Root has patched CVE-2026-42309 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available.
{ "distro": "pypi", "source": "Root", "distro_version": "", "severity": "MEDIUM" }
"root.io.6"
2.0
"https://api.root.io/external/osv/ROOT-APP-PYPI-CVE-2026-42309.json"
"12.1.0"
true
[ "12.1.0+root.io.5", "12.1.0+root.io.6" ]