Is Pillow safe to use?

Pillow has 3 known vulnerabilities on the latest version (12.2.0). DepScope rates its health at 88/100 (low risk).

What is the latest version of Pillow?

The latest version of Pillow is 12.2.0, released 2026-04-01.

Does Pillow have known vulnerabilities?

Yes. Pillow has 3 known vulnerabilities. See depscope.dev/pkg/pypi/Pillow for details.

Is Pillow deprecated?

No, Pillow is actively maintained. Latest release: 12.2.0 (2026-04-01).

What are alternatives to Pillow?

Popular alternatives to Pillow in PyPI include: boto3, packaging, idna, urllib3, typing-extensions.

What license does Pillow use?

Pillow is licensed under MIT-CMU.

Pillow

pypiv12.2.0

Python Imaging Library (fork)

License MIT-CMU106 versions26 deps104,037,854 weekly dl

python-pillow/Pillow

/ 100

Health

update required

[email protected] has vulnerabilities — update to latest

Update to >= 9887544fafcd13cc8afcfa0c6d0f2e6facc1a8b8 to fix known vulnerabilities

1 high severity vulnerabilities

Health breakdown0 – 100

25/25

maintenance

20/20

popularity

20/25

security

15/15

maturity

8/15

community

Vulnerabilities

1 high2 low

Advisories (3)

Severity	ID	Summary	Fixed in
high	A-299477569	libwebp: OOB write in BuildHuffmanTable	1.1.2-0.20250406010349-76805d5a8860
unknown	OSV-2022-1074	Invalid-free in _dealloc	f7363c1091c70356d92e56abfca6b65bef9e7b26
unknown	OSV-2022-715	Segv on unknown address in jpeg_read_scanlines	9887544fafcd13cc8afcfa0c6d0f2e6facc1a8b8

OSS Scorecard

OpenSSF security posture score

7.8/10

strong

Maintainer trust

Active maintainers (3m)

6

Contributors (12m)

6

Primary author dominance

45%

GitHub stars

13,528

Quality signals

OSS Criticality

0.53high

Download trend

stable(+0.2%)

Publish security

API token

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/pypi/Pillow