ybc8
30
vulnerability VCID-mj43-253b-m3dm
31
vulnerability VCID-mvhz-n5yp-73ch
32
vulnerability VCID-mz11-74c9-nyg4
33
vulnerability VCID-qd5b-unsy-97dz
34
vulnerability VCID-r226-tfhq-cuhv
35
vulnerability VCID-u4mn-ezb3-qkh3
36
vulnerability VCID-uhfy-dfrh-ayeh
37
vulnerability VCID-uwvh-bgst-t7ce
38
vulnerability VCID-v7pu-vaj7-zkev
39
vulnerability VCID-vh6h-7ru5-cqdt
40
vulnerability VCID-vs1g-f7nv-cqar
41
vulnerability VCID-vx51-x6y6-h7ch
42
vulnerability VCID-wjsn-e7sj-n3gv
43
vulnerability VCID-wpn4-pqtk-tqb6
44
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.3.2
aliases CVE-2016-9189, GHSA-rwr3-c2q8-gm56, PYSEC-2016-8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vvca-akc1-uubk
53
url VCID-vx51-x6y6-h7ch
vulnerability_id VCID-vx51-x6y6-h7ch
summary libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0566
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0566
1
reference_url https://access.redhat.com/errata/RHSA-2020:0580
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0580
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5311.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5311.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5311
reference_id
reference_type
scores
0
value 0.01146
scoring_system epss
scoring_elements 0.78771
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5311
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5311
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5311
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-r7rm-8j6h-r933
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-r7rm-8j6h-r933
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-82.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-82.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5311
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-5311
15
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
16
reference_url https://usn.ubuntu.com/4272-1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4272-1
17
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
18
reference_url https://www.debian.org/security/2020/dsa-4631
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4631
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1789535
reference_id 1789535
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1789535
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948224
reference_id 948224
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948224
21
reference_url https://access.redhat.com/errata/RHSA-2021:0420
reference_id RHSA-2021:0420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0420
fixed_packages
0
url pkg:pypi/pillow@6.2.2
purl pkg:pypi/pillow@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-2jfs-uqp3-bqhc
2
vulnerability VCID-38rp-4m7c-4ue2
3
vulnerability VCID-5g7c-1486-7udv
4
vulnerability VCID-5q9f-rt3h-u3fx
5
vulnerability VCID-73b3-qaq6-jbhp
6
vulnerability VCID-7sua-cya7-gka4
7
vulnerability VCID-845b-aeaq-3feb
8
vulnerability VCID-8apd-dsj2-9khf
9
vulnerability VCID-8mdk-5vqg-3ff9
10
vulnerability VCID-942z-u5pd-mye6
11
vulnerability VCID-9c72-qu4z-5kf7
12
vulnerability VCID-9x88-j4j1-kfe8
13
vulnerability VCID-ahkz-51ka-fbd6
14
vulnerability VCID-axd2-f48y-bfc8
15
vulnerability VCID-bje4-2uha-5ub7
16
vulnerability VCID-cetn-48cj-6ba8
17
vulnerability VCID-cmau-9zzd-rybf
18
vulnerability VCID-cwt1-ntk3-m7bw
19
vulnerability VCID-dayw-85a5-qba2
20
vulnerability VCID-ebcb-9v6a-kkeu
21
vulnerability VCID-gprf-a2wh-2kev
22
vulnerability VCID-hav3-e9x5-a3ch
23
vulnerability VCID-j538-67dv-jkbw
24
vulnerability VCID-jfuf-62k6-tyem
25
vulnerability VCID-jypy-efwx-ybc8
26
vulnerability VCID-mj43-253b-m3dm
27
vulnerability VCID-mvhz-n5yp-73ch
28
vulnerability VCID-mz11-74c9-nyg4
29
vulnerability VCID-qd5b-unsy-97dz
30
vulnerability VCID-u4mn-ezb3-qkh3
31
vulnerability VCID-uhfy-dfrh-ayeh
32
vulnerability VCID-uwvh-bgst-t7ce
33
vulnerability VCID-v7pu-vaj7-zkev
34
vulnerability VCID-vh6h-7ru5-cqdt
35
vulnerability VCID-wjsn-e7sj-n3gv
36
vulnerability VCID-wpn4-pqtk-tqb6
37
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2
aliases BIT-pillow-2020-5311, CVE-2020-5311, GHSA-r7rm-8j6h-r933, PYSEC-2020-82
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vx51-x6y6-h7ch
54
url VCID-wjsn-e7sj-n3gv
vulnerability_id VCID-wjsn-e7sj-n3gv
summary An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28678.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28678.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28678
reference_id
reference_type
scores
0
value 0.0011
scoring_system epss
scoring_elements 0.2913
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28678
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28678
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28678
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-hjfx-8p6c-g7gx
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hjfx-8p6c-g7gx
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-94.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-94.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/pull/5377
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5377
8
reference_url https://github.com/python-pillow/Pillow/pull/5377/commits/496245aa4365d0827390bd0b6fbd11287453b3a1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5377/commits/496245aa4365d0827390bd0b6fbd11287453b3a1
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28678
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28678
12
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1958263
reference_id 1958263
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1958263
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
reference_id 989062
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
15
reference_url https://security.gentoo.org/glsa/202107-33
reference_id GLSA-202107-33
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
16
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
17
reference_url https://usn.ubuntu.com/4963-1/
reference_id USN-4963-1
reference_type
scores
url https://usn.ubuntu.com/4963-1/
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-38rp-4m7c-4ue2
2
vulnerability VCID-73b3-qaq6-jbhp
3
vulnerability VCID-7sua-cya7-gka4
4
vulnerability VCID-9c72-qu4z-5kf7
5
vulnerability VCID-9x88-j4j1-kfe8
6
vulnerability VCID-cetn-48cj-6ba8
7
vulnerability VCID-dayw-85a5-qba2
8
vulnerability VCID-gprf-a2wh-2kev
9
vulnerability VCID-jfuf-62k6-tyem
10
vulnerability VCID-jypy-efwx-ybc8
11
vulnerability VCID-mj43-253b-m3dm
12
vulnerability VCID-qd5b-unsy-97dz
13
vulnerability VCID-vh6h-7ru5-cqdt
14
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases BIT-pillow-2021-28678, CVE-2021-28678, GHSA-hjfx-8p6c-g7gx, PYSEC-2021-94
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wjsn-e7sj-n3gv
55
url VCID-wpn4-pqtk-tqb6
vulnerability_id VCID-wpn4-pqtk-tqb6
summary Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10177.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10177.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10177
reference_id
reference_type
scores
0
value 0.00319
scoring_system epss
scoring_elements 0.55242
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10177
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10177
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10177
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-cqhg-xjhh-p8hf
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-cqhg-xjhh-p8hf
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-76.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-76.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/00c6dd72d9ed0124cec81040b4bab0979a200fe2
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/00c6dd72d9ed0124cec81040b4bab0979a200fe2
8
reference_url https://github.com/python-pillow/Pillow/commit/088ce4df981b70fbec140ee54417bcb49a7dffca
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/088ce4df981b70fbec140ee54417bcb49a7dffca
9
reference_url https://github.com/python-pillow/Pillow/commit/11ef7ca53a7d0af4bc52666c29199deffa5fc1bd
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/11ef7ca53a7d0af4bc52666c29199deffa5fc1bd
10
reference_url https://github.com/python-pillow/Pillow/commit/19ff42bd683486a8a308743c76972ef6a6482e9b
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/19ff42bd683486a8a308743c76972ef6a6482e9b
11
reference_url https://github.com/python-pillow/Pillow/commit/5b490fc413dfab2d52de46a58905c25d9badb650
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/5b490fc413dfab2d52de46a58905c25d9badb650
12
reference_url https://github.com/python-pillow/Pillow/commit/8d4f3c0c5f2fecf175aeb895e9c2d6d06d85bdc9
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/8d4f3c0c5f2fecf175aeb895e9c2d6d06d85bdc9
13
reference_url https://github.com/python-pillow/Pillow/commit/b4e439d6d7fd986cd6b4c7f9ca18830d79dacd44
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/b4e439d6d7fd986cd6b4c7f9ca18830d79dacd44
14
reference_url https://github.com/python-pillow/Pillow/commit/c5edc361fd6450f805a6a444723b0f68190b1d0c
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/c5edc361fd6450f805a6a444723b0f68190b1d0c
15
reference_url https://github.com/python-pillow/Pillow/commit/c66d8aa75436f334f686fe32bca8e414bcdd18e6
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/c66d8aa75436f334f686fe32bca8e414bcdd18e6
16
reference_url https://github.com/python-pillow/Pillow/commit/c88b0204d7c930e3bd72626ae6ea078571cc0ea7
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/c88b0204d7c930e3bd72626ae6ea078571cc0ea7
17
reference_url https://github.com/python-pillow/Pillow/commit/f6926a041b4b544fd2ced3752542afb6c8c19405
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/f6926a041b4b544fd2ced3752542afb6c8c19405
18
reference_url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
19
reference_url https://github.com/python-pillow/Pillow/issues/4750
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/issues/4750
20
reference_url https://github.com/python-pillow/Pillow/pull/4503
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/4503
21
reference_url https://github.com/python-pillow/Pillow/pull/4538
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/4538
22
reference_url https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
26
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
27
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html
28
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
29
reference_url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574573
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574573
30
reference_url https://usn.ubuntu.com/4430-1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4430-1
31
reference_url https://usn.ubuntu.com/4430-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-1/
32
reference_url https://usn.ubuntu.com/4430-2
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4430-2
33
reference_url https://usn.ubuntu.com/4430-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-2/
34
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1852824
reference_id 1852824
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1852824
35
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10177
reference_id CVE-2020-10177
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10177
36
reference_url https://access.redhat.com/errata/RHSA-2021:0420
reference_id RHSA-2021:0420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0420
37
reference_url https://usn.ubuntu.com/4697-2/
reference_id USN-4697-2
reference_type
scores
url https://usn.ubuntu.com/4697-2/
fixed_packages
0
url pkg:pypi/pillow@7.1.0
purl pkg:pypi/pillow@7.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-2jfs-uqp3-bqhc
2
vulnerability VCID-38rp-4m7c-4ue2
3
vulnerability VCID-5g7c-1486-7udv
4
vulnerability VCID-5q9f-rt3h-u3fx
5
vulnerability VCID-73b3-qaq6-jbhp
6
vulnerability VCID-7sua-cya7-gka4
7
vulnerability VCID-8apd-dsj2-9khf
8
vulnerability VCID-942z-u5pd-mye6
9
vulnerability VCID-9c72-qu4z-5kf7
10
vulnerability VCID-9x88-j4j1-kfe8
11
vulnerability VCID-ahkz-51ka-fbd6
12
vulnerability VCID-axd2-f48y-bfc8
13
vulnerability VCID-bje4-2uha-5ub7
14
vulnerability VCID-cetn-48cj-6ba8
15
vulnerability VCID-cmau-9zzd-rybf
16
vulnerability VCID-cwt1-ntk3-m7bw
17
vulnerability VCID-dayw-85a5-qba2
18
vulnerability VCID-ebcb-9v6a-kkeu
19
vulnerability VCID-gprf-a2wh-2kev
20
vulnerability VCID-hav3-e9x5-a3ch
21
vulnerability VCID-jfuf-62k6-tyem
22
vulnerability VCID-jypy-efwx-ybc8
23
vulnerability VCID-mj43-253b-m3dm
24
vulnerability VCID-mvhz-n5yp-73ch
25
vulnerability VCID-qd5b-unsy-97dz
26
vulnerability VCID-u4mn-ezb3-qkh3
27
vulnerability VCID-uhfy-dfrh-ayeh
28
vulnerability VCID-uwvh-bgst-t7ce
29
vulnerability VCID-v7pu-vaj7-zkev
30
vulnerability VCID-vh6h-7ru5-cqdt
31
vulnerability VCID-wjsn-e7sj-n3gv
32
vulnerability VCID-yt36-qqxp-qud5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0
aliases BIT-pillow-2020-10177, CVE-2020-10177, GHSA-cqhg-xjhh-p8hf, PYSEC-2020-76
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wpn4-pqtk-tqb6
56
url VCID-yt36-qqxp-qud5
vulnerability_id VCID-yt36-qqxp-qud5
summary path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22815.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22815.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22815
reference_id
reference_type
scores
0
value 0.00095
scoring_system epss
scoring_elements 0.26343
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22815
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-pw3c-h7wp-cvhx
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-pw3c-h7wp-cvhx
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-8.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-8.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
10
reference_url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1187
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1187
11
reference_url https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c
12
reference_url https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c
13
reference_url https://github.com/python-pillow/Pillow/pull/5920
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5920
14
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
15
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
16
reference_url https://www.debian.org/security/2022/dsa-5053
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5053
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2042511
reference_id 2042511
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2042511
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22815
reference_id CVE-2022-22815
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22815
19
reference_url https://access.redhat.com/errata/RHSA-2022:0643
reference_id RHSA-2022:0643
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0643
20
reference_url https://usn.ubuntu.com/5227-1/
reference_id USN-5227-1
reference_type
scores
url https://usn.ubuntu.com/5227-1/
21
reference_url https://usn.ubuntu.com/5227-2/
reference_id USN-5227-2
reference_type
scores
url https://usn.ubuntu.com/5227-2/
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25gs-7e4x-9yga
1
vulnerability VCID-38rp-4m7c-4ue2
2
vulnerability VCID-73b3-qaq6-jbhp
3
vulnerability VCID-9x88-j4j1-kfe8
4
vulnerability VCID-cetn-48cj-6ba8
5
vulnerability VCID-dayw-85a5-qba2
6
vulnerability VCID-gprf-a2wh-2kev
7
vulnerability VCID-jfuf-62k6-tyem
8
vulnerability VCID-jypy-efwx-ybc8
9
vulnerability VCID-vh6h-7ru5-cqdt
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
aliases BIT-pillow-2022-22815, CVE-2022-22815, GHSA-pw3c-h7wp-cvhx, PYSEC-2022-8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yt36-qqxp-qud5
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pillow@1.7.6