To report sensitive vulnerability information, report it privately on GitHub.
If you cannot use GitHub, use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
DO NOT report sensitive vulnerability information in public.
Security: python-pillow/Pillow
Security
.github/SECURITY.md
-
Out-of-bounds write when loading PSD imagesGHSA-cfh3-3jmp-rvhc published
Feb 11, 2026 by radarhereHigh -
Write buffer overflow on BCn encodingGHSA-xg8h-j46f-w952 published
Jul 1, 2025 by radarhereHigh
Learn more about advisories related to python-pillow/Pillow in the GitHub Advisory Database