Package Instance

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/935369?format=api",
    "purl": "pkg:deb/debian/pillow@0?distro=trixie",
    "type": "deb",
    "namespace": "debian",
    "name": "pillow",
    "version": "0",
    "qualifiers": {
        "distro": "trixie"
    },
    "subpath": "",
    "is_vulnerable": false,
    "next_non_vulnerable_version": "2.4.0-1",
    "latest_non_vulnerable_version": "12.1.1-1",
    "affected_by_vulnerabilities": [],
    "fixing_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9758?format=api",
            "vulnerability_id": "VCID-4n96-uzyf-tud6",
            "summary": "Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45199",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00122",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31532",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00122",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31343",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.00122",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31372",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00122",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31391",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00122",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31358",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00122",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31394",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00122",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31437",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.00122",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31434",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00122",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31403",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00122",
                            "scoring_system": "epss",
                            "scoring_elements": "0.3135",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.0013",
                            "scoring_system": "epss",
                            "scoring_elements": "0.32591",
                            "published_at": "2026-04-02T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45199"
                },
                {
                    "reference_url": "https://bugs.gentoo.org/878769",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "8.7",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://bugs.gentoo.org/878769"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-42980.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "8.7",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-42980.yaml"
                },
                {
                    "reference_url": "https://github.com/python-pillow/Pillow",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "8.7",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/python-pillow/Pillow"
                },
                {
                    "reference_url": "https://github.com/python-pillow/Pillow/commit/2444cddab2f83f28687c7c20871574acbb6dbcf3",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "8.7",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/python-pillow/Pillow/commit/2444cddab2f83f28687c7c20871574acbb6dbcf3"
                },
                {
                    "reference_url": "https://github.com/python-pillow/Pillow/pull/6700",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "8.7",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/python-pillow/Pillow/pull/6700"
                },
                {
                    "reference_url": "https://github.com/python-pillow/Pillow/releases/tag/9.3.0",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "8.7",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/python-pillow/Pillow/releases/tag/9.3.0"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45199",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "8.7",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45199"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/202211-10",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "8.7",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.gentoo.org/glsa/202211-10"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024512",
                    "reference_id": "1024512",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024512"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-q4mp-jvh2-76fj",
                    "reference_id": "GHSA-q4mp-jvh2-76fj",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-q4mp-jvh2-76fj"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935369?format=api",
                    "purl": "pkg:deb/debian/pillow@0?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@0%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935347?format=api",
                    "purl": "pkg:deb/debian/pillow@8.1.2%2Bdfsg-0.3%2Bdeb11u2?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@8.1.2%252Bdfsg-0.3%252Bdeb11u2%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935371?format=api",
                    "purl": "pkg:deb/debian/pillow@9.3.0-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@9.3.0-1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935345?format=api",
                    "purl": "pkg:deb/debian/pillow@9.4.0-1.1%2Bdeb12u1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@9.4.0-1.1%252Bdeb12u1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935349?format=api",
                    "purl": "pkg:deb/debian/pillow@11.1.0-5%2Bdeb13u1?distro=trixie",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-ca8h-871t-t3dd"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@11.1.0-5%252Bdeb13u1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935348?format=api",
                    "purl": "pkg:deb/debian/pillow@12.1.1-2?distro=trixie",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-ca8h-871t-t3dd"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@12.1.1-2%3Fdistro=trixie"
                }
            ],
            "aliases": [
                "BIT-pillow-2022-45199",
                "CVE-2022-45199",
                "GHSA-q4mp-jvh2-76fj",
                "PYSEC-2022-42980"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4n96-uzyf-tud6"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21433?format=api",
            "vulnerability_id": "VCID-67yw-ej31-8ub1",
            "summary": "Pillow affected by out-of-bounds write when loading PSD images\n### Impact\nAn out-of-bounds write may be triggered when loading a specially crafted PSD image. Pillow >= 10.3.0 users are affected.\n\n### Patches\nPillow 12.1.1 will be released shortly with a fix for this.\n\n### Workarounds\n`Image.open()` has a `formats` parameter that can be used to prevent PSD images from being opened.\n\n### References\nPillow 12.1.1 will add release notes at https://pillow.readthedocs.io/en/stable/releasenotes/index.html",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25990.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.3",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25990.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25990",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00018",
                            "scoring_system": "epss",
                            "scoring_elements": "0.04702",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00018",
                            "scoring_system": "epss",
                            "scoring_elements": "0.04694",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00018",
                            "scoring_system": "epss",
                            "scoring_elements": "0.04744",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00018",
                            "scoring_system": "epss",
                            "scoring_elements": "0.04764",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.00018",
                            "scoring_system": "epss",
                            "scoring_elements": "0.04773",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00018",
                            "scoring_system": "epss",
                            "scoring_elements": "0.0476",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00018",
                            "scoring_system": "epss",
                            "scoring_elements": "0.04727",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00018",
                            "scoring_system": "epss",
                            "scoring_elements": "0.04711",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00018",
                            "scoring_system": "epss",
                            "scoring_elements": "0.04699",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.00019",
                            "scoring_system": "epss",
                            "scoring_elements": "0.05161",
                            "published_at": "2026-04-21T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25990"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://github.com/python-pillow/Pillow",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.9",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/python-pillow/Pillow"
                },
                {
                    "reference_url": "https://github.com/python-pillow/Pillow/commit/54ba4db542ad3c7b918812a4e2d69c27735a3199",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.9",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/python-pillow/Pillow/commit/54ba4db542ad3c7b918812a4e2d69c27735a3199"
                },
                {
                    "reference_url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.9",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-11T21:21:01Z/"
                        }
                    ],
                    "url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
                },
                {
                    "reference_url": "https://github.com/python-pillow/Pillow/pull/9427",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.9",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/python-pillow/Pillow/pull/9427"
                },
                {
                    "reference_url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "8.9",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-11T21:21:01Z/"
                        }
                    ],
                    "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.9",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990"
                },
                {
                    "reference_url": "https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.9",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127925",
                    "reference_id": "1127925",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127925"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439170",
                    "reference_id": "2439170",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439170"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-cfh3-3jmp-rvhc",
                    "reference_id": "GHSA-cfh3-3jmp-rvhc",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-cfh3-3jmp-rvhc"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:10184",
                    "reference_id": "RHSA-2026:10184",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:10184"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:3461",
                    "reference_id": "RHSA-2026:3461",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:3461"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:3462",
                    "reference_id": "RHSA-2026:3462",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:3462"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:4128",
                    "reference_id": "RHSA-2026:4128",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:4128"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:4942",
                    "reference_id": "RHSA-2026:4942",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:4942"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:5168",
                    "reference_id": "RHSA-2026:5168",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:5168"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:5665",
                    "reference_id": "RHSA-2026:5665",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:5665"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:6277",
                    "reference_id": "RHSA-2026:6277",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:6277"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:6278",
                    "reference_id": "RHSA-2026:6278",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:6278"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:6308",
                    "reference_id": "RHSA-2026:6308",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:6308"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:6309",
                    "reference_id": "RHSA-2026:6309",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:6309"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:6404",
                    "reference_id": "RHSA-2026:6404",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:6404"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:6497",
                    "reference_id": "RHSA-2026:6497",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:6497"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:6567",
                    "reference_id": "RHSA-2026:6567",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:6567"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2026:6568",
                    "reference_id": "RHSA-2026:6568",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2026:6568"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/8047-1/",
                    "reference_id": "USN-8047-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/8047-1/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935369?format=api",
                    "purl": "pkg:deb/debian/pillow@0?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@0%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935347?format=api",
                    "purl": "pkg:deb/debian/pillow@8.1.2%2Bdfsg-0.3%2Bdeb11u2?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@8.1.2%252Bdfsg-0.3%252Bdeb11u2%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935345?format=api",
                    "purl": "pkg:deb/debian/pillow@9.4.0-1.1%2Bdeb12u1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@9.4.0-1.1%252Bdeb12u1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935349?format=api",
                    "purl": "pkg:deb/debian/pillow@11.1.0-5%2Bdeb13u1?distro=trixie",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-ca8h-871t-t3dd"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@11.1.0-5%252Bdeb13u1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935375?format=api",
                    "purl": "pkg:deb/debian/pillow@12.1.1-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@12.1.1-1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935348?format=api",
                    "purl": "pkg:deb/debian/pillow@12.1.1-2?distro=trixie",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-ca8h-871t-t3dd"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@12.1.1-2%3Fdistro=trixie"
                }
            ],
            "aliases": [
                "CVE-2026-25990",
                "GHSA-cfh3-3jmp-rvhc"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-67yw-ej31-8ub1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/351763?format=api",
            "vulnerability_id": "VCID-ca8h-871t-t3dd",
            "summary": "FITS GZIP decompression bomb in Pillow",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40192.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40192.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40192",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00018",
                            "scoring_system": "epss",
                            "scoring_elements": "0.04594",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.00042",
                            "scoring_system": "epss",
                            "scoring_elements": "0.12749",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00042",
                            "scoring_system": "epss",
                            "scoring_elements": "0.12754",
                            "published_at": "2026-04-18T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40192"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://github.com/python-pillow/Pillow",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.7",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/python-pillow/Pillow"
                },
                {
                    "reference_url": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.7",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:37:11Z/"
                        }
                    ],
                    "url": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628"
                },
                {
                    "reference_url": "https://github.com/python-pillow/Pillow/pull/9521",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.7",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:37:11Z/"
                        }
                    ],
                    "url": "https://github.com/python-pillow/Pillow/pull/9521"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40192",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.7",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40192"
                },
                {
                    "reference_url": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.7",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:37:11Z/"
                        }
                    ],
                    "url": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134198",
                    "reference_id": "1134198",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134198"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458856",
                    "reference_id": "2458856",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458856"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-whj4-6x5x-4v2j",
                    "reference_id": "GHSA-whj4-6x5x-4v2j",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-whj4-6x5x-4v2j"
                },
                {
                    "reference_url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j",
                    "reference_id": "GHSA-whj4-6x5x-4v2j",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "8.7",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:37:11Z/"
                        }
                    ],
                    "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935369?format=api",
                    "purl": "pkg:deb/debian/pillow@0?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@0%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935347?format=api",
                    "purl": "pkg:deb/debian/pillow@8.1.2%2Bdfsg-0.3%2Bdeb11u2?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@8.1.2%252Bdfsg-0.3%252Bdeb11u2%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935345?format=api",
                    "purl": "pkg:deb/debian/pillow@9.4.0-1.1%2Bdeb12u1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@9.4.0-1.1%252Bdeb12u1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935349?format=api",
                    "purl": "pkg:deb/debian/pillow@11.1.0-5%2Bdeb13u1?distro=trixie",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-ca8h-871t-t3dd"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@11.1.0-5%252Bdeb13u1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/1072654?format=api",
                    "purl": "pkg:deb/debian/pillow@11.1.0-5%2Bdeb13u2?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@11.1.0-5%252Bdeb13u2%3Fdistro=trixie"
                }
            ],
            "aliases": [
                "CVE-2026-40192",
                "GHSA-whj4-6x5x-4v2j"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ca8h-871t-t3dd"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8882?format=api",
            "vulnerability_id": "VCID-gwy8-wkwf-77c3",
            "summary": "libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30595.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.2",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30595.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30595",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.0048",
                            "scoring_system": "epss",
                            "scoring_elements": "0.65041",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.0048",
                            "scoring_system": "epss",
                            "scoring_elements": "0.65068",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.0048",
                            "scoring_system": "epss",
                            "scoring_elements": "0.65029",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.0048",
                            "scoring_system": "epss",
                            "scoring_elements": "0.65102",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.0048",
                            "scoring_system": "epss",
                            "scoring_elements": "0.65119",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.0048",
                            "scoring_system": "epss",
                            "scoring_elements": "0.65109",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.0048",
                            "scoring_system": "epss",
                            "scoring_elements": "0.65073",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.0048",
                            "scoring_system": "epss",
                            "scoring_elements": "0.65101",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.0048",
                            "scoring_system": "epss",
                            "scoring_elements": "0.65111",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.0048",
                            "scoring_system": "epss",
                            "scoring_elements": "0.65093",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.0048",
                            "scoring_system": "epss",
                            "scoring_elements": "0.65079",
                            "published_at": "2026-04-08T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30595"
                },
                {
                    "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-43145.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "8.7",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-43145.yaml"
                },
                {
                    "reference_url": "https://github.com/python-pillow/Pillow",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "8.7",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/python-pillow/Pillow"
                },
                {
                    "reference_url": "https://github.com/python-pillow/Pillow/blob/main/src/libImaging/TgaRleDecode.c",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "8.7",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/python-pillow/Pillow/blob/main/src/libImaging/TgaRleDecode.c"
                },
                {
                    "reference_url": "https://github.com/python-pillow/Pillow/commit/c846cc881ebe34e3518412c2e3636433d9947280",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "8.7",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/python-pillow/Pillow/commit/c846cc881ebe34e3518412c2e3636433d9947280"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30595",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "8.7",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30595"
                },
                {
                    "reference_url": "https://pillow.readthedocs.io/en/stable/releasenotes/9.1.1.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "8.7",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://pillow.readthedocs.io/en/stable/releasenotes/9.1.1.html"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087609",
                    "reference_id": "2087609",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087609"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-hr8g-f6r6-mr22",
                    "reference_id": "GHSA-hr8g-f6r6-mr22",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-hr8g-f6r6-mr22"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935369?format=api",
                    "purl": "pkg:deb/debian/pillow@0?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@0%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935347?format=api",
                    "purl": "pkg:deb/debian/pillow@8.1.2%2Bdfsg-0.3%2Bdeb11u2?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@8.1.2%252Bdfsg-0.3%252Bdeb11u2%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935368?format=api",
                    "purl": "pkg:deb/debian/pillow@9.1.1-1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@9.1.1-1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935345?format=api",
                    "purl": "pkg:deb/debian/pillow@9.4.0-1.1%2Bdeb12u1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@9.4.0-1.1%252Bdeb12u1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935349?format=api",
                    "purl": "pkg:deb/debian/pillow@11.1.0-5%2Bdeb13u1?distro=trixie",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-ca8h-871t-t3dd"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@11.1.0-5%252Bdeb13u1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935348?format=api",
                    "purl": "pkg:deb/debian/pillow@12.1.1-2?distro=trixie",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-ca8h-871t-t3dd"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@12.1.1-2%3Fdistro=trixie"
                }
            ],
            "aliases": [
                "BIT-pillow-2022-30595",
                "CVE-2022-30595",
                "GHSA-hr8g-f6r6-mr22",
                "PYSEC-2022-43145"
            ],
            "risk_score": 4.4,
            "exploitability": "0.5",
            "weighted_severity": "8.8",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gwy8-wkwf-77c3"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15202?format=api",
            "vulnerability_id": "VCID-nwmf-sbj1-buak",
            "summary": "Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48379.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.1",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48379.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48379",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00038",
                            "scoring_system": "epss",
                            "scoring_elements": "0.11506",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.00038",
                            "scoring_system": "epss",
                            "scoring_elements": "0.11565",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.00038",
                            "scoring_system": "epss",
                            "scoring_elements": "0.1162",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00038",
                            "scoring_system": "epss",
                            "scoring_elements": "0.11411",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00038",
                            "scoring_system": "epss",
                            "scoring_elements": "0.11496",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00038",
                            "scoring_system": "epss",
                            "scoring_elements": "0.11554",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00038",
                            "scoring_system": "epss",
                            "scoring_elements": "0.11564",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.00038",
                            "scoring_system": "epss",
                            "scoring_elements": "0.1153",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00038",
                            "scoring_system": "epss",
                            "scoring_elements": "0.11504",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00038",
                            "scoring_system": "epss",
                            "scoring_elements": "0.11362",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00038",
                            "scoring_system": "epss",
                            "scoring_elements": "0.11385",
                            "published_at": "2026-04-18T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48379"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2025-61.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2025-61.yaml"
                },
                {
                    "reference_url": "https://github.com/python-pillow/Pillow",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/python-pillow/Pillow"
                },
                {
                    "reference_url": "https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-01T19:42:09Z/"
                        }
                    ],
                    "url": "https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4"
                },
                {
                    "reference_url": "https://github.com/python-pillow/Pillow/pull/9041",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-01T19:42:09Z/"
                        }
                    ],
                    "url": "https://github.com/python-pillow/Pillow/pull/9041"
                },
                {
                    "reference_url": "https://github.com/python-pillow/Pillow/releases/tag/11.3.0",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-01T19:42:09Z/"
                        }
                    ],
                    "url": "https://github.com/python-pillow/Pillow/releases/tag/11.3.0"
                },
                {
                    "reference_url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-01T19:42:09Z/"
                        }
                    ],
                    "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48379",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48379"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2375795",
                    "reference_id": "2375795",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2375795"
                },
                {
                    "reference_url": "https://security.archlinux.org/AVG-2906",
                    "reference_id": "AVG-2906",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "High",
                            "scoring_system": "archlinux",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.archlinux.org/AVG-2906"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-xg8h-j46f-w952",
                    "reference_id": "GHSA-xg8h-j46f-w952",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-xg8h-j46f-w952"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2025:15832",
                    "reference_id": "RHSA-2025:15832",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2025:15832"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2025:15836",
                    "reference_id": "RHSA-2025:15836",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2025:15836"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2025:15837",
                    "reference_id": "RHSA-2025:15837",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2025:15837"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2025:15838",
                    "reference_id": "RHSA-2025:15838",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2025:15838"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2025:15839",
                    "reference_id": "RHSA-2025:15839",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2025:15839"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2025:15840",
                    "reference_id": "RHSA-2025:15840",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2025:15840"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2025:15841",
                    "reference_id": "RHSA-2025:15841",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2025:15841"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2025:15842",
                    "reference_id": "RHSA-2025:15842",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2025:15842"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2025:15843",
                    "reference_id": "RHSA-2025:15843",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2025:15843"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2025:15867",
                    "reference_id": "RHSA-2025:15867",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2025:15867"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935369?format=api",
                    "purl": "pkg:deb/debian/pillow@0?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@0%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935347?format=api",
                    "purl": "pkg:deb/debian/pillow@8.1.2%2Bdfsg-0.3%2Bdeb11u2?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@8.1.2%252Bdfsg-0.3%252Bdeb11u2%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935345?format=api",
                    "purl": "pkg:deb/debian/pillow@9.4.0-1.1%2Bdeb12u1?distro=trixie",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@9.4.0-1.1%252Bdeb12u1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935349?format=api",
                    "purl": "pkg:deb/debian/pillow@11.1.0-5%2Bdeb13u1?distro=trixie",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-ca8h-871t-t3dd"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@11.1.0-5%252Bdeb13u1%3Fdistro=trixie"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/935348?format=api",
                    "purl": "pkg:deb/debian/pillow@12.1.1-2?distro=trixie",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-ca8h-871t-t3dd"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@12.1.1-2%3Fdistro=trixie"
                }
            ],
            "aliases": [
                "BIT-pillow-2025-48379",
                "CVE-2025-48379",
                "GHSA-xg8h-j46f-w952",
                "PYSEC-2025-61"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nwmf-sbj1-buak"
        }
    ],
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@0%3Fdistro=trixie"
}