Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pygments@2.8.0
Typepypi
Namespace
Namepygments
Version2.8.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.20.0
Latest_non_vulnerable_version2.20.0
Affected_by_vulnerabilities
0
url VCID-3kfv-bmqf-aqhv
vulnerability_id VCID-3kfv-bmqf-aqhv
summary 
Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching
A security flaw has been discovered in pygments before 2.20.0. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4539.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4539.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4539
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02732
published_at 2026-04-11T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02715
published_at 2026-04-02T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02731
published_at 2026-04-04T12:55:00Z
3
value 0.00014
scoring_system epss
scoring_elements 0.02738
published_at 2026-04-07T12:55:00Z
4
value 0.00014
scoring_system epss
scoring_elements 0.02741
published_at 2026-04-08T12:55:00Z
5
value 0.00014
scoring_system epss
scoring_elements 0.02702
published_at 2026-04-18T12:55:00Z
6
value 0.00014
scoring_system epss
scoring_elements 0.02692
published_at 2026-04-16T12:55:00Z
7
value 0.00014
scoring_system epss
scoring_elements 0.02712
published_at 2026-04-13T12:55:00Z
8
value 0.00014
scoring_system epss
scoring_elements 0.02716
published_at 2026-04-12T12:55:00Z
9
value 0.00014
scoring_system epss
scoring_elements 0.02761
published_at 2026-04-09T12:55:00Z
10
value 6e-05
scoring_system epss
scoring_elements 0.00441
published_at 2026-04-21T12:55:00Z
11
value 7e-05
scoring_system epss
scoring_elements 0.00644
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4539
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4539
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4539
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pygments/pygments
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pygments/pygments
5
reference_url https://github.com/pygments/pygments/commit/24b8aa76c6cd6d70f39c6dd605cce319c98e2ccc
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pygments/pygments/commit/24b8aa76c6cd6d70f39c6dd605cce319c98e2ccc
6
reference_url https://github.com/pygments/pygments/issues/3058
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T16:08:35Z/
url https://github.com/pygments/pygments/issues/3058
7
reference_url https://github.com/pygments/pygments/pull/3064
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pygments/pygments/pull/3064
8
reference_url https://github.com/pygments/pygments/releases/tag/2.20.0
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pygments/pygments/releases/tag/2.20.0
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4539
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4539
10
reference_url https://vuldb.com/?ctiid.352327
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T16:08:35Z/
url https://vuldb.com/?ctiid.352327
11
reference_url https://vuldb.com/?id.352327
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T16:08:35Z/
url https://vuldb.com/?id.352327
12
reference_url https://vuldb.com/?submit.774685
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T16:08:35Z/
url https://vuldb.com/?submit.774685
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132233
reference_id 1132233
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132233
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450066
reference_id 2450066
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2450066
15
reference_url https://github.com/advisories/GHSA-5239-wwwm-4pmq
reference_id GHSA-5239-wwwm-4pmq
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5239-wwwm-4pmq
16
reference_url https://github.com/pygments/pygments/
reference_id pygments
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T16:08:35Z/
url https://github.com/pygments/pygments/
fixed_packages
0
url pkg:pypi/pygments@2.20.0
purl pkg:pypi/pygments@2.20.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pygments@2.20.0
aliases CVE-2026-4539, GHSA-5239-wwwm-4pmq
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3kfv-bmqf-aqhv
1
url VCID-uk9e-3t7h-jkar
vulnerability_id VCID-uk9e-3t7h-jkar
summary A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40896.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40896.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-40896
reference_id
reference_type
scores
0
value 0.00064
scoring_system epss
scoring_elements 0.19877
published_at 2026-04-24T12:55:00Z
1
value 0.00064
scoring_system epss
scoring_elements 0.19952
published_at 2026-04-07T12:55:00Z
2
value 0.00064
scoring_system epss
scoring_elements 0.20032
published_at 2026-04-08T12:55:00Z
3
value 0.00064
scoring_system epss
scoring_elements 0.20168
published_at 2026-04-02T12:55:00Z
4
value 0.00064
scoring_system epss
scoring_elements 0.20227
published_at 2026-04-04T12:55:00Z
5
value 0.00064
scoring_system epss
scoring_elements 0.19992
published_at 2026-04-18T12:55:00Z
6
value 0.00064
scoring_system epss
scoring_elements 0.19988
published_at 2026-04-16T12:55:00Z
7
value 0.00064
scoring_system epss
scoring_elements 0.20007
published_at 2026-04-13T12:55:00Z
8
value 0.00064
scoring_system epss
scoring_elements 0.20065
published_at 2026-04-12T12:55:00Z
9
value 0.00064
scoring_system epss
scoring_elements 0.20109
published_at 2026-04-11T12:55:00Z
10
value 0.00064
scoring_system epss
scoring_elements 0.20091
published_at 2026-04-09T12:55:00Z
11
value 0.00066
scoring_system epss
scoring_elements 0.20462
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-40896
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40896
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40896
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pygments/pygments
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pygments/pygments
5
reference_url https://github.com/pygments/pygments/blob/master/pygments/lexers/smithy.py#L61
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:28:52Z/
url https://github.com/pygments/pygments/blob/master/pygments/lexers/smithy.py#L61
6
reference_url https://github.com/pygments/pygments/commit/97eb3d5ec7c1b3ea4fcf9dee30a2309cf92bd194
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pygments/pygments/commit/97eb3d5ec7c1b3ea4fcf9dee30a2309cf92bd194
7
reference_url https://github.com/pygments/pygments/commit/dd52102c38ebe78cd57748e09f38929fd283ad04
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pygments/pygments/commit/dd52102c38ebe78cd57748e09f38929fd283ad04
8
reference_url https://github.com/pygments/pygments/commit/fdf182a7af85b1deeeb637ca970d31935e7c9d52
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pygments/pygments/commit/fdf182a7af85b1deeeb637ca970d31935e7c9d52
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2023-117.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2023-117.yaml
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZGMXALE3HSP4OXC7UUWIKX3OXKZDTY3
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZGMXALE3HSP4OXC7UUWIKX3OXKZDTY3
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZO4BQCIY2S2KZYHERQMKURB7AHXDBO
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZO4BQCIY2S2KZYHERQMKURB7AHXDBO
12
reference_url https://pypi.org/project/Pygments
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/Pygments
13
reference_url https://pypi.org/project/Pygments/
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:28:52Z/
url https://pypi.org/project/Pygments/
14
reference_url https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2
15
reference_url https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:28:52Z/
url https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2251643
reference_id 2251643
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2251643
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-40896
reference_id CVE-2022-40896
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-40896
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZGMXALE3HSP4OXC7UUWIKX3OXKZDTY3/
reference_id EZGMXALE3HSP4OXC7UUWIKX3OXKZDTY3
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:28:52Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZGMXALE3HSP4OXC7UUWIKX3OXKZDTY3/
19
reference_url https://github.com/advisories/GHSA-mrwq-x4v8-fh7p
reference_id GHSA-mrwq-x4v8-fh7p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mrwq-x4v8-fh7p
20
reference_url https://access.redhat.com/errata/RHSA-2024:1057
reference_id RHSA-2024:1057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1057
21
reference_url https://access.redhat.com/errata/RHSA-2024:1072
reference_id RHSA-2024:1072
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1072
22
reference_url https://usn.ubuntu.com/7128-1/
reference_id USN-7128-1
reference_type
scores
url https://usn.ubuntu.com/7128-1/
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZO4BQCIY2S2KZYHERQMKURB7AHXDBO/
reference_id VUZO4BQCIY2S2KZYHERQMKURB7AHXDBO
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:28:52Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZO4BQCIY2S2KZYHERQMKURB7AHXDBO/
fixed_packages
0
url pkg:pypi/pygments@2.15.0
purl pkg:pypi/pygments@2.15.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kfv-bmqf-aqhv
1
vulnerability VCID-uk9e-3t7h-jkar
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pygments@2.15.0
1
url pkg:pypi/pygments@2.15.1
purl pkg:pypi/pygments@2.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kfv-bmqf-aqhv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pygments@2.15.1
aliases CVE-2022-40896, GHSA-mrwq-x4v8-fh7p, PYSEC-2023-117
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uk9e-3t7h-jkar
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pygments@2.8.0