Vulnerabilities > Python
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-10 | CVE-2022-22815 | Improper Initialization vulnerability in multiple products path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. | 6.5 |
| 2022-01-10 | CVE-2022-22816 | Out-of-bounds Read vulnerability in multiple products path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. | 6.5 |
| 2022-01-10 | CVE-2022-22817 | PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. | 9.8 |
| 2021-10-18 | CVE-2021-42576 | The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. | 9.8 |
| 2021-09-03 | CVE-2021-23437 | Out-of-bounds Read vulnerability in multiple products The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. | 7.5 |
| 2021-07-13 | CVE-2021-34552 | Classic Buffer Overflow vulnerability in multiple products Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. | 9.8 |
| 2021-06-29 | CVE-2021-33503 | Resource Exhaustion vulnerability in multiple products An issue was discovered in urllib3 before 1.26.5. | 7.5 |
| 2021-06-02 | CVE-2021-25287 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Pillow before 8.2.0. | 9.1 |
| 2021-06-02 | CVE-2021-25288 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Pillow before 8.2.0. | 9.1 |
| 2021-06-02 | CVE-2021-28676 | Infinite Loop vulnerability in multiple products An issue was discovered in Pillow before 8.2.0. | 7.5 |