Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/pillow@9.3.0
purl pkg:pypi/pillow@9.3.0
Next non-vulnerable version 12.1.1
Latest non-vulnerable version 12.2.0
Risk 10.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-5rv4-k1q9-zue2
Aliases:
PYSEC-2023-175
Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.
10.0.1
Affected by 2 other vulnerabilities.
VCID-64n5-pugj-vue8
Aliases:
CVE-2024-28219
GHSA-44wm-f244-xhp3
Pillow buffer overflow vulnerability In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
10.3.0
Affected by 2 other vulnerabilities.
VCID-9ckw-ra54-z3b7
Aliases:
CVE-2023-50447
GHSA-3f63-hfp8-52jq
Arbitrary Code Execution in Pillow Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
10.2.0
Affected by 1 other vulnerability.
VCID-d7uf-zdbv-sba1
Aliases:
GHSA-56pw-mpj4-fxww
GMS-2023-3137
Duplicate This advisory duplicates another.
10.0.1
Affected by 2 other vulnerabilities.
VCID-n1hp-atex-ubh4
Aliases:
BIT-pillow-2023-44271
CVE-2023-44271
GHSA-8ghj-p4vj-mr35
PYSEC-2023-227
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
10.0.0
Affected by 5 other vulnerabilities.
VCID-vdzj-kqfy-d3b7
Aliases:
CVE-2023-4863
GHSA-j7hp-h8jx-5ppr
libwebp: OOB write in BuildHuffmanTable Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page.
10.0.1
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-4n96-uzyf-tud6 Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. BIT-pillow-2022-45199
CVE-2022-45199
GHSA-q4mp-jvh2-76fj
PYSEC-2022-42980

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:55:08.467876+00:00 GitLab Importer Affected by VCID-64n5-pugj-vue8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml 38.4.0
2026-04-16T22:48:14.678620+00:00 GitLab Importer Affected by VCID-9ckw-ra54-z3b7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml 38.4.0
2026-04-16T22:42:30.372611+00:00 GitLab Importer Affected by VCID-n1hp-atex-ubh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-44271.yml 38.4.0
2026-04-16T22:40:03.266117+00:00 GitLab Importer Affected by VCID-d7uf-zdbv-sba1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/GHSA-56pw-mpj4-fxww.yml 38.4.0
2026-04-16T22:37:53.651353+00:00 GitLab Importer Affected by VCID-vdzj-kqfy-d3b7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-4863.yml 38.4.0
2026-04-16T22:15:17.901515+00:00 GitLab Importer Fixing VCID-4n96-uzyf-tud6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-45199.yml 38.4.0
2026-04-16T02:52:39.933514+00:00 GHSA Importer Affected by VCID-vdzj-kqfy-d3b7 https://github.com/advisories/GHSA-j7hp-h8jx-5ppr 38.4.0
2026-04-12T00:13:40.542748+00:00 GitLab Importer Affected by VCID-64n5-pugj-vue8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml 38.3.0
2026-04-12T00:08:03.115066+00:00 GitLab Importer Affected by VCID-9ckw-ra54-z3b7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml 38.3.0
2026-04-12T00:02:01.723392+00:00 GitLab Importer Affected by VCID-n1hp-atex-ubh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-44271.yml 38.3.0
2026-04-11T23:59:30.707232+00:00 GitLab Importer Affected by VCID-d7uf-zdbv-sba1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/GHSA-56pw-mpj4-fxww.yml 38.3.0
2026-04-11T23:57:13.152337+00:00 GitLab Importer Affected by VCID-vdzj-kqfy-d3b7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-4863.yml 38.3.0
2026-04-11T23:32:25.584605+00:00 GitLab Importer Fixing VCID-4n96-uzyf-tud6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-45199.yml 38.3.0
2026-04-11T14:21:24.148868+00:00 GHSA Importer Affected by VCID-vdzj-kqfy-d3b7 https://github.com/advisories/GHSA-j7hp-h8jx-5ppr 38.3.0
2026-04-03T00:19:58.629144+00:00 GitLab Importer Affected by VCID-64n5-pugj-vue8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2024-28219.yml 38.1.0
2026-04-03T00:12:42.498291+00:00 GitLab Importer Affected by VCID-9ckw-ra54-z3b7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-50447.yml 38.1.0
2026-04-03T00:05:02.814908+00:00 GitLab Importer Affected by VCID-n1hp-atex-ubh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-44271.yml 38.1.0
2026-04-03T00:02:34.335745+00:00 GitLab Importer Affected by VCID-d7uf-zdbv-sba1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/GHSA-56pw-mpj4-fxww.yml 38.1.0
2026-04-03T00:00:15.714209+00:00 GitLab Importer Affected by VCID-vdzj-kqfy-d3b7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2023-4863.yml 38.1.0
2026-04-02T23:37:34.845842+00:00 GitLab Importer Fixing VCID-4n96-uzyf-tud6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-45199.yml 38.1.0
2026-04-02T15:02:52.170191+00:00 GHSA Importer Affected by VCID-vdzj-kqfy-d3b7 https://github.com/advisories/GHSA-j7hp-h8jx-5ppr 38.1.0
2026-04-01T17:59:47.819169+00:00 GitLab Importer Fixing VCID-4n96-uzyf-tud6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pillow/CVE-2022-45199.yml 38.0.0
2026-04-01T16:03:59.589841+00:00 GHSA Importer Fixing VCID-4n96-uzyf-tud6 https://github.com/advisories/GHSA-q4mp-jvh2-76fj 38.0.0
2026-04-01T15:15:18.047884+00:00 PyPI Importer Affected by VCID-n1hp-atex-ubh4 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:14:49.794265+00:00 PyPI Importer Affected by VCID-5rv4-k1q9-zue2 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:13:27.768666+00:00 PyPI Importer Fixing VCID-4n96-uzyf-tud6 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T13:07:08.081895+00:00 GithubOSV Importer Fixing VCID-4n96-uzyf-tud6 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-q4mp-jvh2-76fj/GHSA-q4mp-jvh2-76fj.json 38.0.0
2026-04-01T12:50:23.994429+00:00 Pypa Importer Affected by VCID-5rv4-k1q9-zue2 https://github.com/pypa/advisory-database/blob/main/vulns/pillow/PYSEC-2023-175.yaml 38.0.0
2026-04-01T12:48:57.503359+00:00 Pypa Importer Affected by VCID-n1hp-atex-ubh4 https://github.com/pypa/advisory-database/blob/main/vulns/pillow/PYSEC-2023-227.yaml 38.0.0
2026-04-01T12:47:55.834373+00:00 Pypa Importer Fixing VCID-4n96-uzyf-tud6 https://github.com/pypa/advisory-database/blob/main/vulns/pillow/PYSEC-2022-42980.yaml 38.0.0