Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/pillow@9.1.1
purl pkg:pypi/pillow@9.1.1
Next non-vulnerable version 12.1.1
Latest non-vulnerable version 12.2.0
Risk 10.0
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-19e1-19hk-duet
Aliases:
BIT-pillow-2022-45198
CVE-2022-45198
GHSA-m2vv-5vj5-2hm7
PYSEC-2022-42979
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
9.2.0
Affected by 7 other vulnerabilities.
VCID-5rv4-k1q9-zue2
Aliases:
PYSEC-2023-175
Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.
10.0.1
Affected by 2 other vulnerabilities.
VCID-64n5-pugj-vue8
Aliases:
CVE-2024-28219
GHSA-44wm-f244-xhp3
Pillow buffer overflow vulnerability In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
10.3.0
Affected by 2 other vulnerabilities.
VCID-9ckw-ra54-z3b7
Aliases:
CVE-2023-50447
GHSA-3f63-hfp8-52jq
Arbitrary Code Execution in Pillow Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
10.2.0
Affected by 1 other vulnerability.
VCID-d7uf-zdbv-sba1
Aliases:
GHSA-56pw-mpj4-fxww
GMS-2023-3137
Duplicate This advisory duplicates another.
10.0.1
Affected by 2 other vulnerabilities.
VCID-n1hp-atex-ubh4
Aliases:
BIT-pillow-2023-44271
CVE-2023-44271
GHSA-8ghj-p4vj-mr35
PYSEC-2023-227
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
10.0.0
Affected by 5 other vulnerabilities.
VCID-vdzj-kqfy-d3b7
Aliases:
CVE-2023-4863
GHSA-j7hp-h8jx-5ppr
libwebp: OOB write in BuildHuffmanTable Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page.
10.0.1
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-gwy8-wkwf-77c3 libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. BIT-pillow-2022-30595
CVE-2022-30595
GHSA-hr8g-f6r6-mr22
PYSEC-2022-43145

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:55:08.460772+00:00 GitLab Importer Affected by VCID-64n5-pugj-vue8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml 38.4.0
2026-04-16T22:48:14.671365+00:00 GitLab Importer Affected by VCID-9ckw-ra54-z3b7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml 38.4.0
2026-04-16T22:42:30.365569+00:00 GitLab Importer Affected by VCID-n1hp-atex-ubh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-44271.yml 38.4.0
2026-04-16T22:40:03.258822+00:00 GitLab Importer Affected by VCID-d7uf-zdbv-sba1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/GHSA-56pw-mpj4-fxww.yml 38.4.0
2026-04-16T22:37:53.644349+00:00 GitLab Importer Affected by VCID-vdzj-kqfy-d3b7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-4863.yml 38.4.0
2026-04-16T22:15:17.607523+00:00 GitLab Importer Affected by VCID-19e1-19hk-duet https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-45198.yml 38.4.0
2026-04-16T22:02:36.289897+00:00 GitLab Importer Fixing VCID-gwy8-wkwf-77c3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-30595.yml 38.4.0
2026-04-16T02:52:39.926583+00:00 GHSA Importer Affected by VCID-vdzj-kqfy-d3b7 https://github.com/advisories/GHSA-j7hp-h8jx-5ppr 38.4.0
2026-04-12T00:13:40.535390+00:00 GitLab Importer Affected by VCID-64n5-pugj-vue8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml 38.3.0
2026-04-12T00:08:03.107763+00:00 GitLab Importer Affected by VCID-9ckw-ra54-z3b7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml 38.3.0
2026-04-12T00:02:01.716092+00:00 GitLab Importer Affected by VCID-n1hp-atex-ubh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-44271.yml 38.3.0
2026-04-11T23:59:30.700198+00:00 GitLab Importer Affected by VCID-d7uf-zdbv-sba1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/GHSA-56pw-mpj4-fxww.yml 38.3.0
2026-04-11T23:57:13.144693+00:00 GitLab Importer Affected by VCID-vdzj-kqfy-d3b7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-4863.yml 38.3.0
2026-04-11T23:32:25.266755+00:00 GitLab Importer Affected by VCID-19e1-19hk-duet https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-45198.yml 38.3.0
2026-04-11T23:18:15.556283+00:00 GitLab Importer Fixing VCID-gwy8-wkwf-77c3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-30595.yml 38.3.0
2026-04-11T14:21:24.141521+00:00 GHSA Importer Affected by VCID-vdzj-kqfy-d3b7 https://github.com/advisories/GHSA-j7hp-h8jx-5ppr 38.3.0
2026-04-03T00:19:58.621541+00:00 GitLab Importer Affected by VCID-64n5-pugj-vue8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml 38.1.0
2026-04-03T00:12:42.490549+00:00 GitLab Importer Affected by VCID-9ckw-ra54-z3b7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml 38.1.0
2026-04-03T00:05:02.808226+00:00 GitLab Importer Affected by VCID-n1hp-atex-ubh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-44271.yml 38.1.0
2026-04-03T00:02:34.328485+00:00 GitLab Importer Affected by VCID-d7uf-zdbv-sba1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/GHSA-56pw-mpj4-fxww.yml 38.1.0
2026-04-03T00:00:15.707882+00:00 GitLab Importer Affected by VCID-vdzj-kqfy-d3b7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-4863.yml 38.1.0
2026-04-02T23:37:34.557587+00:00 GitLab Importer Affected by VCID-19e1-19hk-duet https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-45198.yml 38.1.0
2026-04-02T23:25:52.218427+00:00 GitLab Importer Fixing VCID-gwy8-wkwf-77c3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-30595.yml 38.1.0
2026-04-02T15:02:52.162710+00:00 GHSA Importer Affected by VCID-vdzj-kqfy-d3b7 https://github.com/advisories/GHSA-j7hp-h8jx-5ppr 38.1.0
2026-04-01T17:59:47.519558+00:00 GitLab Importer Affected by VCID-19e1-19hk-duet https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-45198.yml 38.0.0
2026-04-01T17:46:42.258842+00:00 GitLab Importer Fixing VCID-gwy8-wkwf-77c3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-30595.yml 38.0.0
2026-04-01T16:02:32.185910+00:00 GHSA Importer Fixing VCID-gwy8-wkwf-77c3 https://github.com/advisories/GHSA-hr8g-f6r6-mr22 38.0.0
2026-04-01T15:15:18.041213+00:00 PyPI Importer Affected by VCID-n1hp-atex-ubh4 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:14:49.787438+00:00 PyPI Importer Affected by VCID-5rv4-k1q9-zue2 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:13:28.123834+00:00 PyPI Importer Affected by VCID-19e1-19hk-duet https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:12:53.808730+00:00 PyPI Importer Fixing VCID-gwy8-wkwf-77c3 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T13:08:14.947403+00:00 GithubOSV Importer Fixing VCID-gwy8-wkwf-77c3 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hr8g-f6r6-mr22/GHSA-hr8g-f6r6-mr22.json 38.0.0
2026-04-01T12:50:23.990437+00:00 Pypa Importer Affected by VCID-5rv4-k1q9-zue2 https://github.com/pypa/advisory-database/blob/main/vulns/pillow/PYSEC-2023-175.yaml 38.0.0
2026-04-01T12:48:57.499455+00:00 Pypa Importer Affected by VCID-n1hp-atex-ubh4 https://github.com/pypa/advisory-database/blob/main/vulns/pillow/PYSEC-2023-227.yaml 38.0.0
2026-04-01T12:47:56.014505+00:00 Pypa Importer Affected by VCID-19e1-19hk-duet https://github.com/pypa/advisory-database/blob/main/vulns/pillow/PYSEC-2022-42979.yaml 38.0.0
2026-04-01T12:47:37.328351+00:00 Pypa Importer Fixing VCID-gwy8-wkwf-77c3 https://github.com/pypa/advisory-database/blob/main/vulns/pillow/PYSEC-2022-43145.yaml 38.0.0