Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/pillow@6.2.0-1?distro=trixie

Type deb

Namespace debian

Name pillow

Version 6.2.0-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 7.0.0-1

Latest_non_vulnerable_version 12.2.0-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-cas2-jb3y-vyhz

vulnerability_id VCID-cas2-jb3y-vyhz

summary An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.

references

reference_url

https://access.redhat.com/errata/RHSA-2020:0566

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0566

reference_url

https://access.redhat.com/errata/RHSA-2020:0578

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0578

reference_url

https://access.redhat.com/errata/RHSA-2020:0580

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0580

reference_url

https://access.redhat.com/errata/RHSA-2020:0681

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0681

reference_url

https://access.redhat.com/errata/RHSA-2020:0683

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0683

reference_url

https://access.redhat.com/errata/RHSA-2020:0694

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0694

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16865.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16865.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-16865

reference_id

reference_type

scores

value	0.03942
scoring_system	epss
scoring_elements	0.8829
published_at	2026-04-01T12:55:00Z

value	0.03942
scoring_system	epss
scoring_elements	0.88298
published_at	2026-04-02T12:55:00Z

value	0.03942
scoring_system	epss
scoring_elements	0.88313
published_at	2026-04-04T12:55:00Z

value	0.03942
scoring_system	epss
scoring_elements	0.88317
published_at	2026-04-07T12:55:00Z

value	0.03942
scoring_system	epss
scoring_elements	0.88336
published_at	2026-04-08T12:55:00Z

value	0.03942
scoring_system	epss
scoring_elements	0.88343
published_at	2026-04-09T12:55:00Z

value	0.03942
scoring_system	epss
scoring_elements	0.88353
published_at	2026-04-11T12:55:00Z

value	0.03942
scoring_system	epss
scoring_elements	0.88345
published_at	2026-04-13T12:55:00Z

value	0.03942
scoring_system	epss
scoring_elements	0.88358
published_at	2026-04-16T12:55:00Z

value	0.03942
scoring_system	epss
scoring_elements	0.88355
published_at	2026-04-18T12:55:00Z

value	0.03942
scoring_system	epss
scoring_elements	0.88354
published_at	2026-04-21T12:55:00Z

value	0.03942
scoring_system	epss
scoring_elements	0.88371
published_at	2026-04-24T12:55:00Z

value	0.03942
scoring_system	epss
scoring_elements	0.88375
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-16865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16865

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-j7mj-748x-7p78

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-j7mj-748x-7p78

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2019-110.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2019-110.yaml

reference_url

https://github.com/python-pillow/Pillow

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow

reference_url

https://github.com/python-pillow/Pillow/commit/ab52630d0644e42a75eb88b78b9a9d7438a6fbeb

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/commit/ab52630d0644e42a75eb88b78b9a9d7438a6fbeb

reference_url

https://github.com/python-pillow/Pillow/issues/4123

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/issues/4123

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-16865

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-16865

reference_url

https://pillow.readthedocs.io/en/latest/releasenotes/6.2.0.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pillow.readthedocs.io/en/latest/releasenotes/6.2.0.html

reference_url

https://ubuntu.com/security/notices/USN-4272-1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://ubuntu.com/security/notices/USN-4272-1

reference_url

https://usn.ubuntu.com/4272-1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/4272-1

reference_url	https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4272-1/

reference_url

https://www.debian.org/security/2020/dsa-4631

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2020/dsa-4631

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1774066
reference_id	1774066
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1774066

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow::::::::
reference_id	cpe:2.3:a:python:pillow::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*

fixed_packages

url	pkg:deb/debian/pillow@6.2.0-1?distro=trixie
purl	pkg:deb/debian/pillow@6.2.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@6.2.0-1%3Fdistro=trixie

url	pkg:deb/debian/pillow@8.1.2%2Bdfsg-0.3%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/pillow@8.1.2%2Bdfsg-0.3%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@8.1.2%252Bdfsg-0.3%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/pillow@9.4.0-1.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/pillow@9.4.0-1.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@9.4.0-1.1%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/pillow@11.1.0-5%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/pillow@11.1.0-5%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ca8h-871t-t3dd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@11.1.0-5%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/pillow@12.1.1-2?distro=trixie

purl pkg:deb/debian/pillow@12.1.1-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ca8h-871t-t3dd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@12.1.1-2%3Fdistro=trixie

url	pkg:deb/debian/pillow@12.2.0-1?distro=trixie
purl	pkg:deb/debian/pillow@12.2.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@12.2.0-1%3Fdistro=trixie

aliases CVE-2019-16865, GHSA-j7mj-748x-7p78, PYSEC-2019-110

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cas2-jb3y-vyhz

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@6.2.0-1%3Fdistro=trixie

Package Instance