PyPI pillow Vulnerabilities: CVEs, CISA KEV & Security Advisories

This page aggregates every publicly disclosed vulnerability (CVE) affecting PyPI pillow, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.

Affected versions and CVEs

Browse every PyPI pillow version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

1.046 CVEs
1.146 CVEs
1.246 CVEs
1.346 CVEs
1.446 CVEs
1.546 CVEs
1.646 CVEs
1.7.046 CVEs
1.7.146 CVEs
1.7.246 CVEs
1.7.346 CVEs
1.7.446 CVEs
1.7.546 CVEs
1.7.646 CVEs
1.7.746 CVEs
1.7.846 CVEs
2.0.046 CVEs
2.1.046 CVEs
2.2.046 CVEs
2.2.146 CVEs
2.2.246 CVEs
2.3.046 CVEs
2.3.144 CVEs
2.5.044 CVEs
2.5.144 CVEs
2.3.243 CVEs
2.4.043 CVEs
2.5.243 CVEs
2.5.342 CVEs
2.6.042 CVEs
2.6.142 CVEs
2.6.242 CVEs
2.7.041 CVEs
2.8.041 CVEs
2.8.141 CVEs
2.8.241 CVEs
2.9.041 CVEs
3.0.041 CVEs
3.1.041 CVEs
3.1.0.rc141 CVEs
3.1.0rc141 CVEs
3.1.138 CVEs
3.1.237 CVEs
3.2.037 CVEs
3.3.037 CVEs
3.3.137 CVEs
4.3.036 CVEs
5.0.036 CVEs
5.1.036 CVEs
5.2.036 CVEs
5.3.036 CVEs
5.4.036 CVEs
5.4.0.dev036 CVEs
5.4.136 CVEs
6.0.036 CVEs
6.1.036 CVEs
3.3.235 CVEs
3.3.335 CVEs
3.4.035 CVEs
3.4.135 CVEs
3.4.235 CVEs
4.0.035 CVEs
4.1.035 CVEs
4.1.135 CVEs
4.2.035 CVEs
4.2.135 CVEs
6.2.035 CVEs
6.2.135 CVEs
6.2.230 CVEs
7.0.029 CVEs
7.1.025 CVEs
7.1.125 CVEs
7.1.225 CVEs
7.2.025 CVEs
8.0.025 CVEs
8.0.125 CVEs
8.1.022 CVEs
8.1.114 CVEs
8.1.214 CVEs
8.2.08 CVEs
8.3.07 CVEs
8.3.17 CVEs
8.3.26 CVEs
8.4.06 CVEs
9.0.03 CVEs
9.1.03 CVEs
9.0.12 CVEs
9.1.12 CVEs
9.2.02 CVEs
11.2.01 CVE
11.2.11 CVE
9.3.01 CVE
9.4.01 CVE
9.5.01 CVE

Fixed in

8.1.18 CVEs
8.2.06 CVEs
6.2.25 CVEs
7.1.04 CVEs
3.1.13 CVEs
8.1.03 CVEs
9.0.03 CVEs
2.3.12 CVEs
3.3.22 CVEs
4e9f367dfd3f04c8f5d23f7f759ec12782e10ee72 CVEs
10.0.01 CVE
11.3.01 CVE
11918eac0628ec8ac0812670d9838361ead2d6a41 CVE

Find a version

51 CVEs

Sort

Pillow Vulnerable to Write Buffer Overflow on BCn encoding
CVE-2025-48379
Patch
CWE-122
High · CVSS 7.1
EPSS 0.1% (28th pct)2025-07-01
Vulnerability · 2023-11-03
CVE-2023-44271
Patch
Unscored
EPSS 0.2% (47th pct)2023-11-03
Vulnerability · 2022-11-14
CVE-2022-45199
Patch
Unscored
EPSS 0.2% (36th pct)2022-11-14
Vulnerability · 2022-11-14
CVE-2022-45198
Patch
Unscored
EPSS 0.3% (57th pct)2022-11-14
Vulnerability · 2022-05-25
CVE-2022-30595
Patch
Unscored
EPSS 0.6% (70th pct)2022-05-25
Vulnerability · 2022-03-28
CVE-2022-24303
Patch
Unscored
EPSS 2.2% (85th pct)2022-03-28
Critical vulnerability · 2022-01-07
CVE-2022-22817
Patch
Critical · CVSS 9.8
EPSS 2.8% (86th pct)2022-01-07
Vulnerability · 2022-01-07
CVE-2022-22816
Patch
Unscored
EPSS 0.1% (33th pct)2022-01-07
Vulnerability · 2022-01-07
CVE-2022-22815
Patch
Unscored
EPSS 0.1% (26th pct)2022-01-07
High vulnerability · 2021-09-03
CVE-2021-23437
Patch
High · CVSS 7.5
EPSS 0.2% (46th pct)2021-09-03
Vulnerability · 2021-07-13
CVE-2021-34552
Patch
Unscored
EPSS 0.3% (57th pct)2021-07-13
Vulnerability · 2021-06-02
CVE-2021-28677
Patch
Unscored
EPSS 0.3% (52th pct)2021-06-02
Vulnerability · 2021-06-02
CVE-2021-28678
Patch
Unscored
EPSS 0.1% (29th pct)2021-06-02
Vulnerability · 2021-06-02
CVE-2021-25288
Patch
Unscored
EPSS 0.3% (50th pct)2021-06-02
Vulnerability · 2021-06-02
CVE-2021-25287
Patch
Unscored
EPSS 0.3% (57th pct)2021-06-02
Vulnerability · 2021-06-02
CVE-2021-28675
Patch
Unscored
EPSS 0.1% (34th pct)2021-06-02
Vulnerability · 2021-06-02
CVE-2021-28676
Patch
Unscored
EPSS 0.4% (61th pct)2021-06-02
Vulnerability · 2021-03-19
CVE-2021-25293
Patch
Unscored
EPSS 0.2% (38th pct)2021-03-19
Vulnerability · 2021-03-19
CVE-2021-25292
Patch
Unscored
EPSS 0.2% (40th pct)2021-03-19
Vulnerability · 2021-03-19
CVE-2021-25291
Patch
Unscored
EPSS 0.5% (68th pct)2021-03-19
Vulnerability · 2021-03-19
CVE-2021-25290
Patch
Unscored
EPSS 0.3% (50th pct)2021-03-19
Vulnerability · 2021-03-19
CVE-2021-25289
Patch
Unscored
EPSS 0.8% (74th pct)2021-03-19
Vulnerability · 2021-03-03
CVE-2021-27921
Patch
Unscored
EPSS 0.4% (63th pct)2021-03-03
Vulnerability · 2021-03-03
CVE-2021-27922
Patch
Unscored
EPSS 0.3% (55th pct)2021-03-03
Vulnerability · 2021-03-03
CVE-2021-27923
Patch
Unscored
EPSS 0.4% (63th pct)2021-03-03
Vulnerability · 2021-01-12
CVE-2020-35655
Patch
Unscored
EPSS 0.3% (51th pct)2021-01-12
Vulnerability · 2021-01-12
CVE-2020-35654
Patch
Unscored
EPSS 0.2% (42th pct)2021-01-12
Vulnerability · 2021-01-12
CVE-2020-35653
Patch
Unscored
EPSS 0.3% (53th pct)2021-01-12
Vulnerability · 2020-06-25
CVE-2020-10177
Patch
Unscored
EPSS 0.3% (55th pct)2020-06-25
Vulnerability · 2020-06-25
CVE-2020-11538
Patch
Unscored
EPSS 0.3% (50th pct)2020-06-25

Showing 30 of 51

PyPI pillow Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Specific versions

Fixed in

Common weakness types

Disclosure activity by year

Other PyPI products

Frequently asked questions

How many CVEs does PyPI pillow have?

How many PyPI pillow CVEs are in CISA KEV?

Are there public exploits for PyPI pillow vulnerabilities?

Which versions of PyPI pillow are affected?

What are the most common weakness types in PyPI pillow CVEs?

How many critical PyPI pillow vulnerabilities are there?

What is the average severity of PyPI pillow CVEs?

References

Track PyPI pillow vulnerabilities