Pillow is a widely used PyPI package. As of 2026-05-24, there are 118 known vulnerabilities in the OSV database. The latest stable version is 12.2.0. Developers should audit their dependency trees and update to patched versions.
Package Overview
Known Vulnerabilities (118)
| ID | Severity | Score | Affected Versions | Fixed In | Description |
|---|---|---|---|---|---|
| CVE-2023-50447 | CRITICAL | 9.5 | 0 to 10.2.0 | 10.2.0 | Arbitrary Code Execution in Pillow |
| CVE-2020-11538 | CRITICAL | 9.5 | 0 to 7.1.0 | 7.1.0 | Out-of-bounds read in Pillow |
| CVE-2021-25289 | CRITICAL | 9.5 | 0 to 8.1.1 | 8.1.1 | Out of bounds write in Pillow |
| CVE-2021-34552 | CRITICAL | 9.5 | 0 to 8.3.0 | 8.3.0 | Buffer Overflow in Pillow |
| CVE-2014-3007 | CRITICAL | 9.5 | 0 to 2.5.0 | 2.5.0 | Pillow command injection |
| CVE-2022-22817 | CRITICAL | 9.5 | 0 to 9.0.1 | 9.0.1 | Arbitrary expression injection in Pillow |
| CVE-2016-4009 | CRITICAL | 9.5 | 0 to 3.1.1 | 3.1.1 | Pillow Integer overflow in ImagingResampleHorizontal |
| CVE-2020-5312 | CRITICAL | 9.5 | 0 to 6.2.2 | 6.2.2 | PCX P mode buffer overflow in Pillow |
| CVE-2020-5311 | CRITICAL | 9.5 | 0 to 6.2.2 | 6.2.2 | Buffer Copy without Checking Size of Input in Pillow |
| CVE-2020-5310 | CRITICAL | 9.5 | 0 to 6.2.2 | 6.2.2 | Integer overflow in Pillow |
| CVE-2016-2533 | HIGH | 7.5 | 0 to 3.1.1 | 3.1.1 | Pillow buffer overflow in ImagingPcdDecode |
| CVE-2021-27922 | HIGH | 7.5 | 0 to 8.1.2 | 8.1.2 | Pillow Uncontrolled Resource Consumption |
| CVE-2020-10378 | HIGH | 7.5 | 0 to 7.1.0 | 7.1.0 | Out-of-bounds read in Pillow |
| CVE-2024-28219 | HIGH | 7.5 | 0 to 10.3.0 | 10.3.0 | Pillow buffer overflow vulnerability |
| CVE-2019-19911 | HIGH | 7.5 | 0 to 6.2.2 | 6.2.2 | Uncontrolled Resource Consumption in Pillow |
| CVE-2021-25287 | HIGH | 7.5 | 2.4.0 to 8.2.0 | 8.2.0 | Out-of-bounds Read in Pillow |
| CVE-2021-28676 | HIGH | 7.5 | 0 to 8.2.0 | 8.2.0 | Potential infinite loop in Pillow |
| CVE-2020-10379 | HIGH | 7.5 | 0 to 7.1.0 | 7.1.0 | Buffer overflow in Pillow |
| CVE-2023-44271 | HIGH | 7.5 | 0 to 10.0.0 | 10.0.0 | Pillow Denial of Service vulnerability |
| CVE-2021-25290 | HIGH | 7.5 | 0 to 8.1.1 | 8.1.1 | Out-of-bounds Write in Pillow |
| CVE-2016-0775 | HIGH | 7.5 | 0 to 3.1.1 | 3.1.1 | Pillow Buffer overflow in ImagingFliDecode |
| CVE-2021-27923 | HIGH | 7.5 | 0 to 8.1.2 | 8.1.2 | Pillow Denial of Service by Uncontrolled Resource Consumption |
| CVE-2021-23437 | HIGH | 7.5 | 5.2.0 to 8.3.2 | 8.3.2 | Uncontrolled Resource Consumption in pillow |
| CVE-2022-24303 | HIGH | 7.5 | 0 to 9.0.1 | 9.0.1 | Path traversal in Pillow |
| CVE-2026-25990 | HIGH | 7.5 | 10.3.0 to 12.1.1 | 12.1.1 | Pillow affected by out-of-bounds write when loading PSD images |
| CVE-2014-3589 | HIGH | 7.5 | 0 to 2.3.2; 2.5 to 2.5.2 | 2.3.2 | Pillow denial of service via Crafted Block Size |
| CVE-2020-10177 | HIGH | 7.5 | 0 to 7.1.0 | 7.1.0 | Out-of-bounds reads in Pillow |
| CVE-2021-27921 | HIGH | 7.5 | 0 to 8.1.2 | 8.1.2 | Pillow Denial of Service by Uncontrolled Resource Consumption |
| CVE-2020-35653 | HIGH | 7.5 | 0 to 8.1.0 | 8.1.0 | Pillow Out-of-bounds Read |
| CVE-2021-28675 | HIGH | 7.5 | 0 to 8.2.0 | 8.2.0 | Pillow denial of service |
| CVE-2014-9601 | HIGH | 7.5 | 0 to 2.7.0 | 2.7.0 | Pillow denial of service via PNG bomb |
| CVE-2020-5313 | HIGH | 7.5 | 0 to 6.2.2 | 6.2.2 | Out-of-bounds Read in Pillow |
| CVE-2022-30595 | HIGH | 7.5 | 9.1.0 to 9.1.1 | 9.1.1 | Buffer over-flow in Pillow |
| CVE-2014-3598 | HIGH | 7.5 | 0 to 2.5.3 | 2.5.3 | Pillow is vulnerable to Denial of Service (DOS) in the Jpeg2KImagePlugin |
| CVE-2023-4863 | HIGH | 7.5 | 0 to 0.1.8; 0 to 0.9.3; 22.0.0 to 22.3.24; 24.0.0 to 24.8.3; 25.0.0 to 25.8.1; 26.0.0 to 26.2.1; 27.0.0-beta.1 to 27.0.0-beta.2; 2.0.0 to 2.88.6; 1.1.2 to 1.4.0; 0 to 10.0.1; 0 to 0.2.6; 0 to 13.3.0; 0 to 13.3.0; 0 to 13.3.0; 0 to 13.3.0; 0 to 13.3.0; 0 to 13.3.0; 0 to 0.0.0-20250406010349-76805d5a8860; 0.0.0 to 1.1.2-0.20250406010349-76805d5a8860 | 0.1.8 | libwebp: OOB write in BuildHuffmanTable |
| CVE-2019-16865 | HIGH | 7.5 | 0 to 6.2.0 | 6.2.0 | DOS attack in Pillow when processing specially crafted image files |
| CVE-2022-45198 | HIGH | 7.5 | 0 to 9.2.0 | 9.2.0 | Pillow vulnerable to Data Amplification attack. |
| CVE-2021-25291 | HIGH | 7.5 | 0 to 8.2.0 | 8.2.0 | Out of bounds read in Pillow |
| CVE-2021-25293 | HIGH | 7.5 | 4.3.0 to 8.1.1 | 8.1.1 | Out of bounds read in Pillow |
| CVE-2026-42311 | HIGH | 7.5 | 10.3.0 to 12.2.0 | 12.2.0 | Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow) |
| CVE-2022-45199 | HIGH | 7.5 | 9.2.0 to 9.3.0 | 9.3.0 | Pillow subject to DoS via SAMPLESPERPIXEL tag |
| CVE-2021-28677 | HIGH | 7.5 | 0 to 8.2.0 | 8.2.0 | Uncontrolled Resource Consumption in Pillow |
| CVE-2021-25288 | HIGH | 7.5 | 2.4.0 to 8.2.0 | 8.2.0 | Pillow Out-of-bounds Read vulnerability |
| CVE-2016-3076 | HIGH | 7.5 | 2.5.0 to 3.1.2 | 3.1.2 | Pillow Buffer overflow in Jpeg2KEncode.c |
| CVE-2020-10994 | HIGH | 7.5 | 0 to 7.1.0 | 7.1.0 | Out-of-bounds reads in Pillow |
| CVE-2020-35654 | HIGH | 7.5 | 0 to 8.1.0 | 8.1.0 | Pillow Out-of-bounds Write |
| CVE-2016-9190 | HIGH | 7.5 | 0 to 3.3.2 | 3.3.2 | Arbitrary code using "crafted image file" approach affecting Pillow |
| CVE-2026-40192 | HIGH | 7.5 | 10.3.0 to 12.2.0 | 12.2.0 | FITS GZIP decompression bomb in Pillow |
| CVE-2014-1932 | HIGH | 7.5 | 0 to 2.3.1 | 2.3.1 | PIL and Pillow Vulnerable to Symlink Attack on Tmpfiles |
| CVE-2025-48379 | HIGH | 7.5 | 11.2.0 to 11.3.0 | 11.3.0 | Pillow vulnerability can cause write buffer overflow on BCn encoding |
| CVE-2026-42309 | MODERATE | 5.0 | 11.2.1 to 12.2.0 | 12.2.0 | Pillow has a heap buffer overflow with nested list coordinates |
| CVE-2021-25292 | MODERATE | 5.0 | 5.1.0 to 8.1.1 | 8.1.1 | Regular Expression Denial of Service (ReDoS) in Pillow |
| CVE-2020-35655 | MODERATE | 5.0 | 4.3.0 to 8.1.0 | 8.1.0 | Pillow Out-of-bounds Read |
| CVE-2016-0740 | MODERATE | 5.0 | 0 to 3.1.1 | 3.1.1 | Pillow Buffer overflow in ImagingLibTiffDecode |
| CVE-2021-28678 | MODERATE | 5.0 | 5.1.0 to 8.2.0 | 8.2.0 | Insufficient Verification of Data Authenticity in Pillow |
| GHSA-jgpv-4h4c-xhw3 | MODERATE | 5.0 | 0 to 8.1.2 | 8.1.2 | Uncontrolled Resource Consumption in pillow |
| CVE-2022-22815 | MODERATE | 5.0 | 0 to 9.0.0 | 9.0.0 | Improper Initialization in Pillow |
| CVE-2026-42310 | MODERATE | 5.0 | 4.2.0 to 12.2.0 | 12.2.0 | Pillow has a PDF Parsing Trailer Infinite Loop (DoS) |
| CVE-2014-1933 | MODERATE | 5.0 | 0 to 2.3.1 | 2.3.1 | Pillow Temporary file name leakage |
| CVE-2016-9189 | MODERATE | 5.0 | 0 to 3.3.2 | 3.3.2 | Pillow Integer overflow in Map.c |
| CVE-2026-42308 | MODERATE | 5.0 | 0 to 12.2.0 | 12.2.0 | Pillow has an integer overflow when processing fonts |
| CVE-2022-22816 | MODERATE | 5.0 | 0 to 9.0.0 | 9.0.0 | Out-of-bounds Read in Pillow |
| GHSA-4fx9-vc88-q2xc | LOW | 2.5 | 0 to 9.0.0 | 9.0.0 | Infinite loop in Pillow |
| OSV-2022-1074 | UNKNOWN | - | bb2016794f1f9bf9e4726727080e1beb789823fb to f7363c1091c70356d92e56abfca6b65bef9e7b26 | f7363c1091c70356d92e56abfca6b65bef9e7b26 | Invalid-free in _dealloc |
| OSV-2022-715 | UNKNOWN | - | c58d2817bc891c26e6b8098b8909c0eb2e7ce61b to 9887544fafcd13cc8afcfa0c6d0f2e6facc1a8b8 | 9887544fafcd13cc8afcfa0c6d0f2e6facc1a8b8 | Segv on unknown address in jpeg_read_scanlines |
| CVE-2014-3589 | UNKNOWN | - | 0 to 205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d; 2.5 to 2.5.2 | 205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d | PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. |
| CVE-2014-1932 | UNKNOWN | - | 0 to 4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7; 0 to 2.3.1 | 4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7 | The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (P |
| CVE-2014-1933 | UNKNOWN | - | 0 to 4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7; 0 to 2.3.1 | 4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7 | The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes |
| CVE-2014-3007 | UNKNOWN | - | 0 to 2.5.0 | 2.5.0 | Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibl |
| CVE-2014-3598 | UNKNOWN | - | 0 to 2.5.3 | 2.5.3 | The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image. |
| CVE-2014-9601 | UNKNOWN | - | 0 to 2.7.0 | 2.7.0 | Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. |
| CVE-2016-2533 | UNKNOWN | - | 0 to ae453aa18b66af54e7ff716f4ccb33adca60afd4; 0 to 3.1.1 | 5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9 | Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) v |
| CVE-2016-0740 | UNKNOWN | - | 0 to 6dcbf5bd96b717c58d7b642949da8d323099928e; 0 to 3.1.1 | 6dcbf5bd96b717c58d7b642949da8d323099928e | Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. |
| CVE-2016-0775 | UNKNOWN | - | 0 to 893a40850c2d5da41537958e40569c029a6e127b; 0 to 3.1.1 | 893a40850c2d5da41537958e40569c029a6e127b | Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. |
| CVE-2016-4009 | UNKNOWN | - | 0 to 4e0d9b0b9740d258ade40cce248c93777362ac1e; 0 to 3.1.1 | 4e0d9b0b9740d258ade40cce248c93777362ac1e | Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which |
| CVE-2016-9189 | UNKNOWN | - | 0 to 3.3.2 | 3.3.2 | Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_b |
| CVE-2016-9190 | UNKNOWN | - | 0 to 3.3.2 | 3.3.2 | Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in S |
| CVE-2016-3076 | UNKNOWN | - | 2.5.0 to 3.1.2 | 3.1.2 | Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. |
| CVE-2019-16865 | UNKNOWN | - | 0 to 6.2.0 | 6.2.0 | An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of tim |
| CVE-2019-19911 | UNKNOWN | - | 0 to 6.2.2 | 6.2.2 | There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit P |
| CVE-2020-10177 | UNKNOWN | - | 0 to 7.1.0 | 7.1.0 | Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. |
| CVE-2020-10378 | UNKNOWN | - | 0 to 6a83e4324738bb0452fbe8074a995b1c73f08de7; 0 to 7.1.0 | 6a83e4324738bb0452fbe8074a995b1c73f08de7 | In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer. |
| CVE-2020-10379 | UNKNOWN | - | 0 to 46f4a349b88915787fea3fb91348bb1665831bbb; 0 to 7.1.0 | 46f4a349b88915787fea3fb91348bb1665831bbb | In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c. |
| CVE-2020-10994 | UNKNOWN | - | 0 to 7.0.0 | 7.0.0 | In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file. |
| CVE-2020-11538 | UNKNOWN | - | 0 to 7.1.0 | 7.1.0 | In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. |
| CVE-2020-5310 | UNKNOWN | - | 0 to 4e2def2539ec13e53a82e06c4b3daf00454100c4; 0 to 6.2.2 | 4e2def2539ec13e53a82e06c4b3daf00454100c4 | libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. |
| CVE-2020-5311 | UNKNOWN | - | 0 to a79b65c47c7dc6fe623aadf09aa6192fc54548f3; 0 to 6.2.2 | a79b65c47c7dc6fe623aadf09aa6192fc54548f3 | libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. |
| CVE-2020-5312 | UNKNOWN | - | 0 to 93b22b846e0269ee9594ff71a72bec02d2bea8fd; 0 to 6.2.2 | 93b22b846e0269ee9594ff71a72bec02d2bea8fd | libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. |
| CVE-2020-5313 | UNKNOWN | - | 0 to a09acd0decd8a87ccce939d5ff65dab59e7d365b; 0 to 6.2.2 | a09acd0decd8a87ccce939d5ff65dab59e7d365b | libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. |
| CVE-2021-25287 | UNKNOWN | - | 0 to 8.2.0 | 8.2.0 | An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la. |
| CVE-2021-25288 | UNKNOWN | - | 0 to 8.2.0 | 8.2.0 | An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i. |
| CVE-2021-28675 | UNKNOWN | - | 0 to 8.2.0 | 8.2.0 | An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Imag |
| CVE-2021-23437 | UNKNOWN | - | 0 to 9e08eb8f78fdfd2f476e1b20b7cf38683754866b; 0 to 8.3.2 | 9e08eb8f78fdfd2f476e1b20b7cf38683754866b | The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. |
| CVE-2021-34552 | UNKNOWN | - | 0 to 8.3.0 | 8.3.0 | Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. |
| CVE-2021-25289 | UNKNOWN | - | 0 to 8.1.1 | 8.1.1 | An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOT |
| CVE-2021-25290 | UNKNOWN | - | 0 to 8.1.1 | 8.1.1 | An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. |
| CVE-2021-25291 | UNKNOWN | - | 0 to 8.1.1 | 8.1.1 | An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. |
| CVE-2021-25292 | UNKNOWN | - | 0 to 8.1.1 | 8.1.1 | An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. |
| CVE-2021-25293 | UNKNOWN | - | 0 to 8.1.1 | 8.1.1 | An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. |
| CVE-2021-27921 | UNKNOWN | - | 0 to 8.1.1 | 8.1.1 | Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted |
| CVE-2021-27922 | UNKNOWN | - | 0 to 8.1.1 | 8.1.1 | Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempt |
| CVE-2021-27923 | UNKNOWN | - | 0 to 8.1.1 | 8.1.1 | Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempte |
| CVE-2020-35653 | UNKNOWN | - | 0 to 8.1.0 | 8.1.0 | In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. |
| CVE-2020-35654 | UNKNOWN | - | 0 to 8.1.0 | 8.1.0 | In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. |
| CVE-2020-35655 | UNKNOWN | - | 4.3.0 to 8.1.0 | 8.1.0 | In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. |
| CVE-2021-28676 | UNKNOWN | - | 0 to 8.2.0 | 8.2.0 | An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load. |
| CVE-2021-28677 | UNKNOWN | - | 0 to 8.2.0 | 8.2.0 | An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally qu |
| CVE-2021-28678 | UNKNOWN | - | 0 to 8.2.0 | 8.2.0 | An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder |
| CVE-2022-22817 | UNKNOWN | - | 0 to 9.0.0 | 9.0.0 | PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. |
| CVE-2022-24303 | UNKNOWN | - | 0 to 9.0.1 | 9.0.1 | Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. |
| CVE-2022-45198 | UNKNOWN | - | 0 to 11918eac0628ec8ac0812670d9838361ead2d6a4; 0 to 9.2.0 | 11918eac0628ec8ac0812670d9838361ead2d6a4 | Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification). |
| CVE-2022-45199 | UNKNOWN | - | 0 to 2444cddab2f83f28687c7c20871574acbb6dbcf3; 9.2.0 to 9.3.0 | 2444cddab2f83f28687c7c20871574acbb6dbcf3 | Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. |
| CVE-2022-30595 | UNKNOWN | - | 9.1.0 to 9.1.1 | 9.1.1 | libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. |
| CVE-2022-22815 | UNKNOWN | - | 0 to 9.0.0 | 9.0.0 | path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. |
| CVE-2022-22816 | UNKNOWN | - | 0 to 9.0.0 | 9.0.0 | path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. |
| PYSEC-2023-175 | UNKNOWN | - | 0 to 10.0.1 | 10.0.1 | Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2. |
| CVE-2023-44271 | UNKNOWN | - | 0 to 1fe1bb49c452b0318cad12ea9d97c3bef188e9a7; 0 to 10.0.0 | 1fe1bb49c452b0318cad12ea9d97c3bef188e9a7 | An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of |
| CVE-2025-48379 | UNKNOWN | - | 0 to ef98b3510e3e4f14b547762764813d7e5ca3c5a4; 11.2.0 to 11.3.0 | 89f1f4626a2aaf5f3d5ca6437f41def2998fbe09 | Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format |
Security Recommendations
- Pin Pillow to the latest stable version (12.2.0) in your dependency manifest
- Enable automated dependency updates with Dependabot or Renovate
- Run regular vulnerability scans using
pip-audit - Review your lock file (requirements.txt) after every update
- Monitor the OSV database and NIST NVD for new advisories
FAQ
Is Pillow safe to use?
Pillow is actively maintained and widely used. As of 2026-05-24, there are 118 known vulnerabilities listed in the OSV database. Most have patches available. Keeping your dependencies updated and running regular security audits significantly reduces risk.
What vulnerabilities does Pillow have?
The OSV database currently lists 118 vulnerabilities for Pillow. These range in severity and are detailed in the vulnerability table above. Check the linked advisories for full technical details and remediation guidance.
How do I update Pillow to fix vulnerabilities?
Run pip install --upgrade pillow to get the newest version. Use pip-audit or safety check to scan for known vulnerabilities. Pin your dependencies with a requirements file and review updates regularly.
Using AI-Generated Code with Pillow?
Our vibe coding security audit checks for misconfigurations, exposed secrets and vulnerable dependencies in AI-generated codebases. If your project uses Pillow, we can verify it is locked to a safe version and properly configured.
Get a Vibe Coding Security Audit