Search for vulnerabilities
| Vulnerability ID | VCID-q3gu-jurr-hqdm |
| Aliases |
GHSA-56pw-mpj4-fxww
GMS-2023-3137 |
| Summary | Duplicate Advisory: Bundled libwebp in Pillow vulnerable ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-56pw-mpj4-fxww. This link is maintained to preserve external references. ## Original Description Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 8.0 |
| Risk | 4.0 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| cvssv3.1_qr | HIGH | https://github.com/advisories/GHSA-56pw-mpj4-fxww |
| generic_textual | HIGH | https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-175.yaml |
| generic_textual | HIGH | https://github.com/python-pillow/Pillow |
| generic_textual | HIGH | https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15 |
| generic_textual | HIGH | https://nvd.nist.gov/vuln/detail/CVE-2023-4863 |
| generic_textual | HIGH | https://nvd.nist.gov/vuln/detail/CVE-2023-5129 |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-31T08:40:22.468644+00:00 | GithubOSV Importer | Import | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-56pw-mpj4-fxww/GHSA-56pw-mpj4-fxww.json | 37.0.0 |