| 2023-08-22 | CVE-2022-48565 | XXE vulnerability in multiple products
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. | 9.8 |
| 2022-10-21 | CVE-2022-37454 | Integer Overflow or Wraparound vulnerability in multiple products
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. | 9.8 |
| 2022-05-25 | CVE-2022-30595 | Out-of-bounds Write vulnerability in Python Pillow 9.1.0
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. | 9.8 |
| 2022-05-08 | CVE-2022-28470 | Unspecified vulnerability in Python Pypi
marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor. network low complexity python critical | 9.8 |
| 2022-03-28 | CVE-2022-24303 | Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. | 9.1 |
| 2022-01-10 | CVE-2022-22817 | PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. | 9.8 |
| 2021-10-18 | CVE-2021-42576 | The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. | 9.8 |
| 2021-07-13 | CVE-2021-34552 | Classic Buffer Overflow vulnerability in multiple products
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. | 9.8 |
| 2021-06-02 | CVE-2021-25287 | Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Pillow before 8.2.0. | 9.1 |
| 2021-06-02 | CVE-2021-25288 | Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Pillow before 8.2.0. | 9.1 |