Package impact
PIP / pillow
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-42311 | high | 7.8 | 7.8 | 20d ago | Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow) | |
| CVE-2026-25990 | high | 7.5 | 7.5 | 4mo ago | Pillow affected by out-of-bounds write when loading PSD images | |
| CVE-2026-42310 | medium | 5.5 | 5.5 | 20d ago | Pillow has a PDF Parsing Trailer Infinite Loop (DoS) | |
| CVE-2026-42308 | medium | 5.5 | 5.5 | 20d ago | Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer… | |
| CVE-2026-42309 | medium | 5.5 | 5.5 | 24d ago | Pillow has a heap buffer overflow with nested list coordinates |