[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-30595":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":30,"duplicate_of":9,"upstream":34,"downstream":35,"duplicates":46,"related":47,"reserved_at":9,"published_at":51,"modified_at":52,"state":53,"summary":54,"references_raw":62,"kevs":95,"epss":96,"epss_history":99,"metrics":360,"affected":371},"CVE-2022-30595","libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-787","Out-of-bounds Write","The product writes data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base","High",[],[21],{"_key":22,"name":23,"source":24,"url":25,"maturity":26,"reliability_score":27,"verified":28,"type":9,"platforms":29,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_PYTHON-PILLOW_PILLOW","Pillow","github","https://github.com/python-pillow/Pillow/blob/main/src/libImaging/TgaRleDecode.c","poc",0.3,false,[],[31,32,33],"GHSA-hr8g-f6r6-mr22","BIT-pillow-2022-30595","PYSEC-2022-43145",[],[36,38,40,42,44],{"_key":37},"UBUNTU-CVE-2022-30595",{"_key":39},"OPENSUSE-SU-2024:12111-1",{"_key":41},"OPENSUSE-SU-2025:14645-1",{"_key":43},"MGASA-2023-0164",{"_key":45},"DEBIAN-CVE-2022-30595",[],[48,49,50],{"_key":39},{"_key":41},{"_key":43},"2022-05-25T11:46:45.000Z","2024-08-03T06:56:12.974Z","Modified",{"cisa_kev":28,"cisa_ransomware":28,"cisa_vendor":9,"epss_severity":55,"epss_score":56,"severity":57,"severity_score":58,"severity_version":59,"severity_source":60,"severity_vector":61,"severity_status":53},"low",0.00604,"critical",9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[63,72,77,82,86,90],{"url":25,"sources":64,"tags":67},[65,60,66],"cve.org","osv_pypi",[68,69,70,71],"X Refsource MISC","Exploit","Third Party Advisory","WEB",{"url":73,"sources":74,"tags":75},"https://pillow.readthedocs.io/en/stable/releasenotes/9.1.1.html",[65,60,66],[68,76,70,71],"Release Notes",{"url":78,"sources":79,"tags":80},"https://nvd.nist.gov/vuln/detail/CVE-2022-30595",[66],[81],"Advisory",{"url":83,"sources":84,"tags":85},"https://github.com/python-pillow/Pillow/commit/c846cc881ebe34e3518412c2e3636433d9947280",[66],[71],{"url":87,"sources":88,"tags":89},"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-43145.yaml",[66],[71],{"url":91,"sources":92,"tags":93},"https://github.com/python-pillow/Pillow",[66],[94],"PACKAGE",[],{"date":97,"score":56,"percentile":98},"2026-06-04",0.69974,[100,104,107,110,113,116,119,121,124,127,130,133,136,138,140,144,147,150,154,158,161,163,166,169,172,175,177,179,182,185,188,191,194,196,199,201,204,207,210,213,216,219,223,226,229,232,235,238,241,244,247,250,253,256,259,262,265,267,270,273,276,278,281,283,286,289,292,295,298,301,304,306,309,312,315,318,321,324,326,329,332,335,338,341,343,346,349,351,354,357],{"date":101,"score":102,"percentile":103},"2025-11-04",0.03569,0.87219,{"date":105,"score":102,"percentile":106},"2025-11-05",0.87221,{"date":108,"score":102,"percentile":109},"2025-11-06",0.87218,{"date":111,"score":102,"percentile":112},"2025-11-07",0.87226,{"date":114,"score":102,"percentile":115},"2025-11-08",0.87229,{"date":117,"score":102,"percentile":118},"2025-11-09",0.87223,{"date":120,"score":102,"percentile":106},"2025-11-10",{"date":122,"score":102,"percentile":123},"2025-11-11",0.87227,{"date":125,"score":102,"percentile":126},"2025-11-12",0.87233,{"date":128,"score":102,"percentile":129},"2025-11-13",0.87238,{"date":131,"score":102,"percentile":132},"2025-11-14",0.8724,{"date":134,"score":102,"percentile":135},"2025-11-15",0.87236,{"date":137,"score":102,"percentile":132},"2025-11-16",{"date":139,"score":102,"percentile":135},"2025-11-17",{"date":141,"score":142,"percentile":143},"2025-11-18",0.0045,0.60969,{"date":145,"score":142,"percentile":146},"2025-11-19",0.6098,{"date":148,"score":142,"percentile":149},"2025-11-20",0.6097,{"date":151,"score":152,"percentile":153},"2025-11-21",0.03754,0.87551,{"date":155,"score":156,"percentile":157},"2025-11-22",0.01135,0.77752,{"date":159,"score":156,"percentile":160},"2025-11-23",0.77737,{"date":162,"score":156,"percentile":160},"2025-11-24",{"date":164,"score":156,"percentile":165},"2025-11-25",0.77743,{"date":167,"score":156,"percentile":168},"2025-11-26",0.77751,{"date":170,"score":156,"percentile":171},"2025-11-27",0.77754,{"date":173,"score":156,"percentile":174},"2025-11-28",0.77745,{"date":176,"score":156,"percentile":171},"2025-11-29",{"date":178,"score":156,"percentile":168},"2025-11-30",{"date":180,"score":156,"percentile":181},"2025-12-01",0.77859,{"date":183,"score":156,"percentile":184},"2025-12-02",0.77868,{"date":186,"score":156,"percentile":187},"2025-12-03",0.77852,{"date":189,"score":156,"percentile":190},"2025-12-04",0.77741,{"date":192,"score":156,"percentile":193},"2025-12-05",0.77747,{"date":195,"score":156,"percentile":168},"2025-12-06",{"date":197,"score":156,"percentile":198},"2025-12-07",0.77746,{"date":200,"score":156,"percentile":168},"2025-12-08",{"date":202,"score":156,"percentile":203},"2025-12-09",0.77773,{"date":205,"score":156,"percentile":206},"2025-12-10",0.77797,{"date":208,"score":156,"percentile":209},"2025-12-11",0.77812,{"date":211,"score":156,"percentile":212},"2025-12-12",0.77832,{"date":214,"score":156,"percentile":215},"2025-12-13",0.77834,{"date":217,"score":156,"percentile":218},"2025-12-14",0.77831,{"date":220,"score":221,"percentile":222},"2025-12-15",0.0048,0.64325,{"date":224,"score":221,"percentile":225},"2025-12-16",0.6434,{"date":227,"score":221,"percentile":228},"2025-12-17",0.64355,{"date":230,"score":221,"percentile":231},"2025-12-18",0.64391,{"date":233,"score":221,"percentile":234},"2025-12-19",0.64407,{"date":236,"score":221,"percentile":237},"2025-12-20",0.64404,{"date":239,"score":221,"percentile":240},"2025-12-21",0.64393,{"date":242,"score":221,"percentile":243},"2025-12-22",0.64388,{"date":245,"score":221,"percentile":246},"2025-12-23",0.64394,{"date":248,"score":221,"percentile":249},"2025-12-24",0.64399,{"date":251,"score":221,"percentile":252},"2025-12-25",0.64423,{"date":254,"score":221,"percentile":255},"2025-12-26",0.64424,{"date":257,"score":221,"percentile":258},"2025-12-27",0.64476,{"date":260,"score":221,"percentile":261},"2025-12-28",0.644,{"date":263,"score":221,"percentile":264},"2025-12-29",0.6439,{"date":266,"score":221,"percentile":234},"2025-12-30",{"date":268,"score":221,"percentile":269},"2025-12-31",0.64431,{"date":271,"score":221,"percentile":272},"2026-01-01",0.64621,{"date":274,"score":221,"percentile":275},"2026-01-02",0.64607,{"date":277,"score":221,"percentile":275},"2026-01-03",{"date":279,"score":221,"percentile":280},"2026-01-04",0.6443,{"date":282,"score":221,"percentile":252},"2026-01-05",{"date":284,"score":221,"percentile":285},"2026-01-06",0.6442,{"date":287,"score":221,"percentile":288},"2026-01-07",0.64441,{"date":290,"score":221,"percentile":291},"2026-01-08",0.64462,{"date":293,"score":221,"percentile":294},"2026-01-09",0.64463,{"date":296,"score":221,"percentile":297},"2026-01-10",0.6446,{"date":299,"score":221,"percentile":300},"2026-01-11",0.6445,{"date":302,"score":221,"percentile":303},"2026-01-12",0.64436,{"date":305,"score":221,"percentile":280},"2026-01-13",{"date":307,"score":221,"percentile":308},"2026-01-14",0.64465,{"date":310,"score":221,"percentile":311},"2026-01-15",0.64482,{"date":313,"score":221,"percentile":314},"2026-01-16",0.64501,{"date":316,"score":221,"percentile":317},"2026-01-17",0.64489,{"date":319,"score":221,"percentile":320},"2026-01-18",0.64478,{"date":322,"score":221,"percentile":323},"2026-01-19",0.64466,{"date":325,"score":221,"percentile":320},"2026-01-20",{"date":327,"score":221,"percentile":328},"2026-01-21",0.64488,{"date":330,"score":221,"percentile":331},"2026-01-22",0.64496,{"date":333,"score":221,"percentile":334},"2026-01-23",0.64524,{"date":336,"score":221,"percentile":337},"2026-01-24",0.64531,{"date":339,"score":221,"percentile":340},"2026-01-25",0.64497,{"date":342,"score":221,"percentile":311},"2026-01-26",{"date":344,"score":221,"percentile":345},"2026-01-27",0.64491,{"date":347,"score":221,"percentile":348},"2026-01-28",0.64502,{"date":350,"score":221,"percentile":348},"2026-01-29",{"date":352,"score":221,"percentile":353},"2026-01-30",0.6451,{"date":355,"score":221,"percentile":356},"2026-01-31",0.64513,{"date":358,"score":221,"percentile":359},"2026-02-01",0.64662,[361,369],{"source":60,"cvss_v2_0":362,"cvss_v3_0":9,"cvss_v3_1":367,"cvss_v4_0":9},{"baseScore":363,"baseSeverity":9,"vectorString":364,"impactScore":365,"exploitabilityScore":366},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":58,"baseSeverity":368,"vectorString":61,"impactScore":58,"exploitabilityScore":366},"CRITICAL",{"source":66,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":370,"cvss_v4_0":9},{"baseScore":58,"baseSeverity":9,"vectorString":61,"impactScore":58,"exploitabilityScore":366},[372,385],{"ecosystem":373,"name":374,"vendor":373,"product":374,"cpe_part":9,"purl_type":375,"purl_namespace":9,"purl_name":374,"source":9,"versions":376},"PyPI","pillow","pypi",[377],{"version":378,"is_range":379,"range_type":380,"version_start":381,"version_start_type":382,"version_end":383,"version_end_type":384,"fixed_in":9},"gte9_1_0_lt9_1_1",true,"ecosystem","9.1.0","including","9.1.1","excluding",{"ecosystem":9,"name":374,"vendor":386,"product":374,"cpe_part":387,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":388},"python","a",[389],{"version":381,"is_range":28,"range_type":390,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"cpe"]