[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-22816":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":23,"aliases":24,"duplicate_of":9,"upstream":28,"downstream":29,"duplicates":62,"related":63,"reserved_at":9,"published_at":68,"modified_at":69,"state":70,"summary":71,"references_raw":80,"kevs":134,"epss":135,"epss_history":138,"metrics":399,"affected":414},"CVE-2022-22816","path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-125","Out-of-bounds Read","The product reads data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-540","Overread Buffers",[],[],[25,26,27],"GHSA-xrcv-f9gm-v42c","BIT-pillow-2022-22816","PYSEC-2022-9",[],[30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60],{"_key":31},"ALPINE-CVE-2022-22816",{"_key":33},"RHSA-2022:0609",{"_key":35},"RHSA-2022:0665",{"_key":37},"RHSA-2022:0667",{"_key":39},"RHSA-2022:0669",{"_key":41},"SUSE-SU-2022:1729-1",{"_key":43},"SUSE-SU-2024:1673-2",{"_key":45},"UBUNTU-CVE-2022-22816",{"_key":47},"SUSE-SU-2024:1673-1",{"_key":49},"DLA-2893-1",{"_key":51},"DSA-5053-1",{"_key":53},"RHSA-2022:0643",{"_key":55},"MGASA-2022-0166",{"_key":57},"USN-5227-1",{"_key":59},"DEBIAN-CVE-2022-22816",{"_key":61},"USN-5227-2",[],[64,65,66,67],{"_key":41},{"_key":43},{"_key":47},{"_key":55},"2022-01-07T00:00:00.000Z","2024-08-03T03:21:49.162Z","Modified",{"cisa_kev":72,"cisa_ransomware":72,"cisa_vendor":9,"epss_severity":73,"epss_score":74,"severity":75,"severity_score":76,"severity_version":77,"severity_source":78,"severity_vector":79,"severity_status":70},false,"low",0.00137,"medium",6.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",[81,90,95,100,104,108,113,117,121,125,129],{"url":82,"sources":83,"tags":86},"https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling",[84,78,85],"cve.org","osv_pypi",[87,88,89],"Release Notes","Vendor Advisory","WEB",{"url":91,"sources":92,"tags":93},"https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331",[84,78,85],[94,89],"Third Party Advisory",{"url":96,"sources":97,"tags":98},"https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html",[84,78,85],[99,94,89],"Mailing List",{"url":101,"sources":102,"tags":103},"https://www.debian.org/security/2022/dsa-5053",[84,78,85],[88,94,89],{"url":105,"sources":106,"tags":107},"https://security.gentoo.org/glsa/202211-10",[84,78,85],[88,94,89],{"url":109,"sources":110,"tags":111},"https://nvd.nist.gov/vuln/detail/CVE-2022-22816",[85],[112],"Advisory",{"url":114,"sources":115,"tags":116},"https://github.com/python-pillow/Pillow/pull/5920",[85],[89],{"url":118,"sources":119,"tags":120},"https://github.com/python-pillow/Pillow/commit/5543e4e2d409cd9e409bc64cdc77be0af007a31f",[85],[89],{"url":122,"sources":123,"tags":124},"https://github.com/advisories/GHSA-xrcv-f9gm-v42c",[85],[112],{"url":126,"sources":127,"tags":128},"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-9.yaml",[85],[89],{"url":130,"sources":131,"tags":132},"https://github.com/python-pillow/Pillow",[85],[133],"PACKAGE",[],{"date":136,"score":74,"percentile":137},"2026-06-04",0.33338,[139,143,146,149,152,155,158,161,164,167,170,173,176,178,181,185,188,191,193,196,198,201,204,207,210,213,216,219,222,225,228,231,233,235,238,241,244,247,250,253,256,259,262,264,267,270,273,276,279,281,284,286,289,291,294,297,300,303,306,309,312,315,318,321,324,326,329,332,334,337,340,343,346,348,351,354,357,360,363,366,369,372,375,378,381,384,387,390,393,396],{"date":140,"score":141,"percentile":142},"2025-11-04",0.00138,0.34351,{"date":144,"score":141,"percentile":145},"2025-11-05",0.34338,{"date":147,"score":141,"percentile":148},"2025-11-06",0.34339,{"date":150,"score":141,"percentile":151},"2025-11-07",0.34357,{"date":153,"score":141,"percentile":154},"2025-11-08",0.3435,{"date":156,"score":141,"percentile":157},"2025-11-09",0.34332,{"date":159,"score":141,"percentile":160},"2025-11-10",0.34282,{"date":162,"score":141,"percentile":163},"2025-11-11",0.34309,{"date":165,"score":141,"percentile":166},"2025-11-12",0.34355,{"date":168,"score":141,"percentile":169},"2025-11-13",0.34372,{"date":171,"score":141,"percentile":172},"2025-11-14",0.34377,{"date":174,"score":141,"percentile":175},"2025-11-15",0.34376,{"date":177,"score":141,"percentile":154},"2025-11-16",{"date":179,"score":141,"percentile":180},"2025-11-17",0.34325,{"date":182,"score":183,"percentile":184},"2025-11-18",0.00945,0.74326,{"date":186,"score":183,"percentile":187},"2025-11-19",0.74334,{"date":189,"score":183,"percentile":190},"2025-11-20",0.74343,{"date":192,"score":141,"percentile":151},"2025-11-21",{"date":194,"score":141,"percentile":195},"2025-11-22",0.34359,{"date":197,"score":141,"percentile":180},"2025-11-23",{"date":199,"score":141,"percentile":200},"2025-11-24",0.343,{"date":202,"score":141,"percentile":203},"2025-11-25",0.34296,{"date":205,"score":141,"percentile":206},"2025-11-26",0.34294,{"date":208,"score":141,"percentile":209},"2025-11-27",0.34304,{"date":211,"score":141,"percentile":212},"2025-11-28",0.34285,{"date":214,"score":141,"percentile":215},"2025-11-29",0.34268,{"date":217,"score":141,"percentile":218},"2025-11-30",0.34247,{"date":220,"score":141,"percentile":221},"2025-12-01",0.34349,{"date":223,"score":141,"percentile":224},"2025-12-02",0.34363,{"date":226,"score":141,"percentile":227},"2025-12-03",0.34361,{"date":229,"score":141,"percentile":230},"2025-12-04",0.34253,{"date":232,"score":141,"percentile":212},"2025-12-05",{"date":234,"score":141,"percentile":212},"2025-12-06",{"date":236,"score":141,"percentile":237},"2025-12-07",0.34262,{"date":239,"score":141,"percentile":240},"2025-12-08",0.34273,{"date":242,"score":141,"percentile":243},"2025-12-09",0.34315,{"date":245,"score":141,"percentile":246},"2025-12-10",0.34366,{"date":248,"score":141,"percentile":249},"2025-12-11",0.34388,{"date":251,"score":141,"percentile":252},"2025-12-12",0.34415,{"date":254,"score":141,"percentile":255},"2025-12-13",0.34397,{"date":257,"score":141,"percentile":258},"2025-12-14",0.3437,{"date":260,"score":141,"percentile":261},"2025-12-15",0.34329,{"date":263,"score":141,"percentile":166},"2025-12-16",{"date":265,"score":141,"percentile":266},"2025-12-17",0.34406,{"date":268,"score":141,"percentile":269},"2025-12-18",0.34454,{"date":271,"score":141,"percentile":272},"2025-12-19",0.34476,{"date":274,"score":141,"percentile":275},"2025-12-20",0.3446,{"date":277,"score":141,"percentile":278},"2025-12-21",0.34405,{"date":280,"score":141,"percentile":175},"2025-12-22",{"date":282,"score":141,"percentile":283},"2025-12-23",0.34369,{"date":285,"score":141,"percentile":224},"2025-12-24",{"date":287,"score":141,"percentile":288},"2025-12-25",0.34427,{"date":290,"score":141,"percentile":266},"2025-12-26",{"date":292,"score":141,"percentile":293},"2025-12-27",0.34422,{"date":295,"score":141,"percentile":296},"2025-12-28",0.34318,{"date":298,"score":141,"percentile":299},"2025-12-29",0.34286,{"date":301,"score":141,"percentile":302},"2025-12-30",0.34275,{"date":304,"score":141,"percentile":305},"2025-12-31",0.34326,{"date":307,"score":141,"percentile":308},"2026-01-01",0.34479,{"date":310,"score":141,"percentile":311},"2026-01-02",0.34472,{"date":313,"score":141,"percentile":314},"2026-01-03",0.34458,{"date":316,"score":141,"percentile":317},"2026-01-04",0.34311,{"date":319,"score":141,"percentile":320},"2026-01-05",0.34292,{"date":322,"score":141,"percentile":323},"2026-01-06",0.34303,{"date":325,"score":141,"percentile":296},"2026-01-07",{"date":327,"score":141,"percentile":328},"2026-01-08",0.34345,{"date":330,"score":141,"percentile":331},"2026-01-09",0.34342,{"date":333,"score":141,"percentile":328},"2026-01-10",{"date":335,"score":141,"percentile":336},"2026-01-11",0.34324,{"date":338,"score":141,"percentile":339},"2026-01-12",0.34258,{"date":341,"score":141,"percentile":342},"2026-01-13",0.34246,{"date":344,"score":141,"percentile":345},"2026-01-14",0.34284,{"date":347,"score":141,"percentile":302},"2026-01-15",{"date":349,"score":141,"percentile":350},"2026-01-16",0.34297,{"date":352,"score":141,"percentile":353},"2026-01-17",0.34281,{"date":355,"score":141,"percentile":356},"2026-01-18",0.34225,{"date":358,"score":141,"percentile":359},"2026-01-19",0.34189,{"date":361,"score":141,"percentile":362},"2026-01-20",0.34171,{"date":364,"score":141,"percentile":365},"2026-01-21",0.34138,{"date":367,"score":141,"percentile":368},"2026-01-22",0.34115,{"date":370,"score":141,"percentile":371},"2026-01-23",0.34175,{"date":373,"score":141,"percentile":374},"2026-01-24",0.34184,{"date":376,"score":141,"percentile":377},"2026-01-25",0.34126,{"date":379,"score":141,"percentile":380},"2026-01-26",0.34036,{"date":382,"score":141,"percentile":383},"2026-01-27",0.34029,{"date":385,"score":141,"percentile":386},"2026-01-28",0.34006,{"date":388,"score":141,"percentile":389},"2026-01-29",0.33967,{"date":391,"score":141,"percentile":392},"2026-01-30",0.33953,{"date":394,"score":141,"percentile":395},"2026-01-31",0.33962,{"date":397,"score":141,"percentile":398},"2026-02-01",0.3406,[400,409],{"source":78,"cvss_v2_0":401,"cvss_v3_0":9,"cvss_v3_1":406,"cvss_v4_0":9},{"baseScore":402,"baseSeverity":9,"vectorString":403,"impactScore":404,"exploitabilityScore":405},6.4,"AV:N/AC:L/Au:N/C:N/I:P/A:P",4.9,10,{"baseScore":76,"baseSeverity":407,"vectorString":79,"impactScore":408,"exploitabilityScore":405},"MEDIUM",4.2,{"source":85,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":410,"cvss_v4_0":411},{"baseScore":76,"baseSeverity":9,"vectorString":79,"impactScore":408,"exploitabilityScore":405},{"baseScore":412,"baseSeverity":9,"vectorString":413,"impactScore":9,"exploitabilityScore":9},6.9,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",[415,428,439],{"ecosystem":9,"name":416,"vendor":417,"product":418,"cpe_part":419,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":420},"debian linux","debian","debian_linux","o",[421,424,426],{"version":422,"is_range":72,"range_type":423,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0","cpe",{"version":425,"is_range":72,"range_type":423,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0",{"version":427,"is_range":72,"range_type":423,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0",{"ecosystem":429,"name":430,"vendor":429,"product":430,"cpe_part":9,"purl_type":431,"purl_namespace":9,"purl_name":430,"source":9,"versions":432},"PyPI","pillow","pypi",[433],{"version":434,"is_range":435,"range_type":436,"version_start":9,"version_start_type":9,"version_end":437,"version_end_type":438,"fixed_in":9},"lt9_0_0",true,"ecosystem","9.0.0","excluding",{"ecosystem":9,"name":430,"vendor":440,"product":430,"cpe_part":441,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":442},"python","a",[443],{"version":444,"is_range":435,"range_type":423,"version_start":9,"version_start_type":9,"version_end":437,"version_end_type":438,"fixed_in":9},"lt9.0.0"]