pkg:PyPI/pillow

115 total CVEsCRITICAL20HIGH60MEDIUM35

✅ Check your installed version

All known vulnerabilities

HIGH8.8CVE-2023-4863⚠ KEVlibwebp: OOB write in BuildHuffmanTable
from 0, < 10.0.1
HIGH8.8CVE-2023-4863⚠ KEVlibwebp: OOB write in BuildHuffmanTable
from 0, < 10.0.1
CRITICAL9.8CVE-2020-5311Buffer Copy without Checking Size of Input in Pillow
from 0, < a79b65c47c7dc6fe623aadf09aa6192fc54548f3 | from 0, < 6.2.2
CRITICAL9.8CVE-2020-5311Buffer Copy without Checking Size of Input in Pillow
from 0, < 6.2.2
CRITICAL9.8CVE-2014-3007Pillow command injection
from 0, < 2.5.0
CRITICAL9.8CVE-2014-3007Pillow command injection
from 0, < 2.5.0
CRITICAL9.8CVE-2022-22817Arbitrary expression injection in Pillow
from 0, < 9.0.0
CRITICAL9.8CVE-2022-22817Arbitrary expression injection in Pillow
from 0, < 9.0.1
CRITICAL9.8CVE-2020-5312PCX P mode buffer overflow in Pillow
from 0, < 93b22b846e0269ee9594ff71a72bec02d2bea8fd | from 0, < 6.2.2
CRITICAL9.8CVE-2020-5312PCX P mode buffer overflow in Pillow
from 0, < 6.2.2
CRITICAL9.8CVE-2021-34552Buffer Overflow in Pillow
from 0, < 8.3.0
CRITICAL9.8CVE-2021-34552Buffer Overflow in Pillow
from 0, < 8.3.0
CRITICAL9.8CVE-2021-25289Out of bounds write in Pillow
from 0, < 8.1.1
CRITICAL9.8CVE-2021-25289Out of bounds write in Pillow
from 0, < 8.1.1
CRITICAL9.8CVE-2016-4009Pillow Integer overflow in ImagingResampleHorizontal
from 0, < 4e0d9b0b9740d258ade40cce248c93777362ac1e | from 0, < 3.1.1
CRITICAL9.8CVE-2016-4009Pillow Integer overflow in ImagingResampleHorizontal
from 0, < 3.1.1
CRITICAL9.1CVE-2022-24303Path traversal in Pillow
from 0, < 9.0.1
CRITICAL9.1CVE-2022-24303Path traversal in Pillow
from 0, < 9.0.1
CRITICAL9.1CVE-2021-25288Pillow Out-of-bounds Read vulnerability
>= 2.4.0, < 8.2.0
CRITICAL9.1CVE-2021-25288Pillow Out-of-bounds Read vulnerability
from 0, < 8.2.0
CRITICAL9.1CVE-2021-25287Out-of-bounds Read in Pillow
>= 2.4.0, < 8.2.0
CRITICAL9.1CVE-2021-25287Out-of-bounds Read in Pillow
from 0, < 8.2.0
HIGH8.8CVE-2020-5310Integer overflow in Pillow
from 0, < 4e2def2539ec13e53a82e06c4b3daf00454100c4 | from 0, < 6.2.2
HIGH8.8CVE-2020-5310Integer overflow in Pillow
from 0, < 6.2.2
HIGH8.8CVE-2020-35654Pillow Out-of-bounds Write
from 0, < 8.1.0
HIGH8.8CVE-2020-35654Pillow Out-of-bounds Write
from 0, < 8.1.0
HIGH8.1CVE-2023-50447Arbitrary Code Execution in Pillow
from 0, < 10.2.0
HIGH8.1CVE-2020-11538Out-of-bounds read in Pillow
from 0, < 7.1.0
HIGH8.1CVE-2020-11538Out-of-bounds read in Pillow
from 0, < 7.1.0
HIGH7.8CVE-2026-42311Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow)
>= 10.3.0, < 12.2.0
HIGH7.8CVE-2020-10379Buffer overflow in Pillow
from 0, < 7.1.0
HIGH7.8CVE-2020-10379Buffer overflow in Pillow
from 0, < 46f4a349b88915787fea3fb91348bb1665831bbb | from 0, < 7.1.0
HIGH7.8CVE-2016-9190Arbitrary code using "crafted image file" approach affecting Pillow
from 0, < 3.3.2
HIGH7.8CVE-2016-9190Arbitrary code using "crafted image file" approach affecting Pillow
from 0, < 3.3.2
HIGH7.7CVE-2014-1932PIL and Pillow Vulnerable to Symlink Attack on Tmpfiles
from 0, < 2.3.1
HIGH7.7CVE-2014-1932PIL and Pillow Vulnerable to Symlink Attack on Tmpfiles
from 0, < 4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7 | from 0, < 2.3.1
HIGH7.5CVE-2026-40192Pillow is vulnerable to a FITS GZIP decompression bomb
>= 10.3.0, < 12.2.0
HIGH7.5CVE-2026-25990Pillow affected by out-of-bounds write when loading PSD images
>= 10.3.0, < 12.1.1
HIGH7.5CVE-2023-44271pillow - security update
from 0, < 10.0.0
HIGH7.5CVE-2023-44271pillow - security update
from 0, < 1fe1bb49c452b0318cad12ea9d97c3bef188e9a7 | from 0, < 10.0.0
HIGH7.5CVE-2022-45199Pillow subject to DoS via SAMPLESPERPIXEL tag
from 0, < 2444cddab2f83f28687c7c20871574acbb6dbcf3 | >= 9.2.0, < 9.3.0
HIGH7.5CVE-2022-45198Pillow vulnerable to Data Amplification attack.
from 0, < 11918eac0628ec8ac0812670d9838361ead2d6a4 | from 0, < 9.2.0
HIGH7.5CVE-2022-45198Pillow vulnerable to Data Amplification attack.
from 0, < 9.2.0
HIGH7.5CVE-2022-45199Pillow subject to DoS via SAMPLESPERPIXEL tag
>= 9.2.0, < 9.3.0
HIGH7.5CVE-2022-30595Buffer over-flow in Pillow
>= 9.1.0, < 9.1.1
HIGH7.5CVE-2022-30595Buffer over-flow in Pillow
>= 9.1.0, < 9.1.1
HIGH7.5CVE-2014-9601Pillow denial of service via PNG bomb
from 0, < 2.7.0
HIGH7.5CVE-2014-9601Pillow denial of service via PNG bomb
from 0, < 2.7.0
HIGH7.5CVE-2014-3589python-imaging - security update
from 0, < 2.3.2
HIGH7.5CVE-2014-3598Pillow is vulnerable to Denial of Service (DOS) in the Jpeg2KImagePlugin
from 0, < 2.5.3
HIGH7.5CVE-2014-3598Pillow is vulnerable to Denial of Service (DOS) in the Jpeg2KImagePlugin
from 0, < 2.5.3
HIGH7.5CVE-2014-3589python-imaging - security update
from 0, < 205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d | from 0, < 2.3.2, >= 2.5, < 2.5.2
HIGH7.5CVE-2021-23437Regular Expression Denial of Service (ReDoS)
>= 5.2.0, < 8.3.2
HIGH7.5CVE-2021-23437Regular Expression Denial of Service (ReDoS)
from 0, < 9e08eb8f78fdfd2f476e1b20b7cf38683754866b | from 0, < 8.3.2
HIGH7.5CVE-2021-28677Uncontrolled Resource Consumption in Pillow
from 0, < 8.2.0
HIGH7.5CVE-2021-28677Uncontrolled Resource Consumption in Pillow
from 0, < 8.2.0
HIGH7.5CVE-2021-28676Potential infinite loop in Pillow
from 0, < 8.2.0
HIGH7.5CVE-2021-28676Potential infinite loop in Pillow
from 0, < 8.2.0
HIGH7.5CVE-2021-25291Out of bounds read in Pillow
from 0, < 8.2.0
HIGH7.5CVE-2021-25291Out of bounds read in Pillow
from 0, < 8.1.1
HIGH7.5CVE-2021-25290Out-of-bounds Write in Pillow
from 0, < 8.1.1
HIGH7.5CVE-2021-25290Out-of-bounds Write in Pillow
from 0, < 8.1.1
HIGH7.5CVE-2021-25293Out of bounds read in Pillow
from 0, < 8.1.1
HIGH7.5CVE-2021-25293Out of bounds read in Pillow
>= 4.3.0, < 8.1.1
HIGH7.5CVE-2021-27922Pillow Uncontrolled Resource Consumption
from 0, < 8.1.1
HIGH7.5CVE-2021-27922Pillow Uncontrolled Resource Consumption
from 0, < 8.1.2
HIGH7.5CVE-2021-27921Pillow Denial of Service by Uncontrolled Resource Consumption
from 0, < 8.1.2
HIGH7.5CVE-2021-27921Pillow Denial of Service by Uncontrolled Resource Consumption
from 0, < 8.1.1
HIGH7.5CVE-2021-27923Pillow Denial of Service by Uncontrolled Resource Consumption
from 0, < 8.1.1
HIGH7.5CVE-2021-27923Pillow Denial of Service by Uncontrolled Resource Consumption
from 0, < 8.1.2
HIGH7.5CVE-2019-19911pillow - security update
from 0, < 6.2.2
HIGH7.5CVE-2019-19911pillow - security update
from 0, < 6.2.2
HIGH7.5CVE-2019-16865DOS attack in Pillow when processing specially crafted image files
from 0, < 6.2.0
HIGH7.5CVE-2019-16865DOS attack in Pillow when processing specially crafted image files
from 0, < 6.2.0
HIGH7.1CVE-2025-48379Pillow vulnerability can cause write buffer overflow on BCn encoding
>= 11.2.0, < 11.3.0
HIGH7.1CVE-2025-48379Pillow vulnerability can cause write buffer overflow on BCn encoding
from 0, < 89f1f4626a2aaf5f3d5ca6437f41def2998fbe09, < ef98b3510e3e4f14b547762764813d7e5ca3c5a4 | >= 11.2.0, < 11.3.0
HIGH7.1CVE-2020-35653pillow - security update
from 0, < 8.1.0
HIGH7.1CVE-2020-35653pillow - security update
from 0, < 8.1.0
HIGH7.1CVE-2020-5313Out-of-bounds Read in Pillow
from 0, < 6.2.2
HIGH7.1CVE-2020-5313Out-of-bounds Read in Pillow
from 0, < a09acd0decd8a87ccce939d5ff65dab59e7d365b | from 0, < 6.2.2
MEDIUM6.7CVE-2024-28219pillow - security update
from 0, < 10.3.0
MEDIUM6.5CVE-2022-22815pillow - security update
from 0, < 9.0.0
MEDIUM6.5CVE-2022-22815pillow - security update
from 0, < 9.0.0
MEDIUM6.5CVE-2022-22816Out-of-bounds Read in Pillow
from 0, < 9.0.0
MEDIUM6.5CVE-2022-22816Out-of-bounds Read in Pillow
from 0, < 9.0.0
MEDIUM6.5CVE-2021-25292Regular Expression Denial of Service (ReDoS) in Pillow
>= 5.1.0, < 8.1.1
MEDIUM6.5CVE-2021-25292Regular Expression Denial of Service (ReDoS) in Pillow
from 0, < 8.1.1
MEDIUM6.5CVE-2016-0775python-imaging - security update
from 0, < 3.1.1
MEDIUM6.5CVE-2016-0775python-imaging - security update
from 0, < 893a40850c2d5da41537958e40569c029a6e127b | from 0, < 3.1.1
MEDIUM6.5CVE-2016-2533Pillow buffer overflow in ImagingPcdDecode
from 0, < 5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9, < ae453aa18b66af54e7ff716f4ccb33adca60afd4 | from 0, < 3.1.1
MEDIUM6.5CVE-2016-2533Pillow buffer overflow in ImagingPcdDecode
from 0, < 3.1.1
MEDIUM6.5CVE-2016-0740pillow - security update
from 0, < 6dcbf5bd96b717c58d7b642949da8d323099928e | from 0, < 3.1.1
MEDIUM6.5CVE-2016-0740pillow - security update
from 0, < 3.1.1
MEDIUM5.5CVE-2026-42310Pillow has a PDF Parsing Trailer Infinite Loop (DoS)
>= 4.2.0, < 12.2.0
MEDIUM5.5CVE-2026-42308Pillow: Integer overflow when processing fonts
from 0, < 12.2.0
MEDIUM5.5CVE-2026-42308Pillow: Integer overflow when processing fonts
from 0, < 12.2.0
MEDIUM5.5CVE-2026-42309Pillow has a heap buffer overflow with nested list coordinates
>= 11.2.1, < 12.2.0
MEDIUM5.5CVE-2016-3076Pillow Buffer overflow in Jpeg2KEncode.c
>= 2.5.0, < 3.1.2
MEDIUM5.5CVE-2016-3076Pillow Buffer overflow in Jpeg2KEncode.c
>= 2.5.0, < 3.1.2
MEDIUM5.5CVE-2020-10378Out-of-bounds read in Pillow
from 0, < 6a83e4324738bb0452fbe8074a995b1c73f08de7 | from 0, < 7.1.0
MEDIUM5.5CVE-2020-10378Out-of-bounds read in Pillow
from 0, < 7.1.0
MEDIUM5.5CVE-2021-28678Insufficient Verification of Data Authenticity in Pillow
>= 5.1.0, < 8.2.0
MEDIUM5.5CVE-2021-28678Insufficient Verification of Data Authenticity in Pillow
from 0, < 8.2.0
MEDIUM5.5CVE-2021-28675Pillow denial of service
from 0, < 8.2.0
MEDIUM5.5CVE-2021-28675Pillow denial of service
from 0, < 8.2.0
MEDIUM5.5CVE-2020-10177pillow - security update
from 0, < 7.1.0
MEDIUM5.5CVE-2020-10177pillow - security update
from 0, < 7.1.0
MEDIUM5.5CVE-2020-10994Out-of-bounds reads in Pillow
from 0, < 7.0.0
MEDIUM5.5CVE-2020-10994Out-of-bounds reads in Pillow
from 0, < 7.1.0
MEDIUM5.5CVE-2016-9189pillow - security update
from 0, < 3.3.2
MEDIUM5.5CVE-2016-9189pillow - security update
from 0, < 3.3.2
MEDIUM5.4CVE-2020-35655Pillow Out-of-bounds Read
>= 4.3.0, < 8.1.0
MEDIUM5.4CVE-2020-35655Pillow Out-of-bounds Read
>= 4.3.0, < 8.1.0
MEDIUM4.0CVE-2014-1933Pillow Temporary file name leakage
from 0, < 4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7 | from 0, < 2.3.1
MEDIUM4.0CVE-2014-1933Pillow Temporary file name leakage
from 0, < 2.3.1