GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
58 advisories
Filter by severity
Pillow buffer overflow vulnerability
Moderate
CVE-2024-28219
was published
for
pillow
(pip)
Apr 3, 2024
Pillow Denial of Service vulnerability
High
CVE-2023-44271
was published
for
pillow
(pip)
Nov 3, 2023
Bundled libwebp in Pillow vulnerable
High
GHSA-56pw-mpj4-fxww
was published
for
pillow
(pip)
Oct 5, 2023
pretix allows Pillow to parse EPS files
High
CVE-2023-44464
was published
for
pretix
(pip)
Sep 29, 2023
libwebp: OOB write in BuildHuffmanTable
High
CVE-2023-4863
was published
for
Pillow
(Go)
Sep 12, 2023
Pillow vulnerable to Data Amplification attack.
High
CVE-2022-45198
was published
for
pillow
(pip)
Nov 14, 2022
Pillow subject to DoS via SAMPLESPERPIXEL tag
High
CVE-2022-45199
was published
for
pillow
(pip)
Nov 14, 2022
Buffer Copy without Checking Size of Input in Pillow
Critical
CVE-2020-5311
was published
for
pillow
(pip)
May 24, 2022
Pillow Buffer overflow in Jpeg2KEncode.c
Moderate
CVE-2016-3076
was published
for
pillow
(pip)
May 17, 2022
PIL and Pillow Vulnerable to Symlink Attack on Tmpfiles
Moderate
CVE-2014-1932
was published
for
pillow
(pip)
May 17, 2022
Pillow denial of service via PNG bomb
Moderate
CVE-2014-9601
was published
for
pillow
(pip)
May 14, 2022
Pillow denial of service via Crafted Block Size
Moderate
CVE-2014-3589
was published
for
pillow
(pip)
May 14, 2022
Pillow is vulnerable to Denial of Service (DOS) in the Jpeg2KImagePlugin
Moderate
CVE-2014-3598
was published
for
pillow
(pip)
May 14, 2022
Improper Initialization in Pillow
Moderate
CVE-2022-22815
was published
for
Pillow
(pip)
Jan 12, 2022
Arbitrary expression injection in Pillow
Critical
CVE-2022-22817
was published
for
Pillow
(pip)
Jan 12, 2022
ProTip!
Advisories are also available from the
GraphQL API