| 0 |
| url |
VCID-3qb5-8p8w-gkad |
| vulnerability_id |
VCID-3qb5-8p8w-gkad |
| summary |
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27921 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61759 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61937 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61933 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61889 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61909 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61921 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.619 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61885 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61835 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61864 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61833 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62258 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62364 |
| published_at |
2026-05-14T12:55:00Z |
|
| 13 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.6231 |
| published_at |
2026-05-12T12:55:00Z |
|
| 14 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62283 |
| published_at |
2026-05-11T12:55:00Z |
|
| 15 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.6233 |
| published_at |
2026-05-09T12:55:00Z |
|
| 16 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62272 |
| published_at |
2026-05-07T12:55:00Z |
|
| 17 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62224 |
| published_at |
2026-05-05T12:55:00Z |
|
| 18 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62278 |
| published_at |
2026-04-29T12:55:00Z |
|
| 19 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62285 |
| published_at |
2026-04-26T12:55:00Z |
|
| 20 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62268 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27921 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
|
| aliases |
BIT-pillow-2021-27921, CVE-2021-27921, GHSA-f4w8-cv6p-x6r5, PYSEC-2021-40
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3qb5-8p8w-gkad |
|
| 1 |
| url |
VCID-3uk9-eds5-rkgc |
| vulnerability_id |
VCID-3uk9-eds5-rkgc |
| summary |
An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-28675 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.3008 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.301 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.30086 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.30135 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.30179 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.30176 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.3014 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.30081 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.30263 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.30214 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.30183 |
| published_at |
2026-04-01T12:55:00Z |
|
| 11 |
| value |
0.00144 |
| scoring_system |
epss |
| scoring_elements |
0.34311 |
| published_at |
2026-05-14T12:55:00Z |
|
| 12 |
| value |
0.00144 |
| scoring_system |
epss |
| scoring_elements |
0.34445 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00144 |
| scoring_system |
epss |
| scoring_elements |
0.34426 |
| published_at |
2026-04-26T12:55:00Z |
|
| 14 |
| value |
0.00144 |
| scoring_system |
epss |
| scoring_elements |
0.3434 |
| published_at |
2026-04-29T12:55:00Z |
|
| 15 |
| value |
0.00144 |
| scoring_system |
epss |
| scoring_elements |
0.34212 |
| published_at |
2026-05-05T12:55:00Z |
|
| 16 |
| value |
0.00144 |
| scoring_system |
epss |
| scoring_elements |
0.34283 |
| published_at |
2026-05-07T12:55:00Z |
|
| 17 |
| value |
0.00144 |
| scoring_system |
epss |
| scoring_elements |
0.34321 |
| published_at |
2026-05-09T12:55:00Z |
|
| 18 |
| value |
0.00144 |
| scoring_system |
epss |
| scoring_elements |
0.34215 |
| published_at |
2026-05-11T12:55:00Z |
|
| 19 |
| value |
0.00144 |
| scoring_system |
epss |
| scoring_elements |
0.34242 |
| published_at |
2026-05-12T12:55:00Z |
|
| 20 |
| value |
0.00148 |
| scoring_system |
epss |
| scoring_elements |
0.35257 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-28675 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
BIT-pillow-2021-28675, CVE-2021-28675, GHSA-g6rj-rv7j-xwp4, PYSEC-2021-139
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3uk9-eds5-rkgc |
|
| 2 |
| url |
VCID-53ac-ceq4-qkhf |
| vulnerability_id |
VCID-53ac-ceq4-qkhf |
| summary |
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27922 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00145 |
| scoring_system |
epss |
| scoring_elements |
0.34701 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00145 |
| scoring_system |
epss |
| scoring_elements |
0.34887 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00145 |
| scoring_system |
epss |
| scoring_elements |
0.34909 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00145 |
| scoring_system |
epss |
| scoring_elements |
0.34936 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00145 |
| scoring_system |
epss |
| scoring_elements |
0.34814 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00145 |
| scoring_system |
epss |
| scoring_elements |
0.34859 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00145 |
| scoring_system |
epss |
| scoring_elements |
0.34853 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.00145 |
| scoring_system |
epss |
| scoring_elements |
0.34869 |
| published_at |
2026-04-16T12:55:00Z |
|
| 8 |
| value |
0.00145 |
| scoring_system |
epss |
| scoring_elements |
0.3483 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00145 |
| scoring_system |
epss |
| scoring_elements |
0.34854 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00145 |
| scoring_system |
epss |
| scoring_elements |
0.34891 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54574 |
| published_at |
2026-04-26T12:55:00Z |
|
| 12 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.5456 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54591 |
| published_at |
2026-04-21T12:55:00Z |
|
| 14 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54648 |
| published_at |
2026-05-14T12:55:00Z |
|
| 15 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54583 |
| published_at |
2026-05-12T12:55:00Z |
|
| 16 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54557 |
| published_at |
2026-05-11T12:55:00Z |
|
| 17 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54597 |
| published_at |
2026-05-09T12:55:00Z |
|
| 18 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54544 |
| published_at |
2026-05-07T12:55:00Z |
|
| 19 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54502 |
| published_at |
2026-05-05T12:55:00Z |
|
| 20 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54553 |
| published_at |
2026-04-29T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27922 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
|
| aliases |
BIT-pillow-2021-27922, CVE-2021-27922, GHSA-3wvg-mj6g-m9cv, PYSEC-2021-41
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-53ac-ceq4-qkhf |
|
| 3 |
| url |
VCID-aubw-tsmn-ffcq |
| vulnerability_id |
VCID-aubw-tsmn-ffcq |
| summary |
An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-28677 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00263 |
| scoring_system |
epss |
| scoring_elements |
0.4974 |
| published_at |
2026-05-14T12:55:00Z |
|
| 1 |
| value |
0.00263 |
| scoring_system |
epss |
| scoring_elements |
0.49668 |
| published_at |
2026-05-12T12:55:00Z |
|
| 2 |
| value |
0.00263 |
| scoring_system |
epss |
| scoring_elements |
0.4964 |
| published_at |
2026-05-11T12:55:00Z |
|
| 3 |
| value |
0.00263 |
| scoring_system |
epss |
| scoring_elements |
0.49664 |
| published_at |
2026-05-07T12:55:00Z |
|
| 4 |
| value |
0.00263 |
| scoring_system |
epss |
| scoring_elements |
0.49605 |
| published_at |
2026-05-05T12:55:00Z |
|
| 5 |
| value |
0.00263 |
| scoring_system |
epss |
| scoring_elements |
0.49691 |
| published_at |
2026-05-09T12:55:00Z |
|
| 6 |
| value |
0.00263 |
| scoring_system |
epss |
| scoring_elements |
0.49735 |
| published_at |
2026-04-26T12:55:00Z |
|
| 7 |
| value |
0.00263 |
| scoring_system |
epss |
| scoring_elements |
0.49763 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.00263 |
| scoring_system |
epss |
| scoring_elements |
0.49716 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00263 |
| scoring_system |
epss |
| scoring_elements |
0.49715 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00263 |
| scoring_system |
epss |
| scoring_elements |
0.49743 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.00263 |
| scoring_system |
epss |
| scoring_elements |
0.49731 |
| published_at |
2026-04-08T12:55:00Z |
|
| 12 |
| value |
0.00263 |
| scoring_system |
epss |
| scoring_elements |
0.49676 |
| published_at |
2026-04-07T12:55:00Z |
|
| 13 |
| value |
0.00263 |
| scoring_system |
epss |
| scoring_elements |
0.49726 |
| published_at |
2026-04-24T12:55:00Z |
|
| 14 |
| value |
0.00263 |
| scoring_system |
epss |
| scoring_elements |
0.49698 |
| published_at |
2026-04-02T12:55:00Z |
|
| 15 |
| value |
0.00263 |
| scoring_system |
epss |
| scoring_elements |
0.49667 |
| published_at |
2026-04-01T12:55:00Z |
|
| 16 |
| value |
0.00271 |
| scoring_system |
epss |
| scoring_elements |
0.5057 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-28677 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
BIT-pillow-2021-28677, CVE-2021-28677, GHSA-q5hq-fp76-qmrc, PYSEC-2021-93
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-aubw-tsmn-ffcq |
|
| 4 |
| url |
VCID-en6t-uxtq-bfek |
| vulnerability_id |
VCID-en6t-uxtq-bfek |
| summary |
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25289 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00206 |
| scoring_system |
epss |
| scoring_elements |
0.43036 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00206 |
| scoring_system |
epss |
| scoring_elements |
0.43048 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00206 |
| scoring_system |
epss |
| scoring_elements |
0.42988 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00206 |
| scoring_system |
epss |
| scoring_elements |
0.43005 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00206 |
| scoring_system |
epss |
| scoring_elements |
0.4304 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00206 |
| scoring_system |
epss |
| scoring_elements |
0.43017 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00206 |
| scoring_system |
epss |
| scoring_elements |
0.43004 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00206 |
| scoring_system |
epss |
| scoring_elements |
0.42954 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00206 |
| scoring_system |
epss |
| scoring_elements |
0.43018 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00206 |
| scoring_system |
epss |
| scoring_elements |
0.4299 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00206 |
| scoring_system |
epss |
| scoring_elements |
0.42926 |
| published_at |
2026-04-01T12:55:00Z |
|
| 11 |
| value |
0.00762 |
| scoring_system |
epss |
| scoring_elements |
0.7353 |
| published_at |
2026-05-14T12:55:00Z |
|
| 12 |
| value |
0.00762 |
| scoring_system |
epss |
| scoring_elements |
0.73401 |
| published_at |
2026-04-21T12:55:00Z |
|
| 13 |
| value |
0.00762 |
| scoring_system |
epss |
| scoring_elements |
0.73465 |
| published_at |
2026-05-07T12:55:00Z |
|
| 14 |
| value |
0.00762 |
| scoring_system |
epss |
| scoring_elements |
0.73489 |
| published_at |
2026-05-09T12:55:00Z |
|
| 15 |
| value |
0.00762 |
| scoring_system |
epss |
| scoring_elements |
0.73449 |
| published_at |
2026-05-11T12:55:00Z |
|
| 16 |
| value |
0.00762 |
| scoring_system |
epss |
| scoring_elements |
0.73472 |
| published_at |
2026-05-12T12:55:00Z |
|
| 17 |
| value |
0.0083 |
| scoring_system |
epss |
| scoring_elements |
0.746 |
| published_at |
2026-04-24T12:55:00Z |
|
| 18 |
| value |
0.0083 |
| scoring_system |
epss |
| scoring_elements |
0.7461 |
| published_at |
2026-05-05T12:55:00Z |
|
| 19 |
| value |
0.0083 |
| scoring_system |
epss |
| scoring_elements |
0.74607 |
| published_at |
2026-04-29T12:55:00Z |
|
| 20 |
| value |
0.0083 |
| scoring_system |
epss |
| scoring_elements |
0.74606 |
| published_at |
2026-04-26T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25289 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/advisories/GHSA-57h3-9rgr-c24m |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-57h3-9rgr-c24m |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
BIT-pillow-2021-25289, CVE-2021-25289, GHSA-57h3-9rgr-c24m, PYSEC-2021-35
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-en6t-uxtq-bfek |
|
| 5 |
| url |
VCID-gvjw-funa-sqak |
| vulnerability_id |
VCID-gvjw-funa-sqak |
| summary |
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27923 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61885 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61759 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61833 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61864 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61835 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61937 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61933 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61889 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61909 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.61921 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00419 |
| scoring_system |
epss |
| scoring_elements |
0.619 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62268 |
| published_at |
2026-04-24T12:55:00Z |
|
| 12 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62224 |
| published_at |
2026-05-05T12:55:00Z |
|
| 13 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62278 |
| published_at |
2026-04-29T12:55:00Z |
|
| 14 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62285 |
| published_at |
2026-04-26T12:55:00Z |
|
| 15 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62258 |
| published_at |
2026-04-21T12:55:00Z |
|
| 16 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62364 |
| published_at |
2026-05-14T12:55:00Z |
|
| 17 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.6231 |
| published_at |
2026-05-12T12:55:00Z |
|
| 18 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62283 |
| published_at |
2026-05-11T12:55:00Z |
|
| 19 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.6233 |
| published_at |
2026-05-09T12:55:00Z |
|
| 20 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62272 |
| published_at |
2026-05-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27923 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
|
| aliases |
BIT-pillow-2021-27923, CVE-2021-27923, GHSA-95q3-8gr9-gm8w, PYSEC-2021-42
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gvjw-funa-sqak |
|
| 6 |
| url |
VCID-n1w5-f5p7-xuhb |
| vulnerability_id |
VCID-n1w5-f5p7-xuhb |
| summary |
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25287 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.57018 |
| published_at |
2026-05-14T12:55:00Z |
|
| 1 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56957 |
| published_at |
2026-05-12T12:55:00Z |
|
| 2 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56932 |
| published_at |
2026-05-11T12:55:00Z |
|
| 3 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.5698 |
| published_at |
2026-05-09T12:55:00Z |
|
| 4 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56919 |
| published_at |
2026-05-07T12:55:00Z |
|
| 5 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56873 |
| published_at |
2026-05-05T12:55:00Z |
|
| 6 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.5692 |
| published_at |
2026-04-29T12:55:00Z |
|
| 7 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56936 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56981 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.57025 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.57014 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.57011 |
| published_at |
2026-04-08T12:55:00Z |
|
| 12 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56961 |
| published_at |
2026-04-07T12:55:00Z |
|
| 13 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56985 |
| published_at |
2026-04-04T12:55:00Z |
|
| 14 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56963 |
| published_at |
2026-04-02T12:55:00Z |
|
| 15 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56866 |
| published_at |
2026-04-01T12:55:00Z |
|
| 16 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.57007 |
| published_at |
2026-04-18T12:55:00Z |
|
| 17 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.5701 |
| published_at |
2026-04-16T12:55:00Z |
|
| 18 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.57005 |
| published_at |
2026-04-12T12:55:00Z |
|
| 19 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.57655 |
| published_at |
2026-04-24T12:55:00Z |
|
| 20 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.57699 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25287 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
|
| 1 |
| value |
8.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
BIT-pillow-2021-25287, CVE-2021-25287, GHSA-77gc-v2xv-rvvh, PYSEC-2021-137
|
| risk_score |
4.1 |
| exploitability |
0.5 |
| weighted_severity |
8.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n1w5-f5p7-xuhb |
|
| 7 |
| url |
VCID-p6r3-puh1-zyg6 |
| vulnerability_id |
VCID-p6r3-puh1-zyg6 |
| summary |
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25293 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.001 |
| scoring_system |
epss |
| scoring_elements |
0.27731 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.001 |
| scoring_system |
epss |
| scoring_elements |
0.27723 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.001 |
| scoring_system |
epss |
| scoring_elements |
0.2778 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.001 |
| scoring_system |
epss |
| scoring_elements |
0.27822 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.001 |
| scoring_system |
epss |
| scoring_elements |
0.27816 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.001 |
| scoring_system |
epss |
| scoring_elements |
0.27773 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.001 |
| scoring_system |
epss |
| scoring_elements |
0.27705 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.001 |
| scoring_system |
epss |
| scoring_elements |
0.27913 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.001 |
| scoring_system |
epss |
| scoring_elements |
0.27873 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.001 |
| scoring_system |
epss |
| scoring_elements |
0.27823 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.37624 |
| published_at |
2026-05-14T12:55:00Z |
|
| 11 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38018 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.37803 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.37781 |
| published_at |
2026-04-26T12:55:00Z |
|
| 14 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.37686 |
| published_at |
2026-04-29T12:55:00Z |
|
| 15 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.37573 |
| published_at |
2026-05-05T12:55:00Z |
|
| 16 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.37643 |
| published_at |
2026-05-07T12:55:00Z |
|
| 17 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.3766 |
| published_at |
2026-05-09T12:55:00Z |
|
| 18 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.37574 |
| published_at |
2026-05-11T12:55:00Z |
|
| 19 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.37547 |
| published_at |
2026-05-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25293 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
BIT-pillow-2021-25293, CVE-2021-25293, GHSA-p43w-g3c5-g5mq, PYSEC-2021-39
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p6r3-puh1-zyg6 |
|
| 8 |
| url |
VCID-rncf-9nf8-wud3 |
| vulnerability_id |
VCID-rncf-9nf8-wud3 |
| summary |
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25290 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00143 |
| scoring_system |
epss |
| scoring_elements |
0.34335 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00143 |
| scoring_system |
epss |
| scoring_elements |
0.34596 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00143 |
| scoring_system |
epss |
| scoring_elements |
0.34558 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00143 |
| scoring_system |
epss |
| scoring_elements |
0.34582 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.00143 |
| scoring_system |
epss |
| scoring_elements |
0.34621 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00143 |
| scoring_system |
epss |
| scoring_elements |
0.3462 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00143 |
| scoring_system |
epss |
| scoring_elements |
0.34591 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00143 |
| scoring_system |
epss |
| scoring_elements |
0.34548 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00143 |
| scoring_system |
epss |
| scoring_elements |
0.34679 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00143 |
| scoring_system |
epss |
| scoring_elements |
0.34653 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.0024 |
| scoring_system |
epss |
| scoring_elements |
0.47273 |
| published_at |
2026-05-14T12:55:00Z |
|
| 11 |
| value |
0.0024 |
| scoring_system |
epss |
| scoring_elements |
0.47205 |
| published_at |
2026-05-12T12:55:00Z |
|
| 12 |
| value |
0.0024 |
| scoring_system |
epss |
| scoring_elements |
0.47173 |
| published_at |
2026-05-11T12:55:00Z |
|
| 13 |
| value |
0.0024 |
| scoring_system |
epss |
| scoring_elements |
0.47229 |
| published_at |
2026-05-09T12:55:00Z |
|
| 14 |
| value |
0.0024 |
| scoring_system |
epss |
| scoring_elements |
0.4721 |
| published_at |
2026-05-07T12:55:00Z |
|
| 15 |
| value |
0.0024 |
| scoring_system |
epss |
| scoring_elements |
0.47146 |
| published_at |
2026-05-05T12:55:00Z |
|
| 16 |
| value |
0.0024 |
| scoring_system |
epss |
| scoring_elements |
0.4723 |
| published_at |
2026-04-29T12:55:00Z |
|
| 17 |
| value |
0.0024 |
| scoring_system |
epss |
| scoring_elements |
0.47283 |
| published_at |
2026-04-26T12:55:00Z |
|
| 18 |
| value |
0.00247 |
| scoring_system |
epss |
| scoring_elements |
0.47959 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25290 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
BIT-pillow-2021-25290, CVE-2021-25290, GHSA-8xjq-8fcg-g5hw, PYSEC-2021-36
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rncf-9nf8-wud3 |
|
| 9 |
| url |
VCID-ue18-zzau-x7hy |
| vulnerability_id |
VCID-ue18-zzau-x7hy |
| summary |
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25288 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50194 |
| published_at |
2026-05-14T12:55:00Z |
|
| 1 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50119 |
| published_at |
2026-05-12T12:55:00Z |
|
| 2 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.5009 |
| published_at |
2026-05-11T12:55:00Z |
|
| 3 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50137 |
| published_at |
2026-05-09T12:55:00Z |
|
| 4 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50108 |
| published_at |
2026-05-07T12:55:00Z |
|
| 5 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50055 |
| published_at |
2026-05-05T12:55:00Z |
|
| 6 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50138 |
| published_at |
2026-04-29T12:55:00Z |
|
| 7 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50184 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50179 |
| published_at |
2026-04-24T12:55:00Z |
|
| 9 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50231 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50196 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50186 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50224 |
| published_at |
2026-04-11T12:55:00Z |
|
| 13 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50203 |
| published_at |
2026-04-08T12:55:00Z |
|
| 14 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50125 |
| published_at |
2026-04-01T12:55:00Z |
|
| 15 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50171 |
| published_at |
2026-04-02T12:55:00Z |
|
| 16 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50198 |
| published_at |
2026-04-12T12:55:00Z |
|
| 17 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.50149 |
| published_at |
2026-04-07T12:55:00Z |
|
| 18 |
| value |
0.00267 |
| scoring_system |
epss |
| scoring_elements |
0.5023 |
| published_at |
2026-04-16T12:55:00Z |
|
| 19 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50917 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25288 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
|
| 1 |
| value |
8.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
BIT-pillow-2021-25288, CVE-2021-25288, GHSA-rwv7-3v45-hg29, PYSEC-2021-138
|
| risk_score |
4.1 |
| exploitability |
0.5 |
| weighted_severity |
8.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ue18-zzau-x7hy |
|
| 10 |
| url |
VCID-vwbu-ruxm-tbh4 |
| vulnerability_id |
VCID-vwbu-ruxm-tbh4 |
| summary |
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25291 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67647 |
| published_at |
2026-05-14T12:55:00Z |
|
| 1 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67398 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67434 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67455 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67486 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.675 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67523 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.6751 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67476 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67512 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67524 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67503 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67522 |
| published_at |
2026-04-24T12:55:00Z |
|
| 13 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67533 |
| published_at |
2026-04-26T12:55:00Z |
|
| 14 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67534 |
| published_at |
2026-04-29T12:55:00Z |
|
| 15 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67508 |
| published_at |
2026-05-05T12:55:00Z |
|
| 16 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67552 |
| published_at |
2026-05-07T12:55:00Z |
|
| 17 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67589 |
| published_at |
2026-05-09T12:55:00Z |
|
| 18 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67561 |
| published_at |
2026-05-11T12:55:00Z |
|
| 19 |
| value |
0.00536 |
| scoring_system |
epss |
| scoring_elements |
0.67586 |
| published_at |
2026-05-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25291 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
BIT-pillow-2021-25291, CVE-2021-25291, GHSA-mvg9-xffr-p774, PYSEC-2021-37
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vwbu-ruxm-tbh4 |
|
| 11 |
| url |
VCID-vxh1-8rvt-kkak |
| vulnerability_id |
VCID-vxh1-8rvt-kkak |
| summary |
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25292 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35203 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35172 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35224 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35252 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35024 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35133 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35177 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35186 |
| published_at |
2026-04-16T12:55:00Z |
|
| 8 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35148 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35173 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00147 |
| scoring_system |
epss |
| scoring_elements |
0.35208 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.00185 |
| scoring_system |
epss |
| scoring_elements |
0.40129 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00185 |
| scoring_system |
epss |
| scoring_elements |
0.39829 |
| published_at |
2026-05-14T12:55:00Z |
|
| 13 |
| value |
0.00185 |
| scoring_system |
epss |
| scoring_elements |
0.39758 |
| published_at |
2026-05-12T12:55:00Z |
|
| 14 |
| value |
0.00185 |
| scoring_system |
epss |
| scoring_elements |
0.39733 |
| published_at |
2026-05-11T12:55:00Z |
|
| 15 |
| value |
0.00185 |
| scoring_system |
epss |
| scoring_elements |
0.39817 |
| published_at |
2026-05-09T12:55:00Z |
|
| 16 |
| value |
0.00185 |
| scoring_system |
epss |
| scoring_elements |
0.39797 |
| published_at |
2026-05-07T12:55:00Z |
|
| 17 |
| value |
0.00185 |
| scoring_system |
epss |
| scoring_elements |
0.39732 |
| published_at |
2026-05-05T12:55:00Z |
|
| 18 |
| value |
0.00185 |
| scoring_system |
epss |
| scoring_elements |
0.39861 |
| published_at |
2026-04-29T12:55:00Z |
|
| 19 |
| value |
0.00185 |
| scoring_system |
epss |
| scoring_elements |
0.39941 |
| published_at |
2026-04-26T12:55:00Z |
|
| 20 |
| value |
0.00185 |
| scoring_system |
epss |
| scoring_elements |
0.39956 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-25292 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/advisories/GHSA-9hx2-hgq2-2g4f |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-9hx2-hgq2-2g4f |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
BIT-pillow-2021-25292, CVE-2021-25292, GHSA-9hx2-hgq2-2g4f, PYSEC-2021-38
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vxh1-8rvt-kkak |
|
| 12 |
| url |
VCID-vyzt-df2u-h3cc |
| vulnerability_id |
VCID-vyzt-df2u-h3cc |
| summary |
An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-28678 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29005 |
| published_at |
2026-05-14T12:55:00Z |
|
| 1 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.28924 |
| published_at |
2026-05-12T12:55:00Z |
|
| 2 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.28904 |
| published_at |
2026-05-11T12:55:00Z |
|
| 3 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.2898 |
| published_at |
2026-05-09T12:55:00Z |
|
| 4 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.28964 |
| published_at |
2026-05-07T12:55:00Z |
|
| 5 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.28902 |
| published_at |
2026-05-05T12:55:00Z |
|
| 6 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.2905 |
| published_at |
2026-04-29T12:55:00Z |
|
| 7 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29119 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29231 |
| published_at |
2026-04-24T12:55:00Z |
|
| 9 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29345 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.2939 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29417 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29397 |
| published_at |
2026-04-13T12:55:00Z |
|
| 13 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29453 |
| published_at |
2026-04-01T12:55:00Z |
|
| 14 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29518 |
| published_at |
2026-04-02T12:55:00Z |
|
| 15 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29567 |
| published_at |
2026-04-04T12:55:00Z |
|
| 16 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29388 |
| published_at |
2026-04-07T12:55:00Z |
|
| 17 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29449 |
| published_at |
2026-04-12T12:55:00Z |
|
| 18 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29494 |
| published_at |
2026-04-11T12:55:00Z |
|
| 19 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29451 |
| published_at |
2026-04-08T12:55:00Z |
|
| 20 |
| value |
0.0011 |
| scoring_system |
epss |
| scoring_elements |
0.29492 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-28678 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/advisories/GHSA-hjfx-8p6c-g7gx |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-hjfx-8p6c-g7gx |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
BIT-pillow-2021-28678, CVE-2021-28678, GHSA-hjfx-8p6c-g7gx, PYSEC-2021-94
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vyzt-df2u-h3cc |
|
| 13 |
| url |
VCID-xesd-d294-7fcx |
| vulnerability_id |
VCID-xesd-d294-7fcx |
| summary |
An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-28676 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58733 |
| published_at |
2026-05-14T12:55:00Z |
|
| 1 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58662 |
| published_at |
2026-05-12T12:55:00Z |
|
| 2 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58634 |
| published_at |
2026-05-11T12:55:00Z |
|
| 3 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58678 |
| published_at |
2026-05-09T12:55:00Z |
|
| 4 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.5862 |
| published_at |
2026-05-07T12:55:00Z |
|
| 5 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58575 |
| published_at |
2026-05-05T12:55:00Z |
|
| 6 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58608 |
| published_at |
2026-04-29T12:55:00Z |
|
| 7 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58623 |
| published_at |
2026-04-26T12:55:00Z |
|
| 8 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58516 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58666 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58648 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58642 |
| published_at |
2026-04-08T12:55:00Z |
|
| 12 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.5859 |
| published_at |
2026-04-07T12:55:00Z |
|
| 13 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58621 |
| published_at |
2026-04-04T12:55:00Z |
|
| 14 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.586 |
| published_at |
2026-04-02T12:55:00Z |
|
| 15 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58665 |
| published_at |
2026-04-18T12:55:00Z |
|
| 16 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.5866 |
| published_at |
2026-04-16T12:55:00Z |
|
| 17 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58627 |
| published_at |
2026-04-13T12:55:00Z |
|
| 18 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58647 |
| published_at |
2026-04-12T12:55:00Z |
|
| 19 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59261 |
| published_at |
2026-04-21T12:55:00Z |
|
| 20 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59242 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-28676 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/python-pillow/Pillow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/python-pillow/Pillow |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
BIT-pillow-2021-28676, CVE-2021-28676, GHSA-7r7m-5h27-29hp, PYSEC-2021-92
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xesd-d294-7fcx |
|