Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/pillow@9.0.1
purl pkg:pypi/pillow@9.0.1
Next non-vulnerable version 12.1.1
Latest non-vulnerable version 12.2.0
Risk 10.0
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-19e1-19hk-duet
Aliases:
BIT-pillow-2022-45198
CVE-2022-45198
GHSA-m2vv-5vj5-2hm7
PYSEC-2022-42979
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
9.2.0
Affected by 7 other vulnerabilities.
VCID-5rv4-k1q9-zue2
Aliases:
PYSEC-2023-175
Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.
10.0.1
Affected by 2 other vulnerabilities.
VCID-64n5-pugj-vue8
Aliases:
CVE-2024-28219
GHSA-44wm-f244-xhp3
Pillow buffer overflow vulnerability In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
10.3.0
Affected by 2 other vulnerabilities.
VCID-9ckw-ra54-z3b7
Aliases:
CVE-2023-50447
GHSA-3f63-hfp8-52jq
Arbitrary Code Execution in Pillow Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
10.2.0
Affected by 1 other vulnerability.
VCID-d7uf-zdbv-sba1
Aliases:
GHSA-56pw-mpj4-fxww
GMS-2023-3137
Duplicate This advisory duplicates another.
10.0.1
Affected by 2 other vulnerabilities.
VCID-n1hp-atex-ubh4
Aliases:
BIT-pillow-2023-44271
CVE-2023-44271
GHSA-8ghj-p4vj-mr35
PYSEC-2023-227
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
10.0.0
Affected by 5 other vulnerabilities.
VCID-vdzj-kqfy-d3b7
Aliases:
CVE-2023-4863
GHSA-j7hp-h8jx-5ppr
libwebp: OOB write in BuildHuffmanTable Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page.
10.0.1
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-brp2-dtrf-jyfr Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. BIT-pillow-2022-24303
CVE-2022-24303
GHSA-9j59-75qj-795w
GMS-2022-348
PYSEC-2022-168
VCID-q4bb-qnxe-8bfa PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. BIT-pillow-2022-22817
CVE-2022-22817
GHSA-8vj2-vxx3-667w
PYSEC-2022-10

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:55:08.453788+00:00 GitLab Importer Affected by VCID-64n5-pugj-vue8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml 38.4.0
2026-04-16T22:48:14.664068+00:00 GitLab Importer Affected by VCID-9ckw-ra54-z3b7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml 38.4.0
2026-04-16T22:42:30.358684+00:00 GitLab Importer Affected by VCID-n1hp-atex-ubh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-44271.yml 38.4.0
2026-04-16T22:40:03.251707+00:00 GitLab Importer Affected by VCID-d7uf-zdbv-sba1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/GHSA-56pw-mpj4-fxww.yml 38.4.0
2026-04-16T22:37:53.637320+00:00 GitLab Importer Affected by VCID-vdzj-kqfy-d3b7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-4863.yml 38.4.0
2026-04-16T22:15:17.599713+00:00 GitLab Importer Affected by VCID-19e1-19hk-duet https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-45198.yml 38.4.0
2026-04-16T21:42:16.422946+00:00 GitLab Importer Fixing VCID-brp2-dtrf-jyfr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-24303.yml 38.4.0
2026-04-16T02:52:39.919143+00:00 GHSA Importer Affected by VCID-vdzj-kqfy-d3b7 https://github.com/advisories/GHSA-j7hp-h8jx-5ppr 38.4.0
2026-04-16T02:03:16.096729+00:00 GHSA Importer Fixing VCID-brp2-dtrf-jyfr https://github.com/advisories/GHSA-9j59-75qj-795w 38.4.0
2026-04-12T00:13:40.527890+00:00 GitLab Importer Affected by VCID-64n5-pugj-vue8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml 38.3.0
2026-04-12T00:08:03.100456+00:00 GitLab Importer Affected by VCID-9ckw-ra54-z3b7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml 38.3.0
2026-04-12T00:02:01.709068+00:00 GitLab Importer Affected by VCID-n1hp-atex-ubh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-44271.yml 38.3.0
2026-04-11T23:59:30.693125+00:00 GitLab Importer Affected by VCID-d7uf-zdbv-sba1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/GHSA-56pw-mpj4-fxww.yml 38.3.0
2026-04-11T23:57:13.136992+00:00 GitLab Importer Affected by VCID-vdzj-kqfy-d3b7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-4863.yml 38.3.0
2026-04-11T23:32:25.259422+00:00 GitLab Importer Affected by VCID-19e1-19hk-duet https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-45198.yml 38.3.0
2026-04-11T22:57:45.945903+00:00 GitLab Importer Fixing VCID-brp2-dtrf-jyfr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-24303.yml 38.3.0
2026-04-11T14:21:24.133733+00:00 GHSA Importer Affected by VCID-vdzj-kqfy-d3b7 https://github.com/advisories/GHSA-j7hp-h8jx-5ppr 38.3.0
2026-04-11T13:30:33.010297+00:00 GHSA Importer Fixing VCID-brp2-dtrf-jyfr https://github.com/advisories/GHSA-9j59-75qj-795w 38.3.0
2026-04-03T00:19:58.613481+00:00 GitLab Importer Affected by VCID-64n5-pugj-vue8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml 38.1.0
2026-04-03T00:12:42.482774+00:00 GitLab Importer Affected by VCID-9ckw-ra54-z3b7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml 38.1.0
2026-04-03T00:05:02.801403+00:00 GitLab Importer Affected by VCID-n1hp-atex-ubh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-44271.yml 38.1.0
2026-04-03T00:02:34.321124+00:00 GitLab Importer Affected by VCID-d7uf-zdbv-sba1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/GHSA-56pw-mpj4-fxww.yml 38.1.0
2026-04-03T00:00:15.701453+00:00 GitLab Importer Affected by VCID-vdzj-kqfy-d3b7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-4863.yml 38.1.0
2026-04-02T23:37:34.551064+00:00 GitLab Importer Affected by VCID-19e1-19hk-duet https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-45198.yml 38.1.0
2026-04-02T23:06:38.305362+00:00 GitLab Importer Fixing VCID-brp2-dtrf-jyfr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-24303.yml 38.1.0
2026-04-02T15:02:52.154852+00:00 GHSA Importer Affected by VCID-vdzj-kqfy-d3b7 https://github.com/advisories/GHSA-j7hp-h8jx-5ppr 38.1.0
2026-04-02T14:20:23.456931+00:00 GHSA Importer Fixing VCID-brp2-dtrf-jyfr https://github.com/advisories/GHSA-9j59-75qj-795w 38.1.0
2026-04-01T17:59:47.513044+00:00 GitLab Importer Affected by VCID-19e1-19hk-duet https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-45198.yml 38.0.0
2026-04-01T16:00:03.423445+00:00 GHSA Importer Fixing VCID-brp2-dtrf-jyfr https://github.com/advisories/GHSA-9j59-75qj-795w 38.0.0
2026-04-01T15:59:19.787275+00:00 GHSA Importer Fixing VCID-q4bb-qnxe-8bfa https://github.com/advisories/GHSA-8vj2-vxx3-667w 38.0.0
2026-04-01T15:15:18.034588+00:00 PyPI Importer Affected by VCID-n1hp-atex-ubh4 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:14:49.780578+00:00 PyPI Importer Affected by VCID-5rv4-k1q9-zue2 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:13:28.117202+00:00 PyPI Importer Affected by VCID-19e1-19hk-duet https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:12:46.530445+00:00 PyPI Importer Fixing VCID-brp2-dtrf-jyfr https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T13:06:55.758422+00:00 GithubOSV Importer Fixing VCID-brp2-dtrf-jyfr https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-9j59-75qj-795w/GHSA-9j59-75qj-795w.json 38.0.0
2026-04-01T13:05:46.492710+00:00 GithubOSV Importer Fixing VCID-q4bb-qnxe-8bfa https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-8vj2-vxx3-667w/GHSA-8vj2-vxx3-667w.json 38.0.0
2026-04-01T12:50:23.986453+00:00 Pypa Importer Affected by VCID-5rv4-k1q9-zue2 https://github.com/pypa/advisory-database/blob/main/vulns/pillow/PYSEC-2023-175.yaml 38.0.0
2026-04-01T12:49:40.360826+00:00 GitLab Importer Fixing VCID-brp2-dtrf-jyfr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-24303.yml 38.0.0
2026-04-01T12:49:16.869619+00:00 GitLab Importer Fixing VCID-q4bb-qnxe-8bfa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-22817.yml 38.0.0
2026-04-01T12:48:57.495569+00:00 Pypa Importer Affected by VCID-n1hp-atex-ubh4 https://github.com/pypa/advisory-database/blob/main/vulns/pillow/PYSEC-2023-227.yaml 38.0.0
2026-04-01T12:47:56.010649+00:00 Pypa Importer Affected by VCID-19e1-19hk-duet https://github.com/pypa/advisory-database/blob/main/vulns/pillow/PYSEC-2022-42979.yaml 38.0.0
2026-04-01T12:47:33.185815+00:00 Pypa Importer Fixing VCID-brp2-dtrf-jyfr https://github.com/pypa/advisory-database/blob/main/vulns/pillow/PYSEC-2022-168.yaml 38.0.0