[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-19911":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":25,"duplicate_of":9,"upstream":28,"downstream":29,"duplicates":52,"related":53,"reserved_at":9,"published_at":59,"modified_at":60,"state":61,"summary":62,"references_raw":71,"kevs":131,"epss":132,"epss_history":135,"metrics":396,"affected":411},"CVE-2019-19911","There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-190","Integer Overflow or Wraparound","The product performs a calculation that can\n         produce an integer overflow or wraparound when the logic\n         assumes that the resulting value will always be larger than\n         the original value. This occurs when an integer value is\n         incremented to a value that is too large to store in the\n         associated representation. When this occurs, the value may\n         become a very small or negative number.","weakness","Stable","Base","Medium",[20],{"id":21,"name":22,"techniques":23},"CAPEC-92","Forced Integer Overflow",[],[],[26,27],"GHSA-5gm3-px64-rw72","PYSEC-2020-172",[],[30,32,34,36,38,40,42,44,46,48,50],{"_key":31},"ALPINE-CVE-2019-19911",{"_key":33},"SUSE-RU-2020:2072-1",{"_key":35},"SUSE-RU-2020:2161-1",{"_key":37},"SUSE-SU-2020:1901-1",{"_key":39},"SUSE-SU-2020:2057-1",{"_key":41},"UBUNTU-CVE-2019-19911",{"_key":43},"USN-4272-1",{"_key":45},"DLA-2057-1",{"_key":47},"DSA-4631-1",{"_key":49},"MGASA-2020-0088",{"_key":51},"DEBIAN-CVE-2019-19911",[],[54,55,56,57,58],{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":49},"2020-01-05T21:57:24.000Z","2024-08-05T02:32:10.085Z","Modified",{"cisa_kev":63,"cisa_ransomware":63,"cisa_vendor":9,"epss_severity":64,"epss_score":65,"severity":66,"severity_score":67,"severity_version":68,"severity_source":69,"severity_vector":70,"severity_status":61},false,"low",0.0096,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[72,82,88,93,99,103,107,111,115,119,123,127],{"url":73,"sources":74,"tags":77},"https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html",[75,69,76],"cve.org","osv_pypi",[78,79,80,81],"X Refsource CONFIRM","Release Notes","Third Party Advisory","WEB",{"url":83,"sources":84,"tags":85},"https://usn.ubuntu.com/4272-1/",[75,69,76],[86,87,80,81],"Vendor Advisory","X Refsource UBUNTU",{"url":89,"sources":90,"tags":91},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/",[75,69],[86,92],"X Refsource FEDORA",{"url":94,"sources":95,"tags":96},"https://www.debian.org/security/2020/dsa-4631",[75,69,76],[86,97,80,81,98],"X Refsource DEBIAN","Advisory",{"url":100,"sources":101,"tags":102},"https://nvd.nist.gov/vuln/detail/CVE-2019-19911",[76],[98],{"url":104,"sources":105,"tags":106},"https://github.com/python-pillow/Pillow/commit/774e53bb132461d8d5ebefec1162e29ec0ebc63d",[76],[81],{"url":108,"sources":109,"tags":110},"https://github.com/advisories/GHSA-5gm3-px64-rw72",[76],[98],{"url":112,"sources":113,"tags":114},"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-172.yaml",[76],[81],{"url":116,"sources":117,"tags":118},"https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst#622-2020-01-02",[76],[81],{"url":120,"sources":121,"tags":122},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P",[76],[81],{"url":124,"sources":125,"tags":126},"https://usn.ubuntu.com/4272-1",[76],[81],{"url":128,"sources":129,"tags":130},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/",[76],[81],[],{"date":133,"score":65,"percentile":134},"2026-06-04",0.76825,[136,140,143,146,149,152,154,157,159,162,165,168,171,174,177,181,184,186,189,192,195,198,201,203,206,209,212,215,218,221,224,227,229,232,234,237,240,243,246,249,252,255,258,261,264,267,270,273,276,279,281,284,287,290,294,297,299,301,304,307,310,313,316,319,322,325,328,331,334,337,340,343,345,348,351,354,357,360,362,365,368,371,374,377,380,382,385,387,390,393],{"date":137,"score":138,"percentile":139},"2025-11-04",0.00965,0.75804,{"date":141,"score":138,"percentile":142},"2025-11-05",0.758,{"date":144,"score":138,"percentile":145},"2025-11-06",0.75797,{"date":147,"score":138,"percentile":148},"2025-11-07",0.75813,{"date":150,"score":138,"percentile":151},"2025-11-08",0.75815,{"date":153,"score":138,"percentile":148},"2025-11-09",{"date":155,"score":138,"percentile":156},"2025-11-10",0.75802,{"date":158,"score":138,"percentile":139},"2025-11-11",{"date":160,"score":138,"percentile":161},"2025-11-12",0.75824,{"date":163,"score":138,"percentile":164},"2025-11-13",0.7583,{"date":166,"score":138,"percentile":167},"2025-11-14",0.75836,{"date":169,"score":138,"percentile":170},"2025-11-15",0.75833,{"date":172,"score":138,"percentile":173},"2025-11-16",0.75834,{"date":175,"score":138,"percentile":176},"2025-11-17",0.75826,{"date":178,"score":179,"percentile":180},"2025-11-18",0.01166,0.76808,{"date":182,"score":179,"percentile":183},"2025-11-19",0.76815,{"date":185,"score":179,"percentile":134},"2025-11-20",{"date":187,"score":138,"percentile":188},"2025-11-21",0.75854,{"date":190,"score":138,"percentile":191},"2025-11-22",0.75855,{"date":193,"score":138,"percentile":194},"2025-11-23",0.75839,{"date":196,"score":138,"percentile":197},"2025-11-24",0.75841,{"date":199,"score":138,"percentile":200},"2025-11-25",0.75849,{"date":202,"score":138,"percentile":188},"2025-11-26",{"date":204,"score":138,"percentile":205},"2025-11-27",0.75857,{"date":207,"score":138,"percentile":208},"2025-11-28",0.75844,{"date":210,"score":138,"percentile":211},"2025-11-29",0.75848,{"date":213,"score":138,"percentile":214},"2025-11-30",0.75846,{"date":216,"score":138,"percentile":217},"2025-12-01",0.75974,{"date":219,"score":138,"percentile":220},"2025-12-02",0.75981,{"date":222,"score":138,"percentile":223},"2025-12-03",0.75971,{"date":225,"score":138,"percentile":226},"2025-12-04",0.7584,{"date":228,"score":138,"percentile":211},"2025-12-05",{"date":230,"score":138,"percentile":231},"2025-12-06",0.75852,{"date":233,"score":138,"percentile":211},"2025-12-07",{"date":235,"score":138,"percentile":236},"2025-12-08",0.75853,{"date":238,"score":138,"percentile":239},"2025-12-09",0.75879,{"date":241,"score":138,"percentile":242},"2025-12-10",0.75904,{"date":244,"score":138,"percentile":245},"2025-12-11",0.75923,{"date":247,"score":138,"percentile":248},"2025-12-12",0.75946,{"date":250,"score":138,"percentile":251},"2025-12-13",0.75949,{"date":253,"score":138,"percentile":254},"2025-12-14",0.75944,{"date":256,"score":138,"percentile":257},"2025-12-15",0.75942,{"date":259,"score":138,"percentile":260},"2025-12-16",0.75953,{"date":262,"score":138,"percentile":263},"2025-12-17",0.75965,{"date":265,"score":138,"percentile":266},"2025-12-18",0.75983,{"date":268,"score":138,"percentile":269},"2025-12-19",0.75998,{"date":271,"score":138,"percentile":272},"2025-12-20",0.75991,{"date":274,"score":138,"percentile":275},"2025-12-21",0.75986,{"date":277,"score":138,"percentile":278},"2025-12-22",0.75982,{"date":280,"score":138,"percentile":220},"2025-12-23",{"date":282,"score":138,"percentile":283},"2025-12-24",0.75988,{"date":285,"score":138,"percentile":286},"2025-12-25",0.76009,{"date":288,"score":138,"percentile":289},"2025-12-26",0.76007,{"date":291,"score":292,"percentile":293},"2025-12-27",0.00757,0.72725,{"date":295,"score":138,"percentile":296},"2025-12-28",0.7599,{"date":298,"score":138,"percentile":275},"2025-12-29",{"date":300,"score":138,"percentile":269},"2025-12-30",{"date":302,"score":138,"percentile":303},"2025-12-31",0.76018,{"date":305,"score":138,"percentile":306},"2026-01-01",0.76157,{"date":308,"score":138,"percentile":309},"2026-01-02",0.7616,{"date":311,"score":138,"percentile":312},"2026-01-03",0.76159,{"date":314,"score":138,"percentile":315},"2026-01-04",0.76026,{"date":317,"score":138,"percentile":318},"2026-01-05",0.76017,{"date":320,"score":138,"percentile":321},"2026-01-06",0.76028,{"date":323,"score":138,"percentile":324},"2026-01-07",0.76038,{"date":326,"score":138,"percentile":327},"2026-01-08",0.76049,{"date":329,"score":138,"percentile":330},"2026-01-09",0.76057,{"date":332,"score":138,"percentile":333},"2026-01-10",0.76058,{"date":335,"score":138,"percentile":336},"2026-01-11",0.76044,{"date":338,"score":138,"percentile":339},"2026-01-12",0.76031,{"date":341,"score":138,"percentile":342},"2026-01-13",0.7603,{"date":344,"score":138,"percentile":333},"2026-01-14",{"date":346,"score":138,"percentile":347},"2026-01-15",0.76064,{"date":349,"score":138,"percentile":350},"2026-01-16",0.76076,{"date":352,"score":138,"percentile":353},"2026-01-17",0.76075,{"date":355,"score":138,"percentile":356},"2026-01-18",0.76067,{"date":358,"score":138,"percentile":359},"2026-01-19",0.76062,{"date":361,"score":138,"percentile":359},"2026-01-20",{"date":363,"score":138,"percentile":364},"2026-01-21",0.76068,{"date":366,"score":138,"percentile":367},"2026-01-22",0.76074,{"date":369,"score":138,"percentile":370},"2026-01-23",0.76102,{"date":372,"score":138,"percentile":373},"2026-01-24",0.76111,{"date":375,"score":138,"percentile":376},"2026-01-25",0.76098,{"date":378,"score":138,"percentile":379},"2026-01-26",0.76096,{"date":381,"score":138,"percentile":379},"2026-01-27",{"date":383,"score":138,"percentile":384},"2026-01-28",0.76105,{"date":386,"score":138,"percentile":370},"2026-01-29",{"date":388,"score":138,"percentile":389},"2026-01-30",0.76108,{"date":391,"score":138,"percentile":392},"2026-01-31",0.76106,{"date":394,"score":138,"percentile":395},"2026-02-01",0.7623,[397,406],{"source":69,"cvss_v2_0":398,"cvss_v3_0":9,"cvss_v3_1":403,"cvss_v4_0":9},{"baseScore":399,"baseSeverity":9,"vectorString":400,"impactScore":401,"exploitabilityScore":402},5,"AV:N/AC:L/Au:N/C:N/I:N/A:P",2.9,10,{"baseScore":67,"baseSeverity":404,"vectorString":70,"impactScore":405,"exploitabilityScore":402},"HIGH",6,{"source":76,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":407,"cvss_v4_0":408},{"baseScore":67,"baseSeverity":9,"vectorString":70,"impactScore":405,"exploitabilityScore":402},{"baseScore":409,"baseSeverity":9,"vectorString":410,"impactScore":9,"exploitabilityScore":9},8.7,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",[412,427,436,442,453],{"ecosystem":9,"name":413,"vendor":414,"product":415,"cpe_part":416,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":417},"ubuntu linux","canonical","ubuntu_linux","o",[418,421,423,425],{"version":419,"is_range":63,"range_type":420,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.04","cpe",{"version":422,"is_range":63,"range_type":420,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04",{"version":424,"is_range":63,"range_type":420,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.04",{"version":426,"is_range":63,"range_type":420,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"19.10",{"ecosystem":9,"name":428,"vendor":429,"product":430,"cpe_part":416,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":431},"debian linux","debian","debian_linux",[432,434],{"version":433,"is_range":63,"range_type":420,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"version":435,"is_range":63,"range_type":420,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0",{"ecosystem":9,"name":437,"vendor":438,"product":437,"cpe_part":416,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":439},"fedora","fedoraproject",[440],{"version":441,"is_range":63,"range_type":420,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"30",{"ecosystem":443,"name":444,"vendor":443,"product":444,"cpe_part":9,"purl_type":445,"purl_namespace":9,"purl_name":444,"source":9,"versions":446},"PyPI","pillow","pypi",[447],{"version":448,"is_range":449,"range_type":450,"version_start":9,"version_start_type":9,"version_end":451,"version_end_type":452,"fixed_in":9},"lt6_2_2",true,"ecosystem","6.2.2","excluding",{"ecosystem":9,"name":444,"vendor":454,"product":444,"cpe_part":455,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":456},"python","a",[457],{"version":458,"is_range":449,"range_type":420,"version_start":9,"version_start_type":9,"version_end":451,"version_end_type":452,"fixed_in":9},"lt6.2.2"]