python-pillow pillow Vulnerabilities: CVEs, CISA KEV & Security Advisories

Severity and exploitation

How the CVSS severity of python-pillow pillow's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical1

High6

Medium8

Low9

49 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

None of python-pillow pillow's CVEs are currently listed in CISA's KEV catalog.

Public exploits

6 of python-pillow pillow's CVEs have a known public exploit available.

Affected versions and CVEs

Browse every python-pillow pillow version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

1.265 CVEs
1.7.665 CVEs
1.7.765 CVEs
1.7.865 CVEs
1.064 CVEs
2.0.053 CVEs
2.1.046 CVEs
2.2.046 CVEs
2.2.146 CVEs
2.2.246 CVEs
2.3.046 CVEs
2.5.046 CVEs
2.6.045 CVEs
2.6.0-rc145 CVEs
2.7.045 CVEs
2.8.045 CVEs
2.8.145 CVEs
2.9.045 CVEs
2.9.0.dev045 CVEs
2.9.0.dev145 CVEs
2.9.0.dev245 CVEs
3.0.045 CVEs
3.1.045 CVEs
3.1.0-rc145 CVEs
3.2.041 CVEs
3.3.041 CVEs
3.3.141 CVEs
5.2.041 CVEs
5.3.041 CVEs
5.4.041 CVEs
6.0.041 CVEs
6.1.041 CVEs
4.3.040 CVEs
5.0.040 CVEs
5.1.040 CVEs
6.2.040 CVEs
3.4.039 CVEs
4.0.039 CVEs
4.0.0a39 CVEs
4.1.039 CVEs
4.2.039 CVEs
7.0.039 CVEs
7.1.034 CVEs
7.2.034 CVEs
8.0.034 CVEs
8.1.031 CVEs
8.2.018 CVEs
8.3.017 CVEs
8.4.016 CVEs
9.0.014 CVEs
9.1.07 CVEs
9.2.05 CVEs
9.3.04 CVEs
9.4.04 CVEs
9.5.04 CVEs
10.0.03 CVEs
10.1.03 CVEs
10.2.02 CVEs
10.3.02 CVEs
10.4.02 CVEs
11.0.02 CVEs
11.1.02 CVEs
11.2.12 CVEs
11.3.01 CVE
12.0.01 CVE
12.1.01 CVE
6.2.11 CVE
8.3.11 CVE

Fixed in

baea361b9a29e9a1dfa5a9b8e11bc9624a9cee4612 CVEs
741d8744a54bedbc49f16922c61a06fcb3681f538 CVEs
e0e353c0ef7516979a9aedce3792596649ce44336 CVEs
75af7e00db304ed34557c856c609d10ecf44d49c5 CVEs
a45c8583ff90312a2fddc38567ed736cef4af5635 CVEs
f0fe60ae9f930faeda2f0c22f602bed1f8a0f1c74 CVEs
fcc42e0d344146ee9d265d1f43c094ce5a0ec4cf3 CVEs
6deac9e3a23caffbfdd75c00d3f0a1cd36cdbd5d2 CVEs
82541b6dec8452cb612067fcebba1c5a1a2bfdc82 CVEs
11918eac0628ec8ac0812670d9838361ead2d6a41 CVE
1fe1bb49c452b0318cad12ea9d97c3bef188e9a7

Find a version

73 CVEs

Sort

Pillow: OOB Write with Invalid PSD Tile Extents (Integer Overflow)
CVE-2026-42311
Patch
CWE-190
High · CVSS 8.6
EPSS 0.0% (6th pct)2026-05-09
Pillow: PDF Parsing Trailer Infinite Loop (DoS)
CVE-2026-42310
Patch
CWE-835
Medium · CVSS 5.1
EPSS 0.0% (2th pct)2026-05-09
Pillow: Integer overflow when processing fonts
CVE-2026-42308
Patch
CWE-190
Medium · CVSS 5.1
EPSS 0.0% (3th pct)2026-05-09
Pillow: Heap buffer overflow with nested list coordinates
CVE-2026-42309
Patch
CWE-122
Medium · CVSS 5.1
EPSS 0.0% (3th pct)2026-05-09
Pillow is vulnerable to a FITS GZIP decompression bomb
CVE-2026-40192
Patch
CWE-770
High · CVSS 8.7
EPSS 0.0% (5th pct)2026-04-15
Pillow has an out-of-bounds write when loading PSD images
CVE-2026-25990
Patch
CWE-787
High · CVSS 8.6
EPSS 0.0% (3th pct)2026-02-11
Pillow Vulnerable to Write Buffer Overflow on BCn encoding
CVE-2025-48379
Patch
CWE-122
High · CVSS 7.1
EPSS 0.1% (28th pct)2025-07-01
Medium vulnerability · 2024-04-03
CVE-2024-28219
Patch
CWE-680
Medium · CVSS 6.7
EPSS 0.4% (58th pct)2024-04-03
High vulnerability · 2024-01-19
CVE-2023-50447
Patch
CWE-95
High · CVSS 8.1
EPSS 0.8% (74th pct)2024-01-19
Vulnerability · 2023-11-03
CVE-2023-44271
Patch
Unscored
EPSS 0.2% (47th pct)2023-11-03
Vulnerability · 2022-11-14
CVE-2022-45199
Patch
Unscored
EPSS 0.2% (36th pct)2022-11-14
Vulnerability · 2022-11-14
CVE-2022-45198
Patch
Unscored
EPSS 0.3% (57th pct)2022-11-14
Vulnerability · 2022-05-25
CVE-2022-30595
Patch
Unscored
EPSS 0.6% (70th pct)2022-05-25
Vulnerability · 2022-03-28
CVE-2022-24303
Patch
Unscored
EPSS 2.2% (85th pct)2022-03-28
Critical vulnerability · 2022-01-07
CVE-2022-22817
Patch
Critical · CVSS 9.8
EPSS 2.8% (86th pct)2022-01-07
Vulnerability · 2022-01-07
CVE-2022-22816
Patch
Unscored
EPSS 0.1% (33th pct)2022-01-07
Vulnerability · 2022-01-07
CVE-2022-22815
Patch
Unscored
EPSS 0.1% (26th pct)2022-01-07
High vulnerability · 2021-09-03
CVE-2021-23437
Patch
High · CVSS 7.5
EPSS 0.2% (46th pct)2021-09-03
Vulnerability · 2021-07-13
CVE-2021-34552
Patch
Unscored
EPSS 0.3% (57th pct)2021-07-13
Vulnerability · 2021-06-02
CVE-2021-28677
Patch
Unscored
EPSS 0.3% (52th pct)2021-06-02
Vulnerability · 2021-06-02
CVE-2021-28678
Patch
Unscored
EPSS 0.1% (29th pct)2021-06-02
Vulnerability · 2021-06-02
CVE-2021-25288
Patch
Unscored
EPSS 0.3% (50th pct)2021-06-02
Vulnerability · 2021-06-02
CVE-2021-25287
Patch
Unscored
EPSS 0.3% (57th pct)2021-06-02
Vulnerability · 2021-06-02
CVE-2021-28675
Patch
Unscored
EPSS 0.1% (34th pct)2021-06-02
Vulnerability · 2021-06-02
CVE-2021-28676
Patch
Unscored
EPSS 0.4% (61th pct)2021-06-02
Vulnerability · 2021-03-19
CVE-2021-25293
Patch
Unscored
EPSS 0.2% (38th pct)2021-03-19
Vulnerability · 2021-03-19
CVE-2021-25292
Patch
Unscored
EPSS 0.2% (40th pct)2021-03-19
Vulnerability · 2021-03-19
CVE-2021-25291
Patch
Unscored
EPSS 0.5% (68th pct)2021-03-19
Vulnerability · 2021-03-19
CVE-2021-25290
Patch
Unscored
EPSS 0.3% (50th pct)2021-03-19
Vulnerability · 2021-03-19
CVE-2021-25289
Patch
Unscored
EPSS 0.8% (74th pct)2021-03-19

Showing 30 of 73

Severity and exploitation

python-pillow pillow Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Specific versions

Fixed in

Common weakness types

Disclosure activity by year

Other python-pillow products

Frequently asked questions

How many CVEs does python-pillow pillow have?

How many python-pillow pillow CVEs are in CISA KEV?

Are there public exploits for python-pillow pillow vulnerabilities?

Which versions of python-pillow pillow are affected?

What are the most common weakness types in python-pillow pillow CVEs?

How many critical python-pillow pillow vulnerabilities are there?

What is the average severity of python-pillow pillow CVEs?

References

Track python-pillow pillow vulnerabilities