{"package":"Pillow","ecosystem":"pypi","latest_version":"12.2.0","description":"Python Imaging Library (fork)","license":"MIT-CMU","license_risk":"unknown","commercial_use_notes":"verify manually — license not parseable / not declared.","homepage":"https://pypi.org/project/pillow/","repository":"https://github.com/python-pillow/Pillow","downloads_weekly":98483195,"health":{"score":93,"risk":"low","breakdown":{"maintenance":25,"popularity":20,"security":25,"maturity":15,"community":8,"popularity_floor":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":0,"critical":0,"high":0,"medium":0,"low":0,"details":[]},"versions":{"latest":"12.2.0","total_count":106,"recent":["9.1.0","9.1.1","9.2.0","9.3.0","9.4.0","9.5.0","10.0.0","10.0.1","10.1.0","10.2.0","10.3.0","10.4.0","11.0.0","11.1.0","11.2.1","11.3.0","12.0.0","12.1.0","12.1.1","12.2.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2026-04-01T14:42:15.402392Z","dependencies_count":26,"dependencies":["furo; extra == \"docs\"","olefile; extra == \"docs\"","sphinx>=8.2; extra == \"docs\"","sphinx-autobuild; extra == \"docs\"","sphinx-copybutton; extra == \"docs\"","sphinx-inline-tabs; extra == \"docs\"","sphinxext-opengraph; extra == \"docs\"","olefile; extra == \"fpx\"","olefile; extra == \"mic\"","arro3-compute; extra == \"test-arrow\"","arro3-core; extra == \"test-arrow\"","nanoarrow; extra == \"test-arrow\"","pyarrow; extra == \"test-arrow\"","check-manifest; extra == \"tests\"","coverage>=7.4.2; extra == \"tests\"","defusedxml; extra == \"tests\"","markdown2; extra == \"tests\"","olefile; extra == \"tests\"","packaging; extra == \"tests\"","pyroma>=5; extra == \"tests\"","pytest; extra == \"tests\"","pytest-cov; extra == \"tests\"","pytest-timeout; extra == \"tests\"","pytest-xdist; extra == \"tests\"","trove-classifiers>=2024.10.12; extra == \"tests\"","defusedxml; extra == \"xmp\""]},"github_stats":{"stars":13587,"forks":2447,"open_issues":133,"is_archived":false,"pushed_at":"2026-05-30T13:47:42Z","subscribers_count":219},"bundle":null,"typescript":null,"known_issues":{"bugs_count":96,"bugs_severity":{"high":29,"medium":56,"low":1,"critical":10},"status_breakdown":{"fixed":96},"link":"/api/bugs/pypi/Pillow?version=12.2.0","scope":"version","details":[{"title":"PIL and Pillow Vulnerable to Symlink Attack on Tmpfiles","severity":"high","status":"fixed","affected_version":null,"fixed_version":"2.3.1","url":"https://nvd.nist.gov/vuln/detail/CVE-2014-1932"},{"title":"Arbitrary code using \"crafted image file\" approach affecting Pillow","severity":"high","status":"fixed","affected_version":null,"fixed_version":"3.3.2","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9190"},{"title":"Pillow Out-of-bounds Write","severity":"high","status":"fixed","affected_version":null,"fixed_version":"8.1.0","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35654"},{"title":"Out-of-bounds reads in Pillow","severity":"high","status":"fixed","affected_version":null,"fixed_version":"7.1.0","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10994"},{"title":"Uncontrolled Resource Consumption in Pillow","severity":"high","status":"fixed","affected_version":null,"fixed_version":"8.2.0","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28677"}]},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"12.2.0","version_hint":null,"summary":"Pillow@12.2.0 is safe to use (health: 93/100)"},"version_scoped":null,"_meta":{"endpoint":"check","tier":"full","philosophy":"DepScope is free. Use the cheapest endpoint that answers your real question.","cheaper_alternatives":[{"endpoint":"/api/exists/pypi/Pillow","tokens_estimated":12,"use_when":"you only need to know if the package exists (hallucination guard)"},{"endpoint":"/api/health/pypi/Pillow","tokens_estimated":80,"use_when":"you only need a 0-100 score for go/no-go (>=70 = safe)"},{"endpoint":"/api/prompt/pypi/Pillow","tokens_estimated":280,"use_when":"you want a plain-text LLM-friendly brief instead of JSON"},{"endpoint":"POST /api/check_bulk","tokens_estimated":60,"use_when":"you have 5+ packages to check; sends one round-trip instead of N"}],"docs":"https://depscope.dev/integrate","hint_bulk":"You've called /api/check 54 times in 60s. Save bandwidth + tokens with POST /api/check_bulk (1 round-trip for N pkgs)."},"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":6,"active_contributors_12m":6,"primary_author_ratio":0.45,"owner_account_age_days":5018,"is_archived":false,"stars":13528,"alerts":[]},"malicious":{"is_malicious":false},"scorecard":{"available":true,"score":7.8,"tier":"strong"},"quality":{"available":true,"criticality_score":0.525,"criticality_tier":"high","velocity_pct":0.2,"velocity_trend":"stable","publish_security":"api_token"},"version_history_summary":{"total_versions":20,"first_release_age_days":5783,"last_release_days_ago":60,"avg_days_between_releases":304,"release_velocity":"active"}}