HIGH 7.5 PyPI
GHSA-h5rf-vgqx-wjv2 · CVE-2014-9601, PYSEC-2015-16 Pillow denial of service via PNG bomb
Modified: 10/9/2024
package
PyPI / pillow
pkg:pypi/pillow
MEDIUM 5.4 PyPI
GHSA-hf64-x4gq-p99h · BIT-pillow-2020-35655, CVE-2020-35655 Pillow Out-of-bounds Read
Modified: 10/8/2024
MEDIUM 6.5 PyPI
GHSA-hggx-3h72-49ww · CVE-2016-0740, PYSEC-2016-5 Pillow Buffer overflow in ImagingLibTiffDecode
Modified: 10/9/2024
MEDIUM 6.5 PyPI
GHSA-3c5c-7235-994j · CVE-2016-2533, PYSEC-2016-19 Pillow buffer overflow in ImagingPcdDecode
Modified: 4/9/2026
HIGH 8.1 PyPI
GHSA-3f63-hfp8-52jq · BIT-pillow-2023-50447, CVE-2023-50447 Arbitrary Code Execution in Pillow
Modified: 2/4/2026
HIGH 7.5 PyPI
GHSA-3wvg-mj6g-m9cv · BIT-pillow-2021-27922, CVE-2021-27922 Pillow Uncontrolled Resource Consumption
Modified: 8/15/2025
MEDIUM 5.5 PyPI
GHSA-3xv8-3j54-hgrp · BIT-pillow-2020-10378, CVE-2020-10378 Out-of-bounds read in Pillow
Modified: 6/6/2025
HIGH 8.1 PyPI
GHSA-43fq-w8qq-v88h · BIT-pillow-2020-11538, CVE-2020-11538 Out-of-bounds read in Pillow
Modified: 10/9/2024
MEDIUM 6.7 PyPI
GHSA-44wm-f244-xhp3 · BIT-pillow-2024-28219, CVE-2024-28219 Pillow buffer overflow vulnerability
Modified: 2/4/2026
LOW PyPI
GHSA-4fx9-vc88-q2xc Infinite loop in Pillow
Modified: 12/5/2024
CRITICAL 9.8 PyPI
GHSA-57h3-9rgr-c24m · BIT-pillow-2021-25289, CVE-2021-25289 Out of bounds write in Pillow
Modified: 10/8/2024
HIGH 7.5 PyPI
GHSA-5gm3-px64-rw72 · CVE-2019-19911, PYSEC-2020-172 Uncontrolled Resource Consumption in Pillow
Modified: 10/8/2024
MEDIUM 5.5 PyPI
GHSA-5xmw-vc9v-4wf2 · BIT-pillow-2026-42309, CVE-2026-42309 Pillow has a heap buffer overflow with nested list coordinates
Modified: 5/13/2026
CRITICAL 9.8 PyPI
GHSA-7534-mm45-c74v · BIT-pillow-2021-34552, CVE-2021-34552 Buffer Overflow in Pillow
Modified: 10/9/2024
CRITICAL 9.1 PyPI
GHSA-77gc-v2xv-rvvh · BIT-pillow-2021-25287, CVE-2021-25287 Out-of-bounds Read in Pillow
Modified: 10/9/2024
HIGH 7.5 PyPI
GHSA-7r7m-5h27-29hp · BIT-pillow-2021-28676, CVE-2021-28676 Potential infinite loop in Pillow
Modified: 10/14/2024
HIGH 7.8 PyPI
GHSA-8843-m7mw-mxqm · BIT-pillow-2020-10379, CVE-2020-10379 Buffer overflow in Pillow
Modified: 6/6/2025
HIGH 7.5 PyPI
GHSA-8ghj-p4vj-mr35 · BIT-pillow-2023-44271, CVE-2023-44271 Pillow Denial of Service vulnerability
Modified: 10/14/2024
CRITICAL 9.8 PyPI
GHSA-8m9x-pxwq-j236 · CVE-2014-3007, PYSEC-2014-87 Pillow command injection
Modified: 10/9/2024
CRITICAL 9.8 PyPI
GHSA-8vj2-vxx3-667w · BIT-pillow-2022-22817, CVE-2022-22817 Arbitrary expression injection in Pillow
Modified: 10/14/2024
HIGH 7.5 PyPI
GHSA-8xjq-8fcg-g5hw · BIT-pillow-2021-25290, CVE-2021-25290 Out-of-bounds Write in Pillow
Modified: 10/8/2024
MEDIUM 6.5 PyPI
GHSA-8xjv-v9xq-m5h9 · CVE-2016-0775, PYSEC-2016-6 Pillow Buffer overflow in ImagingFliDecode
Modified: 10/9/2024
HIGH 7.5 PyPI
GHSA-95q3-8gr9-gm8w · BIT-pillow-2021-27923, CVE-2021-27923 Pillow Denial of Service by Uncontrolled Resource Consumption
Modified: 8/15/2025
HIGH 7.5 PyPI
GHSA-98vv-pw6r-q6q4 · BIT-pillow-2021-23437, CVE-2021-23437 Uncontrolled Resource Consumption in pillow
Modified: 10/9/2024
MEDIUM 6.5 PyPI
GHSA-9hx2-hgq2-2g4f · BIT-pillow-2021-25292, CVE-2021-25292 Regular Expression Denial of Service (ReDoS) in Pillow
Modified: 10/9/2024
CRITICAL 9.1 PyPI
GHSA-9j59-75qj-795w · BIT-pillow-2022-24303, CVE-2022-24303 Path traversal in Pillow
Modified: 10/14/2024
HIGH PyPI
GHSA-cfh3-3jmp-rvhc · BIT-pillow-2026-25990, CVE-2026-25990 Pillow affected by out-of-bounds write when loading PSD images
Modified: 5/5/2026
HIGH 7.5 PyPI
GHSA-cfmr-38g9-f2h7 · CVE-2014-3589, PYSEC-2014-10 Pillow denial of service via Crafted Block Size
Modified: 10/8/2024
MEDIUM 5.5 PyPI
GHSA-cqhg-xjhh-p8hf · BIT-pillow-2020-10177, CVE-2020-10177 Out-of-bounds reads in Pillow
Modified: 10/9/2024
HIGH 7.5 PyPI
GHSA-f4w8-cv6p-x6r5 · BIT-pillow-2021-27921, CVE-2021-27921 Pillow Denial of Service by Uncontrolled Resource Consumption
Modified: 8/15/2025
HIGH 7.1 PyPI
GHSA-f5g8-5qq7-938w · BIT-pillow-2020-35653, CVE-2020-35653 Pillow Out-of-bounds Read
Modified: 10/8/2024
MEDIUM 5.5 PyPI
GHSA-g6rj-rv7j-xwp4 · BIT-pillow-2021-28675, CVE-2021-28675 Pillow denial of service
Modified: 10/9/2024
HIGH 7.1 PyPI
GHSA-hj69-c76v-86wr · BIT-pillow-2020-5313, CVE-2020-5313 Out-of-bounds Read in Pillow
Modified: 10/8/2024
MEDIUM 5.5 PyPI
GHSA-hjfx-8p6c-g7gx · BIT-pillow-2021-28678, CVE-2021-28678 Insufficient Verification of Data Authenticity in Pillow
Modified: 10/14/2024
HIGH 7.5 PyPI
GHSA-hr8g-f6r6-mr22 · BIT-pillow-2022-30595, CVE-2022-30595 Buffer over-flow in Pillow
Modified: 11/26/2024
CRITICAL 9.8 PyPI
GHSA-hvr8-466p-75rh · CVE-2016-4009, PYSEC-2016-7 Pillow Integer overflow in ImagingResampleHorizontal
Modified: 10/8/2024
HIGH 7.5 PyPI
GHSA-j6f7-g425-4gmx · CVE-2014-3598, PYSEC-2015-15 Pillow is vulnerable to Denial of Service (DOS) in the Jpeg2KImagePlugin
Modified: 11/29/2024
HIGH 7.5 PyPI
GHSA-j7mj-748x-7p78 · CVE-2019-16865, PYSEC-2019-110 DOS attack in Pillow when processing specially crafted image files
Modified: 10/9/2024
HIGH 7.5 PyPI
GHSA-jgpv-4h4c-xhw3 Uncontrolled Resource Consumption in pillow
Modified: 12/2/2024
HIGH 7.5 PyPI
GHSA-m2vv-5vj5-2hm7 · BIT-pillow-2022-45198, CVE-2022-45198 Pillow vulnerable to Data Amplification attack.
Modified: 10/14/2024
HIGH 7.5 PyPI
GHSA-mvg9-xffr-p774 · BIT-pillow-2021-25291, CVE-2021-25291 Out of bounds read in Pillow
Modified: 10/9/2024
HIGH 7.5 PyPI
GHSA-p43w-g3c5-g5mq · BIT-pillow-2021-25293, CVE-2021-25293 Out of bounds read in Pillow
Modified: 10/9/2024
CRITICAL 9.8 PyPI
GHSA-p49h-hjvm-jg3h · BIT-pillow-2020-5312, CVE-2020-5312 PCX P mode buffer overflow in Pillow
Modified: 10/8/2024
MEDIUM 6.5 PyPI
GHSA-pw3c-h7wp-cvhx · BIT-pillow-2022-22815, CVE-2022-22815 Improper Initialization in Pillow
Modified: 10/14/2024
HIGH PyPI
GHSA-pwv6-vv43-88gr · BIT-pillow-2026-42311, CVE-2026-42311 Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow)
Modified: 5/13/2026
HIGH 7.5 PyPI
GHSA-q4mp-jvh2-76fj · BIT-pillow-2022-45199, CVE-2022-45199 Pillow subject to DoS via SAMPLESPERPIXEL tag
Modified: 10/14/2024
HIGH 7.5 PyPI
GHSA-q5hq-fp76-qmrc · BIT-pillow-2021-28677, CVE-2021-28677 Uncontrolled Resource Consumption in Pillow
Modified: 10/14/2024
MEDIUM 5.5 PyPI
GHSA-r73j-pqj5-w3x7 · BIT-pillow-2026-42310, CVE-2026-42310 Pillow has a PDF Parsing Trailer Infinite Loop (DoS)
Modified: 5/13/2026
CRITICAL 9.8 PyPI
GHSA-r7rm-8j6h-r933 · BIT-pillow-2020-5311, CVE-2020-5311 Buffer Copy without Checking Size of Input in Pillow
Modified: 10/8/2024
MEDIUM 4.0 PyPI
GHSA-r854-96gq-rfg3 · CVE-2014-1933, PYSEC-2014-23 Pillow Temporary file name leakage
Modified: 4/13/2025
MEDIUM 5.5 PyPI
GHSA-rwr3-c2q8-gm56 · CVE-2016-9189, PYSEC-2016-8 Pillow Integer overflow in Map.c
Modified: 10/8/2024
CRITICAL 9.1 PyPI
GHSA-rwv7-3v45-hg29 · BIT-pillow-2021-25288, CVE-2021-25288 Pillow Out-of-bounds Read vulnerability
Modified: 10/9/2024
MEDIUM 5.5 PyPI
GHSA-v9pc-9mvp-x87g · CVE-2016-3076, PYSEC-2017-92 Pillow Buffer overflow in Jpeg2KEncode.c
Modified: 10/9/2024
HIGH 8.8 PyPI
GHSA-vcqg-3p29-xw73 · BIT-pillow-2020-5310, CVE-2020-5310 Integer overflow in Pillow
Modified: 10/8/2024
MEDIUM 5.5 PyPI
GHSA-vj42-xq3r-hr3r · BIT-pillow-2020-10994, CVE-2020-10994 Out-of-bounds reads in Pillow
Modified: 10/9/2024
HIGH 8.8 PyPI
GHSA-vqcj-wrf2-7v73 · BIT-pillow-2020-35654, CVE-2020-35654 Pillow Out-of-bounds Write
Modified: 10/14/2024
HIGH 7.8 PyPI
GHSA-w4vg-rf63-f3j3 · CVE-2016-9190, PYSEC-2016-9 Arbitrary code using "crafted image file" approach affecting Pillow
Modified: 10/8/2024
HIGH 7.5 PyPI
GHSA-whj4-6x5x-4v2j · BIT-pillow-2026-40192, CVE-2026-40192 FITS GZIP decompression bomb in Pillow
Modified: 5/11/2026
MEDIUM 5.5 PyPI
GHSA-wjx4-4jcj-g98j · BIT-pillow-2026-42308, CVE-2026-42308 Pillow has an integer overflow when processing fonts
Modified: 5/27/2026
HIGH 7.7 PyPI
GHSA-x895-2wrm-hvp7 · CVE-2014-1932, PYSEC-2014-22 PIL and Pillow Vulnerable to Symlink Attack on Tmpfiles
Modified: 10/9/2024
HIGH 7.1 PyPI
GHSA-xg8h-j46f-w952 · BIT-pillow-2025-48379, CVE-2025-48379 Pillow vulnerability can cause write buffer overflow on BCn encoding
Modified: 2/4/2026
MEDIUM 6.5 PyPI
GHSA-xrcv-f9gm-v42c · BIT-pillow-2022-22816, CVE-2022-22816 Out-of-bounds Read in Pillow
Modified: 10/14/2024
— PyPI
OSV-2022-1074 Invalid-free in _dealloc
Modified: 11/9/2022
— PyPI
OSV-2022-715 Segv on unknown address in jpeg_read_scanlines
Modified: 10/30/2022
— PyPI
PYSEC-2014-10 · CVE-2014-3589, GHSA-cfmr-38g9-f2h7 Modified: 11/8/2023
— PyPI
PYSEC-2014-22 · CVE-2014-1932, GHSA-x895-2wrm-hvp7 Modified: 11/8/2023
— PyPI
PYSEC-2014-23 · CVE-2014-1933, GHSA-r854-96gq-rfg3 Modified: 11/8/2023
— PyPI
PYSEC-2014-87 · CVE-2014-3007, GHSA-8m9x-pxwq-j236 Modified: 11/8/2023
— PyPI
PYSEC-2015-15 · CVE-2014-3598, GHSA-j6f7-g425-4gmx Modified: 4/29/2024
— PyPI
PYSEC-2015-16 · CVE-2014-9601, GHSA-h5rf-vgqx-wjv2 Modified: 11/8/2023
— PyPI
PYSEC-2016-19 · CVE-2016-2533, GHSA-3c5c-7235-994j Modified: 4/9/2026
— PyPI
PYSEC-2016-5 · CVE-2016-0740, GHSA-hggx-3h72-49ww Modified: 11/8/2023
— PyPI
PYSEC-2016-6 · CVE-2016-0775, GHSA-8xjv-v9xq-m5h9 Modified: 11/8/2023
— PyPI
PYSEC-2016-7 · CVE-2016-4009, GHSA-hvr8-466p-75rh Modified: 11/8/2023
— PyPI
PYSEC-2016-8 · CVE-2016-9189, GHSA-rwr3-c2q8-gm56 Modified: 11/8/2023
— PyPI
PYSEC-2016-9 · CVE-2016-9190, GHSA-w4vg-rf63-f3j3 Modified: 11/8/2023
— PyPI
PYSEC-2017-92 · CVE-2016-3076, GHSA-v9pc-9mvp-x87g Modified: 4/22/2024
— PyPI
PYSEC-2019-110 · CVE-2019-16865, GHSA-j7mj-748x-7p78 Modified: 11/8/2023
— PyPI
PYSEC-2020-172 · CVE-2019-19911, GHSA-5gm3-px64-rw72 Modified: 11/8/2023
— PyPI
PYSEC-2020-76 · BIT-pillow-2020-10177, CVE-2020-10177 Modified: 12/6/2023
— PyPI
PYSEC-2020-77 · BIT-pillow-2020-10378, CVE-2020-10378 Modified: 6/6/2025
— PyPI
PYSEC-2020-78 · BIT-pillow-2020-10379, CVE-2020-10379 Modified: 6/6/2025
— PyPI
PYSEC-2020-79 · BIT-pillow-2020-10994, CVE-2020-10994 Modified: 12/6/2023
— PyPI
PYSEC-2020-80 · BIT-pillow-2020-11538, CVE-2020-11538 Modified: 12/6/2023
— PyPI
PYSEC-2020-81 · BIT-pillow-2020-5310, CVE-2020-5310 Modified: 12/6/2023
— PyPI
PYSEC-2020-82 · BIT-pillow-2020-5311, CVE-2020-5311 Modified: 12/6/2023
— PyPI
PYSEC-2020-83 · BIT-pillow-2020-5312, CVE-2020-5312 Modified: 12/6/2023
— PyPI
PYSEC-2020-84 · BIT-pillow-2020-5313, CVE-2020-5313 Modified: 12/6/2023
— PyPI
PYSEC-2021-137 · BIT-pillow-2021-25287, CVE-2021-25287 Modified: 12/6/2023
— PyPI
PYSEC-2021-138 · BIT-pillow-2021-25288, CVE-2021-25288 Modified: 12/6/2023
— PyPI
PYSEC-2021-139 · BIT-pillow-2021-28675, CVE-2021-28675 Modified: 12/6/2023
— PyPI
PYSEC-2021-317 · BIT-pillow-2021-23437, CVE-2021-23437 Modified: 12/6/2023
— PyPI
PYSEC-2021-331 · BIT-pillow-2021-34552, CVE-2021-34552 Modified: 12/6/2023
— PyPI
PYSEC-2021-35 · BIT-pillow-2021-25289, CVE-2021-25289 Modified: 12/6/2023
— PyPI
PYSEC-2021-36 · BIT-pillow-2021-25290, CVE-2021-25290 Modified: 12/6/2023
— PyPI
PYSEC-2021-37 · BIT-pillow-2021-25291, CVE-2021-25291 Modified: 12/6/2023
— PyPI
PYSEC-2021-38 · BIT-pillow-2021-25292, CVE-2021-25292 Modified: 12/6/2023
— PyPI
PYSEC-2021-39 · BIT-pillow-2021-25293, CVE-2021-25293 Modified: 12/6/2023
— PyPI
PYSEC-2021-40 · BIT-pillow-2021-27921, CVE-2021-27921 Modified: 12/6/2023
— PyPI
PYSEC-2021-41 · BIT-pillow-2021-27922, CVE-2021-27922 Modified: 12/6/2023