📂 Vulnerable Library - matplotlib-3.9.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Python plotting package
Path to dependency file: /examples/ai/aws_bedrock_image_search/.ws-temp-WEFZMN-requirements.txt
Path to vulnerable library: /home/wss-scanner/.cache/pypoetry/virtualenvs/image-search-bipmuT-o-py3.11/lib/python3.11/site-packages/matplotlib-3.9.1.dist-info
Findings
| Finding |
Severity |
🎯 CVSS |
Exploit Maturity |
EPSS |
Library |
Type |
Fixed in |
Remediation Available |
Reachability |
| CVE-2026-25990 |
🟣 Critical |
9.8 |
Not Defined |
< 1% |
pillow-10.4.0-cp311-cp311-manylinux_2_28_x86_64.whl |
Transitive |
N/A |
❌ |
 Unreachable |
| CVE-2025-66034 |
🟠 Medium |
6.3 |
Not Defined |
< 1% |
fonttools-4.53.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
Transitive |
N/A |
❌ |
Unreachable |
Details
🟣CVE-2026-25990
Vulnerable Library - pillow-10.4.0-cp311-cp311-manylinux_2_28_x86_64.whl
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/ba/e5/8c68ff608a4203085158cff5cc2a3c534ec384536d9438c405ed6370d080/pillow-10.4.0-cp311-cp311-manylinux_2_28_x86_64.whl
Path to dependency file: /examples/ai/aws_bedrock_image_search/.ws-temp-WEFZMN-requirements.txt
Path to vulnerable library: /home/wss-scanner/.cache/pypoetry/virtualenvs/image-search-bipmuT-o-py3.11/lib/python3.11/site-packages/pillow-10.4.0.dist-info
Dependency Hierarchy:
- matplotlib-3.9.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Root Library)
- ❌ pillow-10.4.0-cp311-cp311-manylinux_2_28_x86_64.whl (Vulnerable Library)
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.
Publish Date: Feb 11, 2026 08:53 PM
URL: CVE-2026-25990
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 9.8
Suggested Fix
Type: Upgrade version
Origin: GHSA-cfh3-3jmp-rvhc
Release Date: Feb 11, 2026 08:53 PM
Fix Resolution : pillow - 12.1.1,https://github.com/python-pillow/Pillow.git - 12.1.1
🟠CVE-2025-66034
Vulnerable Library - fonttools-4.53.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Tools to manipulate font files
Library home page: https://files.pythonhosted.org/packages/a4/22/0a0ad59d9367997fd74a00ad2e88d10559122e09f105e94d34c155aecc0a/fonttools-4.53.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Path to dependency file: /examples/ai/aws_bedrock_image_search/.ws-temp-WEFZMN-requirements.txt
Path to vulnerable library: /home/wss-scanner/.cache/pypoetry/virtualenvs/image-search-bipmuT-o-py3.11/lib/python3.11/site-packages/fonttools-4.53.1.dist-info
Dependency Hierarchy:
- matplotlib-3.9.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Root Library)
- ❌ fonttools-4.53.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLib) script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main() code path of fontTools.varLib, used by the fonttools varLib CLI and any code that invokes fontTools.varLib.main(). This issue has been patched in version 4.60.2.
Publish Date: Nov 29, 2025 01:07 AM
URL: CVE-2025-66034
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 6.3
Suggested Fix
Type: Upgrade version
Origin: GHSA-768j-98cg-p3fv
Release Date: Nov 29, 2025 01:07 AM
Fix Resolution : fonttools - 4.60.2,fonttools - 4.60.2,https://github.com/fonttools/fonttools.git - 4.60.2
📂 Vulnerable Library - matplotlib-3.9.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Python plotting package
Path to dependency file: /examples/ai/aws_bedrock_image_search/.ws-temp-WEFZMN-requirements.txt
Path to vulnerable library: /home/wss-scanner/.cache/pypoetry/virtualenvs/image-search-bipmuT-o-py3.11/lib/python3.11/site-packages/matplotlib-3.9.1.dist-info
Findings
Details
🟣CVE-2026-25990
Vulnerable Library - pillow-10.4.0-cp311-cp311-manylinux_2_28_x86_64.whl
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/ba/e5/8c68ff608a4203085158cff5cc2a3c534ec384536d9438c405ed6370d080/pillow-10.4.0-cp311-cp311-manylinux_2_28_x86_64.whl
Path to dependency file: /examples/ai/aws_bedrock_image_search/.ws-temp-WEFZMN-requirements.txt
Path to vulnerable library: /home/wss-scanner/.cache/pypoetry/virtualenvs/image-search-bipmuT-o-py3.11/lib/python3.11/site-packages/pillow-10.4.0.dist-info
Dependency Hierarchy:
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.
Publish Date: Feb 11, 2026 08:53 PM
URL: CVE-2026-25990
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 9.8
Suggested Fix
Type: Upgrade version
Origin: GHSA-cfh3-3jmp-rvhc
Release Date: Feb 11, 2026 08:53 PM
Fix Resolution : pillow - 12.1.1,https://github.com/python-pillow/Pillow.git - 12.1.1
🟠CVE-2025-66034
Vulnerable Library - fonttools-4.53.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Tools to manipulate font files
Library home page: https://files.pythonhosted.org/packages/a4/22/0a0ad59d9367997fd74a00ad2e88d10559122e09f105e94d34c155aecc0a/fonttools-4.53.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Path to dependency file: /examples/ai/aws_bedrock_image_search/.ws-temp-WEFZMN-requirements.txt
Path to vulnerable library: /home/wss-scanner/.cache/pypoetry/virtualenvs/image-search-bipmuT-o-py3.11/lib/python3.11/site-packages/fonttools-4.53.1.dist-info
Dependency Hierarchy:
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLib) script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main() code path of fontTools.varLib, used by the fonttools varLib CLI and any code that invokes fontTools.varLib.main(). This issue has been patched in version 4.60.2.
Publish Date: Nov 29, 2025 01:07 AM
URL: CVE-2025-66034
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 6.3
Suggested Fix
Type: Upgrade version
Origin: GHSA-768j-98cg-p3fv
Release Date: Nov 29, 2025 01:07 AM
Fix Resolution : fonttools - 4.60.2,fonttools - 4.60.2,https://github.com/fonttools/fonttools.git - 4.60.2