Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/pillow@11.3.0

Type pypi

Namespace

Name pillow

Version 11.3.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 12.2.0

Latest_non_vulnerable_version 12.2.0

Affected_by_vulnerabilities

url VCID-9x88-j4j1-kfe8

vulnerability_id VCID-9x88-j4j1-kfe8

summary Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42308.json

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42308.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-42308

reference_id

reference_type

scores

value	0.00015
scoring_system	epss
scoring_elements	0.03149
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-42308

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/python-pillow/Pillow

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow

reference_url

https://github.com/python-pillow/Pillow/releases/tag/12.2.0

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T15:02:54Z/

url

https://github.com/python-pillow/Pillow/releases/tag/12.2.0

reference_url

https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T15:02:54Z/

url

https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-42308

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-42308

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2468457
reference_id	2468457
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2468457

reference_url

https://github.com/advisories/GHSA-wjx4-4jcj-g98j

reference_id

GHSA-wjx4-4jcj-g98j

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wjx4-4jcj-g98j

fixed_packages

url	pkg:pypi/pillow@12.2.0
purl	pkg:pypi/pillow@12.2.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@12.2.0

aliases BIT-pillow-2026-42308, CVE-2026-42308, GHSA-wjx4-4jcj-g98j, PYSEC-2026-165

risk_score 2.8

exploitability 0.5

weighted_severity 5.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9x88-j4j1-kfe8

Fixing_vulnerabilities

url VCID-mf13-ce4h-vkhj

vulnerability_id VCID-mf13-ce4h-vkhj

summary arbitrary code execution

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48379.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48379.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-48379

reference_id

reference_type

scores

value	0.00103
scoring_system	epss
scoring_elements	0.27879
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-48379

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2025-61.yaml

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2025-61.yaml

reference_url

https://github.com/python-pillow/Pillow

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/python-pillow/Pillow

reference_url

https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-01T19:42:09Z/

url

https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4

reference_url

https://github.com/python-pillow/Pillow/pull/9041

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-01T19:42:09Z/

url

https://github.com/python-pillow/Pillow/pull/9041

reference_url

https://github.com/python-pillow/Pillow/releases/tag/11.3.0

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-01T19:42:09Z/

url

https://github.com/python-pillow/Pillow/releases/tag/11.3.0

reference_url

https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-01T19:42:09Z/

url

https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-48379

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-48379

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2375795
reference_id	2375795
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2375795

reference_url

https://security.archlinux.org/AVG-2906

reference_id

AVG-2906

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2906

reference_url	https://github.com/advisories/GHSA-xg8h-j46f-w952
reference_id	GHSA-xg8h-j46f-w952
reference_type
scores
url	https://github.com/advisories/GHSA-xg8h-j46f-w952

reference_url	https://access.redhat.com/errata/RHSA-2025:15832
reference_id	RHSA-2025:15832
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15832

reference_url	https://access.redhat.com/errata/RHSA-2025:15836
reference_id	RHSA-2025:15836
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15836

reference_url	https://access.redhat.com/errata/RHSA-2025:15837
reference_id	RHSA-2025:15837
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15837

reference_url	https://access.redhat.com/errata/RHSA-2025:15838
reference_id	RHSA-2025:15838
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15838

reference_url	https://access.redhat.com/errata/RHSA-2025:15839
reference_id	RHSA-2025:15839
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15839

reference_url	https://access.redhat.com/errata/RHSA-2025:15840
reference_id	RHSA-2025:15840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15840

reference_url	https://access.redhat.com/errata/RHSA-2025:15841
reference_id	RHSA-2025:15841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15841

reference_url	https://access.redhat.com/errata/RHSA-2025:15842
reference_id	RHSA-2025:15842
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15842

reference_url	https://access.redhat.com/errata/RHSA-2025:15843
reference_id	RHSA-2025:15843
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15843

reference_url	https://access.redhat.com/errata/RHSA-2025:15867
reference_id	RHSA-2025:15867
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15867

fixed_packages

url pkg:pypi/pillow@11.3.0

purl pkg:pypi/pillow@11.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9x88-j4j1-kfe8

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@11.3.0

aliases BIT-pillow-2025-48379, CVE-2025-48379, GHSA-xg8h-j46f-w952, PYSEC-2025-61

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mf13-ce4h-vkhj

Risk_score 2.8

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@11.3.0

Package Instance