[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-5312":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":72,"aliases":73,"duplicate_of":9,"upstream":77,"downstream":78,"duplicates":109,"related":110,"reserved_at":9,"published_at":116,"modified_at":117,"state":118,"summary":119,"references_raw":128,"kevs":232,"epss":233,"epss_history":236,"metrics":493,"affected":507},"CVE-2020-5312","libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-120","Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.","weakness","Incomplete","Base","High",[20,24,28,32,36,40,44,48,52,56,60,64,68],{"id":21,"name":22,"techniques":23},"CAPEC-10","Buffer Overflow via Environment Variables",[],{"id":25,"name":26,"techniques":27},"CAPEC-100","Overflow Buffers",[],{"id":29,"name":30,"techniques":31},"CAPEC-14","Client-side Injection-induced Buffer Overflow",[],{"id":33,"name":34,"techniques":35},"CAPEC-24","Filter Failure through Buffer Overflow",[],{"id":37,"name":38,"techniques":39},"CAPEC-42","MIME Conversion",[],{"id":41,"name":42,"techniques":43},"CAPEC-44","Overflow Binary Resource File",[],{"id":45,"name":46,"techniques":47},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":49,"name":50,"techniques":51},"CAPEC-46","Overflow Variables and Tags",[],{"id":53,"name":54,"techniques":55},"CAPEC-47","Buffer Overflow via Parameter Expansion",[],{"id":57,"name":58,"techniques":59},"CAPEC-67","String Format Overflow in syslog()",[],{"id":61,"name":62,"techniques":63},"CAPEC-8","Buffer Overflow in an API Call",[],{"id":65,"name":66,"techniques":67},"CAPEC-9","Buffer Overflow in Local Command-Line Utilities",[],{"id":69,"name":70,"techniques":71},"CAPEC-92","Forced Integer Overflow",[],[],[74,75,76],"GHSA-p49h-hjvm-jg3h","BIT-pillow-2020-5312","PYSEC-2020-83",[],[79,81,83,85,87,89,91,93,95,97,99,101,103,105,107],{"_key":80},"ALPINE-CVE-2020-5312",{"_key":82},"SUSE-RU-2020:2072-1",{"_key":84},"SUSE-RU-2020:2161-1",{"_key":86},"SUSE-SU-2020:1901-1",{"_key":88},"SUSE-SU-2020:2057-1",{"_key":90},"UBUNTU-CVE-2020-5312",{"_key":92},"USN-4272-1",{"_key":94},"DLA-2057-1",{"_key":96},"DSA-4631-1",{"_key":98},"RHSA-2020:0566",{"_key":100},"RHSA-2020:0578",{"_key":102},"RHSA-2020:0580",{"_key":104},"RHSA-2020:0898",{"_key":106},"MGASA-2020-0088",{"_key":108},"DEBIAN-CVE-2020-5312",[],[111,112,113,114,115],{"_key":82},{"_key":84},{"_key":86},{"_key":88},{"_key":106},"2020-01-03T00:52:34.000Z","2024-08-04T08:22:09.259Z","Modified",{"cisa_kev":120,"cisa_ransomware":120,"cisa_vendor":9,"epss_severity":121,"epss_score":122,"severity":123,"severity_score":124,"severity_version":125,"severity_source":126,"severity_vector":127,"severity_status":118},false,"low",0.01753,"critical",9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[129,139,145,151,156,162,166,171,175,179,183,187,191,195,199,203,207,212,216,220,224,228],{"url":130,"sources":131,"tags":134},"https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html",[132,126,133],"cve.org","osv_pypi",[135,136,137,138],"X Refsource MISC","Release Notes","Third Party Advisory","WEB",{"url":140,"sources":141,"tags":142},"https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd",[132,126,133],[135,143,137,138,144],"Patch","FIX",{"url":146,"sources":147,"tags":148},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/",[132,126],[149,150],"Vendor Advisory","X Refsource FEDORA",{"url":152,"sources":153,"tags":154},"https://usn.ubuntu.com/4272-1/",[132,126,133],[149,155,137,138],"X Refsource UBUNTU",{"url":157,"sources":158,"tags":159},"https://access.redhat.com/errata/RHSA-2020:0566",[132,126,133],[149,160,137,138,161],"X Refsource REDHAT","Advisory",{"url":163,"sources":164,"tags":165},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/",[132,126],[149,150],{"url":167,"sources":168,"tags":169},"https://www.debian.org/security/2020/dsa-4631",[132,126,133],[149,170,137,138,161],"X Refsource DEBIAN",{"url":172,"sources":173,"tags":174},"https://access.redhat.com/errata/RHSA-2020:0580",[132,126,133],[149,160,137,138,161],{"url":176,"sources":177,"tags":178},"https://access.redhat.com/errata/RHSA-2020:0578",[132,126,133],[149,160,137,138,161],{"url":180,"sources":181,"tags":182},"https://access.redhat.com/errata/RHSA-2020:0681",[132,126,133],[149,160,137,138,161],{"url":184,"sources":185,"tags":186},"https://access.redhat.com/errata/RHSA-2020:0683",[132,126,133],[149,160,137,138,161],{"url":188,"sources":189,"tags":190},"https://access.redhat.com/errata/RHSA-2020:0694",[132,126,133],[149,160,137,138,161],{"url":192,"sources":193,"tags":194},"https://nvd.nist.gov/vuln/detail/CVE-2020-5312",[133],[161],{"url":196,"sources":197,"tags":198},"https://usn.ubuntu.com/4272-1",[133],[138],{"url":200,"sources":201,"tags":202},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P",[133],[138],{"url":204,"sources":205,"tags":206},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A",[133],[138],{"url":208,"sources":209,"tags":210},"https://github.com/python-pillow/Pillow",[133],[211],"PACKAGE",{"url":213,"sources":214,"tags":215},"https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-83.yaml",[133],[138],{"url":217,"sources":218,"tags":219},"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-83.yaml",[133],[138],{"url":221,"sources":222,"tags":223},"https://github.com/advisories/GHSA-p49h-hjvm-jg3h",[133],[161],{"url":225,"sources":226,"tags":227},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/",[133],[138],{"url":229,"sources":230,"tags":231},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/",[133],[138],[],{"date":234,"score":122,"percentile":235},"2026-06-04",0.82918,[237,241,243,246,249,252,255,258,261,264,267,270,272,275,278,282,285,288,291,294,297,300,303,305,308,311,314,317,320,323,326,328,331,334,337,339,342,345,348,351,353,356,359,362,365,368,371,374,377,380,383,386,389,391,395,397,399,402,405,408,411,414,417,419,421,424,427,429,431,434,436,438,441,444,447,450,453,455,458,461,464,467,470,473,476,479,481,484,487,490],{"date":238,"score":239,"percentile":240},"2025-11-04",0.0173,0.8182,{"date":242,"score":239,"percentile":240},"2025-11-05",{"date":244,"score":239,"percentile":245},"2025-11-06",0.81823,{"date":247,"score":239,"percentile":248},"2025-11-07",0.81833,{"date":250,"score":239,"percentile":251},"2025-11-08",0.81841,{"date":253,"score":239,"percentile":254},"2025-11-09",0.81838,{"date":256,"score":239,"percentile":257},"2025-11-10",0.81831,{"date":259,"score":239,"percentile":260},"2025-11-11",0.81839,{"date":262,"score":239,"percentile":263},"2025-11-12",0.81849,{"date":265,"score":239,"percentile":266},"2025-11-13",0.81856,{"date":268,"score":239,"percentile":269},"2025-11-14",0.81861,{"date":271,"score":239,"percentile":266},"2025-11-15",{"date":273,"score":239,"percentile":274},"2025-11-16",0.81858,{"date":276,"score":239,"percentile":277},"2025-11-17",0.81855,{"date":279,"score":280,"percentile":281},"2025-11-18",0.07613,0.9095,{"date":283,"score":280,"percentile":284},"2025-11-19",0.90953,{"date":286,"score":280,"percentile":287},"2025-11-20",0.90959,{"date":289,"score":239,"percentile":290},"2025-11-21",0.81871,{"date":292,"score":239,"percentile":293},"2025-11-22",0.81874,{"date":295,"score":239,"percentile":296},"2025-11-23",0.81869,{"date":298,"score":239,"percentile":299},"2025-11-24",0.81867,{"date":301,"score":239,"percentile":302},"2025-11-25",0.81868,{"date":304,"score":239,"percentile":296},"2025-11-26",{"date":306,"score":239,"percentile":307},"2025-11-27",0.81875,{"date":309,"score":239,"percentile":310},"2025-11-28",0.81866,{"date":312,"score":239,"percentile":313},"2025-11-29",0.81872,{"date":315,"score":239,"percentile":316},"2025-11-30",0.81877,{"date":318,"score":239,"percentile":319},"2025-12-01",0.81948,{"date":321,"score":239,"percentile":322},"2025-12-02",0.81951,{"date":324,"score":239,"percentile":325},"2025-12-03",0.8195,{"date":327,"score":239,"percentile":307},"2025-12-04",{"date":329,"score":239,"percentile":330},"2025-12-05",0.81882,{"date":332,"score":239,"percentile":333},"2025-12-06",0.81881,{"date":335,"score":239,"percentile":336},"2025-12-07",0.81879,{"date":338,"score":239,"percentile":330},"2025-12-08",{"date":340,"score":239,"percentile":341},"2025-12-09",0.81899,{"date":343,"score":239,"percentile":344},"2025-12-10",0.81926,{"date":346,"score":239,"percentile":347},"2025-12-11",0.81944,{"date":349,"score":239,"percentile":350},"2025-12-12",0.81955,{"date":352,"score":239,"percentile":350},"2025-12-13",{"date":354,"score":239,"percentile":355},"2025-12-14",0.81953,{"date":357,"score":239,"percentile":358},"2025-12-15",0.81949,{"date":360,"score":239,"percentile":361},"2025-12-16",0.81959,{"date":363,"score":239,"percentile":364},"2025-12-17",0.81966,{"date":366,"score":239,"percentile":367},"2025-12-18",0.81978,{"date":369,"score":239,"percentile":370},"2025-12-19",0.81983,{"date":372,"score":239,"percentile":373},"2025-12-20",0.81975,{"date":375,"score":239,"percentile":376},"2025-12-21",0.81973,{"date":378,"score":239,"percentile":379},"2025-12-22",0.8197,{"date":381,"score":239,"percentile":382},"2025-12-23",0.81974,{"date":384,"score":239,"percentile":385},"2025-12-24",0.81982,{"date":387,"score":239,"percentile":388},"2025-12-25",0.81998,{"date":390,"score":239,"percentile":388},"2025-12-26",{"date":392,"score":393,"percentile":394},"2025-12-27",0.0229,0.84335,{"date":396,"score":239,"percentile":370},"2025-12-28",{"date":398,"score":239,"percentile":367},"2025-12-29",{"date":400,"score":239,"percentile":401},"2025-12-30",0.81986,{"date":403,"score":239,"percentile":404},"2025-12-31",0.82,{"date":406,"score":239,"percentile":407},"2026-01-01",0.82066,{"date":409,"score":239,"percentile":410},"2026-01-02",0.82062,{"date":412,"score":239,"percentile":413},"2026-01-03",0.82057,{"date":415,"score":239,"percentile":416},"2026-01-04",0.81977,{"date":418,"score":239,"percentile":376},"2026-01-05",{"date":420,"score":239,"percentile":367},"2026-01-06",{"date":422,"score":239,"percentile":423},"2026-01-07",0.8198,{"date":425,"score":239,"percentile":426},"2026-01-08",0.81988,{"date":428,"score":239,"percentile":426},"2026-01-09",{"date":430,"score":239,"percentile":426},"2026-01-10",{"date":432,"score":239,"percentile":433},"2026-01-11",0.81984,{"date":435,"score":239,"percentile":416},"2026-01-12",{"date":437,"score":239,"percentile":373},"2026-01-13",{"date":439,"score":239,"percentile":440},"2026-01-14",0.81997,{"date":442,"score":239,"percentile":443},"2026-01-15",0.81995,{"date":445,"score":239,"percentile":446},"2026-01-16",0.82005,{"date":448,"score":239,"percentile":449},"2026-01-17",0.82006,{"date":451,"score":239,"percentile":452},"2026-01-18",0.82003,{"date":454,"score":239,"percentile":388},"2026-01-19",{"date":456,"score":239,"percentile":457},"2026-01-20",0.82002,{"date":459,"score":239,"percentile":460},"2026-01-21",0.82009,{"date":462,"score":239,"percentile":463},"2026-01-22",0.82016,{"date":465,"score":239,"percentile":466},"2026-01-23",0.82041,{"date":468,"score":239,"percentile":469},"2026-01-24",0.82047,{"date":471,"score":239,"percentile":472},"2026-01-25",0.82038,{"date":474,"score":239,"percentile":475},"2026-01-26",0.82036,{"date":477,"score":239,"percentile":478},"2026-01-27",0.82034,{"date":480,"score":239,"percentile":478},"2026-01-28",{"date":482,"score":239,"percentile":483},"2026-01-29",0.82035,{"date":485,"score":239,"percentile":486},"2026-01-30",0.82037,{"date":488,"score":239,"percentile":489},"2026-01-31",0.82042,{"date":491,"score":239,"percentile":492},"2026-02-01",0.82117,[494,502],{"source":126,"cvss_v2_0":495,"cvss_v3_0":9,"cvss_v3_1":500,"cvss_v4_0":9},{"baseScore":496,"baseSeverity":9,"vectorString":497,"impactScore":498,"exploitabilityScore":499},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":124,"baseSeverity":501,"vectorString":127,"impactScore":124,"exploitabilityScore":499},"CRITICAL",{"source":133,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":503,"cvss_v4_0":504},{"baseScore":124,"baseSeverity":9,"vectorString":127,"impactScore":124,"exploitabilityScore":499},{"baseScore":505,"baseSeverity":9,"vectorString":506,"impactScore":9,"exploitabilityScore":9},9.3,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",[508,523,532,540,554],{"ecosystem":9,"name":509,"vendor":510,"product":511,"cpe_part":512,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":513},"ubuntu linux","canonical","ubuntu_linux","o",[514,517,519,521],{"version":515,"is_range":120,"range_type":516,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.04","cpe",{"version":518,"is_range":120,"range_type":516,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04",{"version":520,"is_range":120,"range_type":516,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.04",{"version":522,"is_range":120,"range_type":516,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"19.10",{"ecosystem":9,"name":524,"vendor":525,"product":526,"cpe_part":512,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":527},"debian linux","debian","debian_linux",[528,530],{"version":529,"is_range":120,"range_type":516,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"version":531,"is_range":120,"range_type":516,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0",{"ecosystem":9,"name":533,"vendor":534,"product":533,"cpe_part":512,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":535},"fedora","fedoraproject",[536,538],{"version":537,"is_range":120,"range_type":516,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"30",{"version":539,"is_range":120,"range_type":516,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"31",{"ecosystem":541,"name":542,"vendor":541,"product":542,"cpe_part":9,"purl_type":543,"purl_namespace":9,"purl_name":542,"source":9,"versions":544},"PyPI","pillow","pypi",[545,551],{"version":546,"is_range":547,"range_type":548,"version_start":9,"version_start_type":9,"version_end":549,"version_end_type":550,"fixed_in":9},"lt93b22b846e0269ee9594ff71a72bec02d2bea8fd",true,"ecosystem","93b22b846e0269ee9594ff71a72bec02d2bea8fd","excluding",{"version":552,"is_range":547,"range_type":548,"version_start":9,"version_start_type":9,"version_end":553,"version_end_type":550,"fixed_in":9},"lt6_2_2","6.2.2",{"ecosystem":9,"name":542,"vendor":555,"product":542,"cpe_part":556,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":557},"python","a",[558],{"version":559,"is_range":547,"range_type":516,"version_start":9,"version_start_type":9,"version_end":553,"version_end_type":550,"fixed_in":9},"lt6.2.2"]