Critical
High
Medium
Low
Secrets
Misconfig
| Severity | CVE ID | Package | Installed | Fixed In | Description |
|---|---|---|---|---|---|
| HIGH | CVE-2026-25990 | pillow | 12.1.0 | 12.1.1 | pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image |
| Type | File | Line | Match |
|---|---|---|---|
| GitHub | security-reports/gitleaks-report.json | 9 | "Match": "**************************************... |
| GitHub | security-reports/gitleaks-report.json | 10 | "Secret": "*************************************... |
| Severity | ID | Check | File | Message |
|---|---|---|---|---|
| ✅ No misconfigurations found | ||||
{
"SchemaVersion": 2,
"Trivy": {
"Version": "0.69.0"
},
"ReportID": "019c55b0-5729-7067-a6e4-59900d4c1597",
"CreatedAt": "2026-02-13T06:29:05.961027407Z",
"ArtifactID": "sha256:aa3f577a49fe1a6b88b5e50b43369ccbac98d05a59567b8a9ecb46af48d237c2",
"ArtifactName": "/src",
"ArtifactType": "repository",
"Metadata": {
"RepoURL": "https://github.com/eizen-ai/eizen-vip-labelling-tool.git",
"Branch": "merge-v1",
"Commit": "b051e354dec088621d329939dec1fc1f6603d920",
"CommitMsg": "dependency_issues_fix",
"Author": "eizen-prasad <prasad.ayithireddi@eizen.ai>",
"Committer": "eizen-prasad <prasad.ayithireddi@eizen.ai>"
},
"Results": [
{
"Target": "requirements.txt",
"Class": "lang-pkgs",
"Type": "pip",
"Packages": [
{
"Name": "boto3",
"Identifier": {
"PURL": "pkg:pypi/boto3@1.42.43",
"UID": "bd0599cc311f0a6b"
},
"Version": "1.42.43",
"Locations": [
{
"StartLine": 14,
"EndLine": 14
}
],
"AnalyzedBy": "pip"
},
{
"Name": "fastapi",
"Identifier": {
"PURL": "pkg:pypi/fastapi@0.127.0",
"UID": "879d52e1d11b3eb0"
},
"Version": "0.127.0",
"Locations": [
{
"StartLine": 5,
"EndLine": 5
}
],
"AnalyzedBy": "pip"
},
{
"Name": "httpx",
"Identifier": {
"PURL": "pkg:pypi/httpx@0.28.1",
"UID": "d9e209a6c6536fbb"
},
"Version": "0.28.1",
"Locations": [
{
"StartLine": 11,
"EndLine": 11
}
],
"AnalyzedBy": "pip"
},
{
"Name": "label-studio-sdk",
"Identifier": {
"PURL": "pkg:pypi/label-studio-sdk@2.0.17",
"UID": "38999f36733efe3a"
},
"Version": "2.0.17",
"Locations": [
{
"StartLine": 20,
"EndLine": 20
}
],
"AnalyzedBy": "pip"
},
{
"Name": "numpy",
"Identifier": {
"PURL": "pkg:pypi/numpy@2.4.0",
"UID": "ab5396ad4f039854"
},
"Version": "2.4.0",
"Locations": [
{
"StartLine": 28,
"EndLine": 28
}
],
"AnalyzedBy": "pip"
},
{
"Name": "opencv-python-headless",
"Identifier": {
"PURL": "pkg:pypi/opencv-python-headless@4.13.0.92",
"UID": "bf9bfad75b1afb27"
},
"Version": "4.13.0.92",
"Locations": [
{
"StartLine": 23,
"EndLine": 23
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pillow",
"Identifier": {
"PURL": "pkg:pypi/pillow@12.1.0",
"UID": "1088d333b1f8ded3"
},
"Version": "12.1.0",
"Locations": [
{
"StartLine": 24,
"EndLine": 24
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pymongo",
"Identifier": {
"PURL": "pkg:pypi/pymongo@4.16.0",
"UID": "35456bcbd28e87a2"
},
"Version": "4.16.0",
"Locations": [
{
"StartLine": 17,
"EndLine": 17
}
],
"AnalyzedBy": "pip"
},
{
"Name": "python-dotenv",
"Identifier": {
"PURL": "pkg:pypi/python-dotenv@1.2.1",
"UID": "e889fb1d06d5838d"
},
"Version": "1.2.1",
"Locations": [
{
"StartLine": 7,
"EndLine": 7
}
],
"AnalyzedBy": "pip"
},
{
"Name": "requests",
"Identifier": {
"PURL": "pkg:pypi/requests@2.32.5",
"UID": "d8a5b80df8d5f06c"
},
"Version": "2.32.5",
"Locations": [
{
"StartLine": 10,
"EndLine": 10
}
],
"AnalyzedBy": "pip"
},
{
"Name": "schedule",
"Identifier": {
"PURL": "pkg:pypi/schedule@1.2.2",
"UID": "238f5dcd8d7b30de"
},
"Version": "1.2.2",
"Locations": [
{
"StartLine": 31,
"EndLine": 31
}
],
"AnalyzedBy": "pip"
},
{
"Name": "tqdm",
"Identifier": {
"PURL": "pkg:pypi/tqdm@4.67.3",
"UID": "7e176976377d79f1"
},
"Version": "4.67.3",
"Locations": [
{
"StartLine": 27,
"EndLine": 27
}
],
"AnalyzedBy": "pip"
},
{
"Name": "uvicorn",
"Identifier": {
"PURL": "pkg:pypi/uvicorn@0.40.0",
"UID": "fade4ca2f21f9b21"
},
"Version": "0.40.0",
"Locations": [
{
"StartLine": 6,
"EndLine": 6
}
],
"AnalyzedBy": "pip"
}
],
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2026-25990",
"VendorIDs": [
"GHSA-cfh3-3jmp-rvhc"
],
"PkgName": "pillow",
"PkgIdentifier": {
"PURL": "pkg:pypi/pillow@12.1.0",
"UID": "1088d333b1f8ded3"
},
"InstalledVersion": "12.1.0",
"FixedVersion": "12.1.1",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25990",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Fingerprint": "sha256:97964df14aa936a93109802382acf1a65f897e7982af65b1bfb3cddadfd9f883",
"Title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image",
"Description": "Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.",
"Severity": "HIGH",
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"ghsa": 3,
"redhat": 3
},
"CVSS": {
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"V3Score": 7.3
}
},
"References": [
"http://www.openwall.com/lists/oss-security/2026/02/12/1",
"https://access.redhat.com/security/cve/CVE-2026-25990",
"https://github.com/python-pillow/Pillow",
"https://github.com/python-pillow/Pillow/commit/54ba4db542ad3c7b918812a4e2d69c27735a3199",
"https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
"https://github.com/python-pillow/Pillow/pull/9427",
"https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
"https://nvd.nist.gov/vuln/detail/CVE-2026-25990",
"https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html",
"https://www.cve.org/CVERecord?id=CVE-2026-25990"
],
"PublishedDate": "2026-02-11T21:16:20.67Z",
"LastModifiedDate": "2026-02-12T15:10:37.307Z"
}
]
},
{
"Target": "Dockerfile",
"Class": "config",
"Type": "dockerfile",
"MisconfSummary": {
"Successes": 24,
"Failures": 0
}
},
{
"Target": "Dockerfile.dev",
"Class": "config",
"Type": "dockerfile",
"MisconfSummary": {
"Successes": 24,
"Failures": 0
}
},
{
"Target": "security-reports/gitleaks-report.json",
"Class": "secret",
"Secrets": [
{
"RuleID": "github-pat",
"Category": "GitHub",
"Severity": "CRITICAL",
"Title": "GitHub Personal Access Token",
"StartLine": 9,
"EndLine": 9,
"Code": {
"Lines": [
{
"Number": 7,
"Content": " \"StartColumn\": 32,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"StartColumn\": 32,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 8,
"Content": " \"EndColumn\": 71,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"EndColumn\": 71,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 9,
"Content": " \"Match\": \"****************************************\",",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Match\": \"****************************************\",",
"FirstCause": true,
"LastCause": true
},
{
"Number": 10,
"Content": " \"Secret\": \"****************************************\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Secret\": \"****************************************\",",
"FirstCause": false,
"LastCause": false
}
]
},
"Match": " \"Match\": \"****************************************\",",
"Offset": 265
},
{
"RuleID": "github-pat",
"Category": "GitHub",
"Severity": "CRITICAL",
"Title": "GitHub Personal Access Token",
"StartLine": 10,
"EndLine": 10,
"Code": {
"Lines": [
{
"Number": 8,
"Content": " \"EndColumn\": 71,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"EndColumn\": 71,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 9,
"Content": " \"Match\": \"****************************************\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Match\": \"****************************************\",",
"FirstCause": false,
"LastCause": false
},
{
"Number": 10,
"Content": " \"Secret\": \"****************************************\",",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Secret\": \"****************************************\",",
"FirstCause": true,
"LastCause": true
},
{
"Number": 11,
"Content": " \"File\": \".gitmodules\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"File\": \".gitmodules\",",
"FirstCause": false,
"LastCause": false
}
]
},
"Match": " \"Secret\": \"****************************************\",",
"Offset": 321
}
]
}
]
}