VulnerableCode Package Details - pkg:rpm/redhat/python-pillow@5.1.1-14?arch=el8

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/python-pillow@5.1.1-14?arch=el8_2

purl	pkg:rpm/redhat/python-pillow@5.1.1-14?arch=el8_2

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.5

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-df4x-jt3h-17hx Aliases: BIT-pillow-2022-22816 CVE-2022-22816 GHSA-xrcv-f9gm-v42c PYSEC-2022-9	path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.	There are no reported fixed by versions.
VCID-q4bb-qnxe-8bfa Aliases: BIT-pillow-2022-22817 CVE-2022-22817 GHSA-8vj2-vxx3-667w PYSEC-2022-10	PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:00:37.273642+00:00	RedHat Importer	Affected by	VCID-q4bb-qnxe-8bfa	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22817.json	38.0.0
2026-04-01T14:00:37.152775+00:00	RedHat Importer	Affected by	VCID-df4x-jt3h-17hx	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22816.json	38.0.0