Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/pillow@0?distro=trixie

Type deb

Namespace debian

Name pillow

Version 0

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.4.0-1

Latest_non_vulnerable_version 12.1.1-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-4n96-uzyf-tud6

vulnerability_id VCID-4n96-uzyf-tud6

summary Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-45199

reference_id

reference_type

scores

value	0.00122
scoring_system	epss
scoring_elements	0.31532
published_at	2026-04-04T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31343
published_at	2026-04-21T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31372
published_at	2026-04-18T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31391
published_at	2026-04-16T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31358
published_at	2026-04-13T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31394
published_at	2026-04-12T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31437
published_at	2026-04-11T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31434
published_at	2026-04-09T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31403
published_at	2026-04-08T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.3135
published_at	2026-04-07T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32591
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-45199

reference_url

https://bugs.gentoo.org/878769

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.gentoo.org/878769

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-42980.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-42980.yaml

reference_url

https://github.com/python-pillow/Pillow

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow

reference_url

https://github.com/python-pillow/Pillow/commit/2444cddab2f83f28687c7c20871574acbb6dbcf3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/commit/2444cddab2f83f28687c7c20871574acbb6dbcf3

reference_url

https://github.com/python-pillow/Pillow/pull/6700

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/pull/6700

reference_url

https://github.com/python-pillow/Pillow/releases/tag/9.3.0

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/releases/tag/9.3.0

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-45199

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-45199

reference_url

https://security.gentoo.org/glsa/202211-10

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202211-10

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024512
reference_id	1024512
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024512

reference_url

https://github.com/advisories/GHSA-q4mp-jvh2-76fj

reference_id

GHSA-q4mp-jvh2-76fj

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q4mp-jvh2-76fj

fixed_packages

url	pkg:deb/debian/pillow@0?distro=trixie
purl	pkg:deb/debian/pillow@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@0%3Fdistro=trixie

url	pkg:deb/debian/pillow@8.1.2%2Bdfsg-0.3%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/pillow@8.1.2%2Bdfsg-0.3%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@8.1.2%252Bdfsg-0.3%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/pillow@9.3.0-1?distro=trixie
purl	pkg:deb/debian/pillow@9.3.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@9.3.0-1%3Fdistro=trixie

url	pkg:deb/debian/pillow@9.4.0-1.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/pillow@9.4.0-1.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@9.4.0-1.1%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/pillow@11.1.0-5%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/pillow@11.1.0-5%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ca8h-871t-t3dd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@11.1.0-5%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/pillow@12.1.1-2?distro=trixie

purl pkg:deb/debian/pillow@12.1.1-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ca8h-871t-t3dd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@12.1.1-2%3Fdistro=trixie

aliases BIT-pillow-2022-45199, CVE-2022-45199, GHSA-q4mp-jvh2-76fj, PYSEC-2022-42980

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4n96-uzyf-tud6

url VCID-67yw-ej31-8ub1

vulnerability_id VCID-67yw-ej31-8ub1

summary

Pillow affected by out-of-bounds write when loading PSD images
### Impact
An out-of-bounds write may be triggered when loading a specially crafted PSD image. Pillow >= 10.3.0 users are affected.

### Patches
Pillow 12.1.1 will be released shortly with a fix for this.

### Workarounds
`Image.open()` has a `formats` parameter that can be used to prevent PSD images from being opened.

### References
Pillow 12.1.1 will add release notes at https://pillow.readthedocs.io/en/stable/releasenotes/index.html

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25990.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25990.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25990

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.04702
published_at	2026-04-18T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04694
published_at	2026-04-16T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04744
published_at	2026-04-12T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04764
published_at	2026-04-11T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04773
published_at	2026-04-09T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.0476
published_at	2026-04-08T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04727
published_at	2026-04-13T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04711
published_at	2026-04-04T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04699
published_at	2026-04-02T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05161
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25990

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/python-pillow/Pillow

reference_id

reference_type

scores

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow

reference_url

https://github.com/python-pillow/Pillow/commit/54ba4db542ad3c7b918812a4e2d69c27735a3199

reference_id

reference_type

scores

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/commit/54ba4db542ad3c7b918812a4e2d69c27735a3199

reference_url

https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa

reference_id

reference_type

scores

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-11T21:21:01Z/

url

https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa

reference_url

https://github.com/python-pillow/Pillow/pull/9427

reference_id

reference_type

scores

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/pull/9427

reference_url

https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc

reference_id

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-11T21:21:01Z/

url

https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-25990

reference_id

reference_type

scores

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-25990

reference_url

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html

reference_id

reference_type

scores

value	8.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127925
reference_id	1127925
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127925

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2439170
reference_id	2439170
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2439170

reference_url

https://github.com/advisories/GHSA-cfh3-3jmp-rvhc

reference_id

GHSA-cfh3-3jmp-rvhc

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cfh3-3jmp-rvhc

reference_url	https://access.redhat.com/errata/RHSA-2026:10184
reference_id	RHSA-2026:10184
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:10184

reference_url	https://access.redhat.com/errata/RHSA-2026:3461
reference_id	RHSA-2026:3461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3461

reference_url	https://access.redhat.com/errata/RHSA-2026:3462
reference_id	RHSA-2026:3462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3462

reference_url	https://access.redhat.com/errata/RHSA-2026:4128
reference_id	RHSA-2026:4128
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4128

reference_url	https://access.redhat.com/errata/RHSA-2026:4942
reference_id	RHSA-2026:4942
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4942

reference_url	https://access.redhat.com/errata/RHSA-2026:5168
reference_id	RHSA-2026:5168
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5168

reference_url	https://access.redhat.com/errata/RHSA-2026:5665
reference_id	RHSA-2026:5665
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5665

reference_url	https://access.redhat.com/errata/RHSA-2026:6277
reference_id	RHSA-2026:6277
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6277

reference_url	https://access.redhat.com/errata/RHSA-2026:6278
reference_id	RHSA-2026:6278
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6278

reference_url	https://access.redhat.com/errata/RHSA-2026:6308
reference_id	RHSA-2026:6308
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6308

reference_url	https://access.redhat.com/errata/RHSA-2026:6309
reference_id	RHSA-2026:6309
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6309

reference_url	https://access.redhat.com/errata/RHSA-2026:6404
reference_id	RHSA-2026:6404
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6404

reference_url	https://access.redhat.com/errata/RHSA-2026:6497
reference_id	RHSA-2026:6497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6497

reference_url	https://access.redhat.com/errata/RHSA-2026:6567
reference_id	RHSA-2026:6567
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6567

reference_url	https://access.redhat.com/errata/RHSA-2026:6568
reference_id	RHSA-2026:6568
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6568

reference_url	https://usn.ubuntu.com/8047-1/
reference_id	USN-8047-1
reference_type
scores
url	https://usn.ubuntu.com/8047-1/

fixed_packages

url	pkg:deb/debian/pillow@0?distro=trixie
purl	pkg:deb/debian/pillow@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@0%3Fdistro=trixie

url	pkg:deb/debian/pillow@8.1.2%2Bdfsg-0.3%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/pillow@8.1.2%2Bdfsg-0.3%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@8.1.2%252Bdfsg-0.3%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/pillow@9.4.0-1.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/pillow@9.4.0-1.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@9.4.0-1.1%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/pillow@11.1.0-5%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/pillow@11.1.0-5%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ca8h-871t-t3dd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@11.1.0-5%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pillow@12.1.1-1?distro=trixie
purl	pkg:deb/debian/pillow@12.1.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@12.1.1-1%3Fdistro=trixie

url pkg:deb/debian/pillow@12.1.1-2?distro=trixie

purl pkg:deb/debian/pillow@12.1.1-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ca8h-871t-t3dd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@12.1.1-2%3Fdistro=trixie

aliases CVE-2026-25990, GHSA-cfh3-3jmp-rvhc

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-67yw-ej31-8ub1

url VCID-ca8h-871t-t3dd

vulnerability_id VCID-ca8h-871t-t3dd

summary FITS GZIP decompression bomb in Pillow

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40192.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40192.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-40192

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.04594
published_at	2026-04-21T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12749
published_at	2026-04-16T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12754
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-40192

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/python-pillow/Pillow

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow

reference_url

https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:37:11Z/

url

https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628

reference_url

https://github.com/python-pillow/Pillow/pull/9521

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:37:11Z/

url

https://github.com/python-pillow/Pillow/pull/9521

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-40192

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-40192

reference_url

https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:37:11Z/

url

https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134198
reference_id	1134198
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134198

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2458856
reference_id	2458856
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2458856

reference_url

https://github.com/advisories/GHSA-whj4-6x5x-4v2j

reference_id

GHSA-whj4-6x5x-4v2j

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-whj4-6x5x-4v2j

reference_url

https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j

reference_id

GHSA-whj4-6x5x-4v2j

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:37:11Z/

url

https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j

fixed_packages

url	pkg:deb/debian/pillow@0?distro=trixie
purl	pkg:deb/debian/pillow@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@0%3Fdistro=trixie

url	pkg:deb/debian/pillow@8.1.2%2Bdfsg-0.3%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/pillow@8.1.2%2Bdfsg-0.3%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@8.1.2%252Bdfsg-0.3%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/pillow@9.4.0-1.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/pillow@9.4.0-1.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@9.4.0-1.1%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/pillow@11.1.0-5%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/pillow@11.1.0-5%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ca8h-871t-t3dd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@11.1.0-5%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pillow@11.1.0-5%2Bdeb13u2?distro=trixie
purl	pkg:deb/debian/pillow@11.1.0-5%2Bdeb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@11.1.0-5%252Bdeb13u2%3Fdistro=trixie

aliases CVE-2026-40192, GHSA-whj4-6x5x-4v2j

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ca8h-871t-t3dd

url VCID-gwy8-wkwf-77c3

vulnerability_id VCID-gwy8-wkwf-77c3

summary libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30595.json

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30595.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-30595

reference_id

reference_type

scores

value	0.0048
scoring_system	epss
scoring_elements	0.65041
published_at	2026-04-02T12:55:00Z

value	0.0048
scoring_system	epss
scoring_elements	0.65068
published_at	2026-04-04T12:55:00Z

value	0.0048
scoring_system	epss
scoring_elements	0.65029
published_at	2026-04-07T12:55:00Z

value	0.0048
scoring_system	epss
scoring_elements	0.65102
published_at	2026-04-21T12:55:00Z

value	0.0048
scoring_system	epss
scoring_elements	0.65119
published_at	2026-04-18T12:55:00Z

value	0.0048
scoring_system	epss
scoring_elements	0.65109
published_at	2026-04-16T12:55:00Z

value	0.0048
scoring_system	epss
scoring_elements	0.65073
published_at	2026-04-13T12:55:00Z

value	0.0048
scoring_system	epss
scoring_elements	0.65101
published_at	2026-04-12T12:55:00Z

value	0.0048
scoring_system	epss
scoring_elements	0.65111
published_at	2026-04-11T12:55:00Z

value	0.0048
scoring_system	epss
scoring_elements	0.65093
published_at	2026-04-09T12:55:00Z

value	0.0048
scoring_system	epss
scoring_elements	0.65079
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-30595

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-43145.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-43145.yaml

reference_url

https://github.com/python-pillow/Pillow

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow

reference_url

https://github.com/python-pillow/Pillow/blob/main/src/libImaging/TgaRleDecode.c

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/blob/main/src/libImaging/TgaRleDecode.c

reference_url

https://github.com/python-pillow/Pillow/commit/c846cc881ebe34e3518412c2e3636433d9947280

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/commit/c846cc881ebe34e3518412c2e3636433d9947280

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-30595

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-30595

reference_url

https://pillow.readthedocs.io/en/stable/releasenotes/9.1.1.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pillow.readthedocs.io/en/stable/releasenotes/9.1.1.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2087609
reference_id	2087609
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2087609

reference_url

https://github.com/advisories/GHSA-hr8g-f6r6-mr22

reference_id

GHSA-hr8g-f6r6-mr22

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hr8g-f6r6-mr22

fixed_packages

url	pkg:deb/debian/pillow@0?distro=trixie
purl	pkg:deb/debian/pillow@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@0%3Fdistro=trixie

url	pkg:deb/debian/pillow@8.1.2%2Bdfsg-0.3%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/pillow@8.1.2%2Bdfsg-0.3%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@8.1.2%252Bdfsg-0.3%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/pillow@9.1.1-1?distro=trixie
purl	pkg:deb/debian/pillow@9.1.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@9.1.1-1%3Fdistro=trixie

url	pkg:deb/debian/pillow@9.4.0-1.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/pillow@9.4.0-1.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@9.4.0-1.1%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/pillow@11.1.0-5%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/pillow@11.1.0-5%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ca8h-871t-t3dd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@11.1.0-5%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/pillow@12.1.1-2?distro=trixie

purl pkg:deb/debian/pillow@12.1.1-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ca8h-871t-t3dd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@12.1.1-2%3Fdistro=trixie

aliases BIT-pillow-2022-30595, CVE-2022-30595, GHSA-hr8g-f6r6-mr22, PYSEC-2022-43145

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gwy8-wkwf-77c3

url VCID-nwmf-sbj1-buak

vulnerability_id VCID-nwmf-sbj1-buak

summary Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48379.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48379.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-48379

reference_id

reference_type

scores

value	0.00038
scoring_system	epss
scoring_elements	0.11506
published_at	2026-04-21T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11565
published_at	2026-04-02T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.1162
published_at	2026-04-04T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11411
published_at	2026-04-07T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11496
published_at	2026-04-08T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11554
published_at	2026-04-09T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11564
published_at	2026-04-11T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.1153
published_at	2026-04-12T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11504
published_at	2026-04-13T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11362
published_at	2026-04-16T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11385
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-48379

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2025-61.yaml

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2025-61.yaml

reference_url

https://github.com/python-pillow/Pillow

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow

reference_url

https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-01T19:42:09Z/

url

https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4

reference_url

https://github.com/python-pillow/Pillow/pull/9041

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-01T19:42:09Z/

url

https://github.com/python-pillow/Pillow/pull/9041

reference_url

https://github.com/python-pillow/Pillow/releases/tag/11.3.0

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-01T19:42:09Z/

url

https://github.com/python-pillow/Pillow/releases/tag/11.3.0

reference_url

https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-01T19:42:09Z/

url

https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-48379

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-48379

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2375795
reference_id	2375795
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2375795

reference_url

https://security.archlinux.org/AVG-2906

reference_id

AVG-2906

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2906

reference_url

https://github.com/advisories/GHSA-xg8h-j46f-w952

reference_id

GHSA-xg8h-j46f-w952

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xg8h-j46f-w952

reference_url	https://access.redhat.com/errata/RHSA-2025:15832
reference_id	RHSA-2025:15832
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15832

reference_url	https://access.redhat.com/errata/RHSA-2025:15836
reference_id	RHSA-2025:15836
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15836

reference_url	https://access.redhat.com/errata/RHSA-2025:15837
reference_id	RHSA-2025:15837
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15837

reference_url	https://access.redhat.com/errata/RHSA-2025:15838
reference_id	RHSA-2025:15838
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15838

reference_url	https://access.redhat.com/errata/RHSA-2025:15839
reference_id	RHSA-2025:15839
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15839

reference_url	https://access.redhat.com/errata/RHSA-2025:15840
reference_id	RHSA-2025:15840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15840

reference_url	https://access.redhat.com/errata/RHSA-2025:15841
reference_id	RHSA-2025:15841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15841

reference_url	https://access.redhat.com/errata/RHSA-2025:15842
reference_id	RHSA-2025:15842
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15842

reference_url	https://access.redhat.com/errata/RHSA-2025:15843
reference_id	RHSA-2025:15843
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15843

reference_url	https://access.redhat.com/errata/RHSA-2025:15867
reference_id	RHSA-2025:15867
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15867

fixed_packages

url	pkg:deb/debian/pillow@0?distro=trixie
purl	pkg:deb/debian/pillow@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@0%3Fdistro=trixie

url	pkg:deb/debian/pillow@8.1.2%2Bdfsg-0.3%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/pillow@8.1.2%2Bdfsg-0.3%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@8.1.2%252Bdfsg-0.3%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/pillow@9.4.0-1.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/pillow@9.4.0-1.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@9.4.0-1.1%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/pillow@11.1.0-5%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/pillow@11.1.0-5%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ca8h-871t-t3dd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@11.1.0-5%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/pillow@12.1.1-2?distro=trixie

purl pkg:deb/debian/pillow@12.1.1-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ca8h-871t-t3dd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@12.1.1-2%3Fdistro=trixie

aliases BIT-pillow-2025-48379, CVE-2025-48379, GHSA-xg8h-j46f-w952, PYSEC-2025-61

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nwmf-sbj1-buak

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@0%3Fdistro=trixie

Package Instance