Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/python-pillow@5.1.1-11?arch=el8_1

Type rpm

Namespace redhat

Name python-pillow

Version 5.1.1-11

Qualifiers

arch	el8_1

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-b5a2-83ej-puaw

vulnerability_id

VCID-b5a2-83ej-puaw

summary

In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11538.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11538.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-11538

reference_id

reference_type

scores

value	0.00267
scoring_system	epss
scoring_elements	0.50043
published_at	2026-05-05T12:55:00Z

value	0.00267
scoring_system	epss
scoring_elements	0.50124
published_at	2026-04-29T12:55:00Z

value	0.00267
scoring_system	epss
scoring_elements	0.50171
published_at	2026-04-26T12:55:00Z

value	0.00267
scoring_system	epss
scoring_elements	0.50164
published_at	2026-04-24T12:55:00Z

value	0.00267
scoring_system	epss
scoring_elements	0.50181
published_at	2026-04-21T12:55:00Z

value	0.00267
scoring_system	epss
scoring_elements	0.50206
published_at	2026-04-18T12:55:00Z

value	0.00267
scoring_system	epss
scoring_elements	0.50205
published_at	2026-04-16T12:55:00Z

value	0.00267
scoring_system	epss
scoring_elements	0.5016
published_at	2026-04-13T12:55:00Z

value	0.00267
scoring_system	epss
scoring_elements	0.50161
published_at	2026-04-12T12:55:00Z

value	0.00267
scoring_system	epss
scoring_elements	0.50187
published_at	2026-04-11T12:55:00Z

value	0.00267
scoring_system	epss
scoring_elements	0.5017
published_at	2026-04-09T12:55:00Z

value	0.00267
scoring_system	epss
scoring_elements	0.50123
published_at	2026-04-07T12:55:00Z

value	0.00267
scoring_system	epss
scoring_elements	0.50177
published_at	2026-04-08T12:55:00Z

value	0.00267
scoring_system	epss
scoring_elements	0.50173
published_at	2026-04-04T12:55:00Z

value	0.00267
scoring_system	epss
scoring_elements	0.50145
published_at	2026-04-02T12:55:00Z

value	0.00267
scoring_system	epss
scoring_elements	0.50111
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-11538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11538

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-43fq-w8qq-v88h

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-43fq-w8qq-v88h

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-80.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-80.yaml

reference_url

https://github.com/python-pillow/Pillow

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow

reference_url

https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security

reference_url

https://github.com/python-pillow/Pillow/commit/2ef59fdbaeb756bc512ab3f2ad15ac45665b303d

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/commit/2ef59fdbaeb756bc512ab3f2ad15ac45665b303d

reference_url

https://github.com/python-pillow/Pillow/pull/4504

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/pull/4504

reference_url

https://github.com/python-pillow/Pillow/pull/4538

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow/pull/4538

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-11538

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-11538

reference_url

https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html

reference_url

https://pillow.readthedocs.io/en/stable/releasenotes/index.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://pillow.readthedocs.io/en/stable/releasenotes/index.html

reference_url

https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574574

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574574

reference_url

https://usn.ubuntu.com/4430-1

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/4430-1

reference_url	https://usn.ubuntu.com/4430-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4430-1/

reference_url

https://usn.ubuntu.com/4430-2

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/4430-2

reference_url	https://usn.ubuntu.com/4430-2/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4430-2/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1852814
reference_id	1852814
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1852814

reference_url	https://access.redhat.com/errata/RHSA-2020:3185
reference_id	RHSA-2020:3185
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3185

reference_url	https://access.redhat.com/errata/RHSA-2020:3299
reference_id	RHSA-2020:3299
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3299

reference_url	https://access.redhat.com/errata/RHSA-2020:3302
reference_id	RHSA-2020:3302
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3302

reference_url	https://access.redhat.com/errata/RHSA-2021:0420
reference_id	RHSA-2021:0420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0420

fixed_packages

aliases

BIT-pillow-2020-11538, CVE-2020-11538, GHSA-43fq-w8qq-v88h, PYSEC-2020-80

risk_score

4.5

exploitability

0.5

weighted_severity

9.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-b5a2-83ej-puaw

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-pillow@5.1.1-11%3Farch=el8_1

Package Instance