Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/pillow@9.2.0
purl pkg:pypi/pillow@9.2.0
Next non-vulnerable version 12.1.1
Latest non-vulnerable version 12.2.0
Risk 10.0
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-4n96-uzyf-tud6
Aliases:
BIT-pillow-2022-45199
CVE-2022-45199
GHSA-q4mp-jvh2-76fj
PYSEC-2022-42980
Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
9.3.0
Affected by 6 other vulnerabilities.
VCID-5rv4-k1q9-zue2
Aliases:
PYSEC-2023-175
Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.
10.0.1
Affected by 2 other vulnerabilities.
VCID-64n5-pugj-vue8
Aliases:
CVE-2024-28219
GHSA-44wm-f244-xhp3
Pillow buffer overflow vulnerability In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
10.3.0
Affected by 2 other vulnerabilities.
VCID-9ckw-ra54-z3b7
Aliases:
CVE-2023-50447
GHSA-3f63-hfp8-52jq
Arbitrary Code Execution in Pillow Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
10.2.0
Affected by 1 other vulnerability.
VCID-d7uf-zdbv-sba1
Aliases:
GHSA-56pw-mpj4-fxww
GMS-2023-3137
Duplicate This advisory duplicates another.
10.0.1
Affected by 2 other vulnerabilities.
VCID-n1hp-atex-ubh4
Aliases:
BIT-pillow-2023-44271
CVE-2023-44271
GHSA-8ghj-p4vj-mr35
PYSEC-2023-227
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
10.0.0
Affected by 5 other vulnerabilities.
VCID-vdzj-kqfy-d3b7
Aliases:
CVE-2023-4863
GHSA-j7hp-h8jx-5ppr
libwebp: OOB write in BuildHuffmanTable Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page.
10.0.1
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-19e1-19hk-duet Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification). BIT-pillow-2022-45198
CVE-2022-45198
GHSA-m2vv-5vj5-2hm7
PYSEC-2022-42979

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:55:08.464366+00:00 GitLab Importer Affected by VCID-64n5-pugj-vue8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml 38.4.0
2026-04-16T22:48:14.675142+00:00 GitLab Importer Affected by VCID-9ckw-ra54-z3b7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml 38.4.0
2026-04-16T22:42:30.369033+00:00 GitLab Importer Affected by VCID-n1hp-atex-ubh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-44271.yml 38.4.0
2026-04-16T22:40:03.262557+00:00 GitLab Importer Affected by VCID-d7uf-zdbv-sba1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/GHSA-56pw-mpj4-fxww.yml 38.4.0
2026-04-16T22:37:53.647843+00:00 GitLab Importer Affected by VCID-vdzj-kqfy-d3b7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-4863.yml 38.4.0
2026-04-16T22:15:17.898194+00:00 GitLab Importer Affected by VCID-4n96-uzyf-tud6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-45199.yml 38.4.0
2026-04-16T22:15:17.611187+00:00 GitLab Importer Fixing VCID-19e1-19hk-duet https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-45198.yml 38.4.0
2026-04-16T02:52:39.930035+00:00 GHSA Importer Affected by VCID-vdzj-kqfy-d3b7 https://github.com/advisories/GHSA-j7hp-h8jx-5ppr 38.4.0
2026-04-12T00:13:40.539084+00:00 GitLab Importer Affected by VCID-64n5-pugj-vue8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml 38.3.0
2026-04-12T00:08:03.111450+00:00 GitLab Importer Affected by VCID-9ckw-ra54-z3b7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml 38.3.0
2026-04-12T00:02:01.719595+00:00 GitLab Importer Affected by VCID-n1hp-atex-ubh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-44271.yml 38.3.0
2026-04-11T23:59:30.703708+00:00 GitLab Importer Affected by VCID-d7uf-zdbv-sba1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/GHSA-56pw-mpj4-fxww.yml 38.3.0
2026-04-11T23:57:13.148573+00:00 GitLab Importer Affected by VCID-vdzj-kqfy-d3b7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-4863.yml 38.3.0
2026-04-11T23:32:25.580939+00:00 GitLab Importer Affected by VCID-4n96-uzyf-tud6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-45199.yml 38.3.0
2026-04-11T23:32:25.270465+00:00 GitLab Importer Fixing VCID-19e1-19hk-duet https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-45198.yml 38.3.0
2026-04-11T14:21:24.145264+00:00 GHSA Importer Affected by VCID-vdzj-kqfy-d3b7 https://github.com/advisories/GHSA-j7hp-h8jx-5ppr 38.3.0
2026-04-03T00:19:58.625367+00:00 GitLab Importer Affected by VCID-64n5-pugj-vue8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml 38.1.0
2026-04-03T00:12:42.494486+00:00 GitLab Importer Affected by VCID-9ckw-ra54-z3b7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml 38.1.0
2026-04-03T00:05:02.811567+00:00 GitLab Importer Affected by VCID-n1hp-atex-ubh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-44271.yml 38.1.0
2026-04-03T00:02:34.332093+00:00 GitLab Importer Affected by VCID-d7uf-zdbv-sba1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/GHSA-56pw-mpj4-fxww.yml 38.1.0
2026-04-03T00:00:15.711029+00:00 GitLab Importer Affected by VCID-vdzj-kqfy-d3b7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-4863.yml 38.1.0
2026-04-02T23:37:34.842261+00:00 GitLab Importer Affected by VCID-4n96-uzyf-tud6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-45199.yml 38.1.0
2026-04-02T23:37:34.560875+00:00 GitLab Importer Fixing VCID-19e1-19hk-duet https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-45198.yml 38.1.0
2026-04-02T15:02:52.166496+00:00 GHSA Importer Affected by VCID-vdzj-kqfy-d3b7 https://github.com/advisories/GHSA-j7hp-h8jx-5ppr 38.1.0
2026-04-01T17:59:47.815817+00:00 GitLab Importer Affected by VCID-4n96-uzyf-tud6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-45199.yml 38.0.0
2026-04-01T17:59:47.522795+00:00 GitLab Importer Fixing VCID-19e1-19hk-duet https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-45198.yml 38.0.0
2026-04-01T16:03:59.586631+00:00 GHSA Importer Affected by VCID-4n96-uzyf-tud6 https://github.com/advisories/GHSA-q4mp-jvh2-76fj 38.0.0
2026-04-01T16:03:59.559236+00:00 GHSA Importer Fixing VCID-19e1-19hk-duet https://github.com/advisories/GHSA-m2vv-5vj5-2hm7 38.0.0
2026-04-01T15:15:18.044579+00:00 PyPI Importer Affected by VCID-n1hp-atex-ubh4 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:14:49.790815+00:00 PyPI Importer Affected by VCID-5rv4-k1q9-zue2 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:13:28.127160+00:00 PyPI Importer Fixing VCID-19e1-19hk-duet https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:13:27.764714+00:00 PyPI Importer Affected by VCID-4n96-uzyf-tud6 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T13:07:06.596093+00:00 GithubOSV Importer Fixing VCID-19e1-19hk-duet https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-m2vv-5vj5-2hm7/GHSA-m2vv-5vj5-2hm7.json 38.0.0
2026-04-01T12:50:23.992433+00:00 Pypa Importer Affected by VCID-5rv4-k1q9-zue2 https://github.com/pypa/advisory-database/blob/main/vulns/pillow/PYSEC-2023-175.yaml 38.0.0
2026-04-01T12:48:57.501403+00:00 Pypa Importer Affected by VCID-n1hp-atex-ubh4 https://github.com/pypa/advisory-database/blob/main/vulns/pillow/PYSEC-2023-227.yaml 38.0.0
2026-04-01T12:47:56.016469+00:00 Pypa Importer Fixing VCID-19e1-19hk-duet https://github.com/pypa/advisory-database/blob/main/vulns/pillow/PYSEC-2022-42979.yaml 38.0.0
2026-04-01T12:47:55.832397+00:00 Pypa Importer Affected by VCID-4n96-uzyf-tud6 https://github.com/pypa/advisory-database/blob/main/vulns/pillow/PYSEC-2022-42980.yaml 38.0.0