CVE-2016-3076

Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a…

CVE-2017-5992

Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document. (CVSS:5.8) (Last Update:2017-02-17)

CVE-2016-9015

Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS…

CVE-2016-9190

Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the “crafted image file” approach, related to an “Insecure Sign Extension” issue affecting…

CVE-2016-9189

Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the “crafted image file” approach, related to an “Integer Overflow” issue affecting the…