[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-11538":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":23,"aliases":24,"duplicate_of":9,"upstream":28,"downstream":29,"duplicates":48,"related":49,"reserved_at":9,"published_at":52,"modified_at":53,"state":54,"summary":55,"references_raw":64,"kevs":163,"epss":164,"epss_history":167,"metrics":431,"affected":447},"CVE-2020-11538","In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-125","Out-of-bounds Read","The product reads data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-540","Overread Buffers",[],[],[25,26,27],"GHSA-43fq-w8qq-v88h","BIT-pillow-2020-11538","PYSEC-2020-80",[],[30,32,34,36,38,40,42,44,46],{"_key":31},"SUSE-RU-2020:2161-1",{"_key":33},"UBUNTU-CVE-2020-11538",{"_key":35},"RHSA-2020:3185",{"_key":37},"RHSA-2020:3299",{"_key":39},"RHSA-2020:3302",{"_key":41},"MGASA-2020-0434",{"_key":43},"USN-4430-2",{"_key":45},"USN-4430-1",{"_key":47},"DEBIAN-CVE-2020-11538",[],[50,51],{"_key":31},{"_key":41},"2020-06-25T18:32:06.000Z","2024-08-04T11:35:13.102Z","Modified",{"cisa_kev":56,"cisa_ransomware":56,"cisa_vendor":9,"epss_severity":57,"epss_score":58,"severity":59,"severity_score":60,"severity_version":61,"severity_source":62,"severity_vector":63,"severity_status":54},false,"low",0.00267,"high",8.1,"v3.1","nvd","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",[65,74,80,85,89,95,99,105,109,114,118,122,126,131,135,139,143,147,151,155,159],{"url":66,"sources":67,"tags":70},"https://pillow.readthedocs.io/en/stable/releasenotes/index.html",[68,62,69],"cve.org","osv_pypi",[71,72,73],"X Refsource MISC","Release Notes","WEB",{"url":75,"sources":76,"tags":77},"https://github.com/python-pillow/Pillow/pull/4538",[68,62,69],[71,78,79,73],"Issue Tracking","Patch",{"url":81,"sources":82,"tags":83},"https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html",[68,62,69],[71,84,73],"Product",{"url":86,"sources":87,"tags":88},"https://github.com/python-pillow/Pillow/pull/4504",[68,62,69],[71,78,79,73],{"url":90,"sources":91,"tags":92},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/",[68,62],[93,94],"Vendor Advisory","X Refsource FEDORA",{"url":96,"sources":97,"tags":98},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/",[68,62],[93,94],{"url":100,"sources":101,"tags":102},"https://usn.ubuntu.com/4430-1/",[68,62,69],[93,103,104,73],"X Refsource UBUNTU","Third Party Advisory",{"url":106,"sources":107,"tags":108},"https://usn.ubuntu.com/4430-2/",[68,62,69],[93,103,104,73],{"url":110,"sources":111,"tags":112},"https://nvd.nist.gov/vuln/detail/CVE-2020-11538",[69],[113],"Advisory",{"url":115,"sources":116,"tags":117},"https://github.com/python-pillow/Pillow/commit/2ef59fdbaeb756bc512ab3f2ad15ac45665b303d",[69],[73],{"url":119,"sources":120,"tags":121},"https://github.com/advisories/GHSA-43fq-w8qq-v88h",[69],[113],{"url":123,"sources":124,"tags":125},"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-80.yaml",[69],[73],{"url":127,"sources":128,"tags":129},"https://github.com/python-pillow/Pillow",[69],[130],"PACKAGE",{"url":132,"sources":133,"tags":134},"https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security",[69],[73],{"url":136,"sources":137,"tags":138},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD",[69],[73],{"url":140,"sources":141,"tags":142},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427",[69],[73],{"url":144,"sources":145,"tags":146},"https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574574",[69],[73],{"url":148,"sources":149,"tags":150},"https://usn.ubuntu.com/4430-1",[69],[73],{"url":152,"sources":153,"tags":154},"https://usn.ubuntu.com/4430-2",[69],[73],{"url":156,"sources":157,"tags":158},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/",[69],[73],{"url":160,"sources":161,"tags":162},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/",[69],[73],[],{"date":165,"score":58,"percentile":166},"2026-06-04",0.50354,[168,172,175,178,181,184,187,190,193,196,199,202,204,207,210,214,217,220,223,226,229,232,234,237,240,243,246,249,252,255,258,261,264,267,269,271,273,276,279,282,285,288,291,294,297,300,303,306,309,312,314,317,320,323,327,330,333,336,339,342,345,348,351,354,357,359,362,365,368,371,374,377,380,383,386,389,391,394,397,400,403,406,409,412,415,417,419,422,425,428],{"date":169,"score":170,"percentile":171},"2025-11-04",0.0043,0.61791,{"date":173,"score":170,"percentile":174},"2025-11-05",0.61778,{"date":176,"score":170,"percentile":177},"2025-11-06",0.61787,{"date":179,"score":170,"percentile":180},"2025-11-07",0.61805,{"date":182,"score":170,"percentile":183},"2025-11-08",0.61809,{"date":185,"score":170,"percentile":186},"2025-11-09",0.61804,{"date":188,"score":170,"percentile":189},"2025-11-10",0.61785,{"date":191,"score":170,"percentile":192},"2025-11-11",0.61799,{"date":194,"score":170,"percentile":195},"2025-11-12",0.61825,{"date":197,"score":170,"percentile":198},"2025-11-13",0.61832,{"date":200,"score":170,"percentile":201},"2025-11-14",0.6184,{"date":203,"score":170,"percentile":198},"2025-11-15",{"date":205,"score":170,"percentile":206},"2025-11-16",0.61821,{"date":208,"score":170,"percentile":209},"2025-11-17",0.61824,{"date":211,"score":212,"percentile":213},"2025-11-18",0.00605,0.67139,{"date":215,"score":212,"percentile":216},"2025-11-19",0.67145,{"date":218,"score":212,"percentile":219},"2025-11-20",0.67138,{"date":221,"score":170,"percentile":222},"2025-11-21",0.61831,{"date":224,"score":170,"percentile":225},"2025-11-22",0.61837,{"date":227,"score":170,"percentile":228},"2025-11-23",0.61818,{"date":230,"score":170,"percentile":231},"2025-11-24",0.61811,{"date":233,"score":170,"percentile":228},"2025-11-25",{"date":235,"score":170,"percentile":236},"2025-11-26",0.61819,{"date":238,"score":170,"percentile":239},"2025-11-27",0.61826,{"date":241,"score":170,"percentile":242},"2025-11-28",0.61807,{"date":244,"score":170,"percentile":245},"2025-11-29",0.61782,{"date":247,"score":170,"percentile":248},"2025-11-30",0.61774,{"date":250,"score":170,"percentile":251},"2025-12-01",0.61923,{"date":253,"score":170,"percentile":254},"2025-12-02",0.6194,{"date":256,"score":170,"percentile":257},"2025-12-03",0.61941,{"date":259,"score":170,"percentile":260},"2025-12-04",0.61771,{"date":262,"score":170,"percentile":263},"2025-12-05",0.61783,{"date":265,"score":170,"percentile":266},"2025-12-06",0.61781,{"date":268,"score":170,"percentile":248},"2025-12-07",{"date":270,"score":170,"percentile":266},"2025-12-08",{"date":272,"score":170,"percentile":228},"2025-12-09",{"date":274,"score":170,"percentile":275},"2025-12-10",0.61863,{"date":277,"score":170,"percentile":278},"2025-12-11",0.61883,{"date":280,"score":170,"percentile":281},"2025-12-12",0.61907,{"date":283,"score":170,"percentile":284},"2025-12-13",0.61912,{"date":286,"score":170,"percentile":287},"2025-12-14",0.61913,{"date":289,"score":170,"percentile":290},"2025-12-15",0.61894,{"date":292,"score":170,"percentile":293},"2025-12-16",0.61911,{"date":295,"score":170,"percentile":296},"2025-12-17",0.61925,{"date":298,"score":170,"percentile":299},"2025-12-18",0.61961,{"date":301,"score":170,"percentile":302},"2025-12-19",0.61974,{"date":304,"score":170,"percentile":305},"2025-12-20",0.61975,{"date":307,"score":170,"percentile":308},"2025-12-21",0.61966,{"date":310,"score":170,"percentile":311},"2025-12-22",0.61957,{"date":313,"score":170,"percentile":302},"2025-12-23",{"date":315,"score":170,"percentile":316},"2025-12-24",0.61982,{"date":318,"score":170,"percentile":319},"2025-12-25",0.62013,{"date":321,"score":170,"percentile":322},"2025-12-26",0.62009,{"date":324,"score":325,"percentile":326},"2025-12-27",0.00532,0.667,{"date":328,"score":170,"percentile":329},"2025-12-28",0.61985,{"date":331,"score":170,"percentile":332},"2025-12-29",0.61983,{"date":334,"score":170,"percentile":335},"2025-12-30",0.62,{"date":337,"score":170,"percentile":338},"2025-12-31",0.62022,{"date":340,"score":170,"percentile":341},"2026-01-01",0.62204,{"date":343,"score":170,"percentile":344},"2026-01-02",0.6219,{"date":346,"score":170,"percentile":347},"2026-01-03",0.62187,{"date":349,"score":170,"percentile":350},"2026-01-04",0.61991,{"date":352,"score":170,"percentile":353},"2026-01-05",0.61981,{"date":355,"score":170,"percentile":356},"2026-01-06",0.6199,{"date":358,"score":170,"percentile":322},"2026-01-07",{"date":360,"score":170,"percentile":361},"2026-01-08",0.62032,{"date":363,"score":170,"percentile":364},"2026-01-09",0.62034,{"date":366,"score":170,"percentile":367},"2026-01-10",0.62027,{"date":369,"score":170,"percentile":370},"2026-01-11",0.62015,{"date":372,"score":170,"percentile":373},"2026-01-12",0.61992,{"date":375,"score":170,"percentile":376},"2026-01-13",0.6197,{"date":378,"score":170,"percentile":379},"2026-01-14",0.62012,{"date":381,"score":170,"percentile":382},"2026-01-15",0.62011,{"date":384,"score":170,"percentile":385},"2026-01-16",0.62029,{"date":387,"score":170,"percentile":388},"2026-01-17",0.62023,{"date":390,"score":170,"percentile":338},"2026-01-18",{"date":392,"score":170,"percentile":393},"2026-01-19",0.62004,{"date":395,"score":170,"percentile":396},"2026-01-20",0.62019,{"date":398,"score":170,"percentile":399},"2026-01-21",0.6202,{"date":401,"score":170,"percentile":402},"2026-01-22",0.62024,{"date":404,"score":170,"percentile":405},"2026-01-23",0.62059,{"date":407,"score":170,"percentile":408},"2026-01-24",0.62066,{"date":410,"score":170,"percentile":411},"2026-01-25",0.6203,{"date":413,"score":170,"percentile":414},"2026-01-26",0.62021,{"date":416,"score":170,"percentile":402},"2026-01-27",{"date":418,"score":170,"percentile":364},"2026-01-28",{"date":420,"score":170,"percentile":421},"2026-01-29",0.62035,{"date":423,"score":170,"percentile":424},"2026-01-30",0.62042,{"date":426,"score":170,"percentile":427},"2026-01-31",0.62047,{"date":429,"score":170,"percentile":430},"2026-02-01",0.62184,[432,442],{"source":62,"cvss_v2_0":433,"cvss_v3_0":9,"cvss_v3_1":438,"cvss_v4_0":9},{"baseScore":434,"baseSeverity":9,"vectorString":435,"impactScore":436,"exploitabilityScore":437},6.8,"AV:N/AC:M/Au:N/C:P/I:P/A:P",6.4,8.6,{"baseScore":60,"baseSeverity":439,"vectorString":63,"impactScore":440,"exploitabilityScore":441},"HIGH",9.8,5.6,{"source":69,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":443,"cvss_v4_0":444},{"baseScore":60,"baseSeverity":9,"vectorString":63,"impactScore":440,"exploitabilityScore":441},{"baseScore":445,"baseSeverity":9,"vectorString":446,"impactScore":9,"exploitabilityScore":9},9.2,"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",[448,461,469,480],{"ecosystem":9,"name":449,"vendor":450,"product":451,"cpe_part":452,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":453},"ubuntu linux","canonical","ubuntu_linux","o",[454,457,459],{"version":455,"is_range":56,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04","cpe",{"version":458,"is_range":56,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.04",{"version":460,"is_range":56,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"20.04",{"ecosystem":9,"name":462,"vendor":463,"product":462,"cpe_part":452,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":464},"fedora","fedoraproject",[465,467],{"version":466,"is_range":56,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"31",{"version":468,"is_range":56,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"32",{"ecosystem":470,"name":471,"vendor":470,"product":471,"cpe_part":9,"purl_type":472,"purl_namespace":9,"purl_name":471,"source":9,"versions":473},"PyPI","pillow","pypi",[474],{"version":475,"is_range":476,"range_type":477,"version_start":9,"version_start_type":9,"version_end":478,"version_end_type":479,"fixed_in":9},"lt7_1_0",true,"ecosystem","7.1.0","excluding",{"ecosystem":9,"name":471,"vendor":481,"product":471,"cpe_part":482,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":483},"python","a",[484],{"version":485,"is_range":476,"range_type":456,"version_start":9,"version_start_type":9,"version_end":486,"version_end_type":487,"fixed_in":9},"lte7.0.0","7.0.0","including"]