Package impact

PyPI / pillow

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2023-4863	high	—	9.5	3y ago	Important: firefox security update	+5
CVE-2025-48379	high	—	8.0	11mo ago	Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format…
CVE-2023-50447	high	—	8.0	2y ago	Important: python-pillow security update
CVE-2023-5129	high	—	8.0	3y ago	libwebp: OOB write in BuildHuffmanTable	+4
CVE-2022-22815	high	—	8.0	4y ago	Important: python-pillow security update
CVE-2022-22816	high	—	8.0	4y ago	Important: python-pillow security update
CVE-2022-22817	high	—	8.0	4y ago	Important: python-pillow security update
CVE-2020-11538	high	—	8.0	6y ago	In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
CVE-2020-5313	high	—	8.0	6y ago	libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
CVE-2026-42311	high	7.8	7.8	19d ago	Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow)
CVE-2016-9190	high	7.8	7.8	10y ago	Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in …
CVE-2026-25990	high	7.5	7.5	4mo ago	Pillow affected by out-of-bounds write when loading PSD images
CVE-2021-23437	low	—	2.5	5y ago	The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
CVE-2014-1933	low	—	2.1	12y ago	The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes…