VulnerableCode Package Details - pkg:deb/debian/pygments@0.5.1-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-1na8-nyq1-yfcy Aliases: CVE-2021-20270 GHSA-9w8r-397f-prfh PYSEC-2021-140	An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.	2.3.1+dfsg-1+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.7.1+dfsg-2.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-brg4-rv29-1fgz Aliases: CVE-2021-27291 GHSA-pq64-v7f5-gqh8 PYSEC-2021-141	In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.	2.3.1+dfsg-1+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.7.1+dfsg-2.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-yesa-ghcy-mufw Aliases: CVE-2015-8557 GHSA-fff8-4w9p-7v76 PYSEC-2016-32	The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.	1.5+dfsg-1+deb7u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.0.1+dfsg-1.1+deb8u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.2.0+dfsg-1~bpo8+1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-1na8-nyq1-yfcy
Aliases:
CVE-2021-20270
GHSA-9w8r-397f-prfh
PYSEC-2021-140

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

2.3.1+dfsg-1+deb10u2
Affected by 2 other vulnerabilities.

2.7.1+dfsg-2.1
Affected by 1 other vulnerability.

VCID-brg4-rv29-1fgz
Aliases:
CVE-2021-27291
GHSA-pq64-v7f5-gqh8
PYSEC-2021-141

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.

2.3.1+dfsg-1+deb10u2
Affected by 2 other vulnerabilities.

2.7.1+dfsg-2.1
Affected by 1 other vulnerability.

VCID-yesa-ghcy-mufw
Aliases:
CVE-2015-8557
GHSA-fff8-4w9p-7v76
PYSEC-2016-32

The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.

1.5+dfsg-1+deb7u1
Affected by 3 other vulnerabilities.

2.0.1+dfsg-1.1+deb8u1
Affected by 3 other vulnerabilities.

2.2.0+dfsg-1~bpo8+1
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T01:07:22.638128+00:00	Debian Oval Importer	Affected by	VCID-yesa-ghcy-mufw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T21:18:54.071415+00:00	Debian Oval Importer	Affected by	VCID-brg4-rv29-1fgz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:52:30.204419+00:00	Debian Oval Importer	Affected by	VCID-1na8-nyq1-yfcy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T14:56:10.447189+00:00	Debian Oval Importer	Affected by	VCID-1na8-nyq1-yfcy	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.4.0
2026-04-15T14:41:04.321849+00:00	Debian Oval Importer	Affected by	VCID-brg4-rv29-1fgz	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.4.0
2026-04-15T13:27:25.176160+00:00	Debian Oval Importer	Affected by	VCID-yesa-ghcy-mufw	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.4.0
2026-04-15T13:13:15.454941+00:00	Debian Oval Importer	Affected by	VCID-yesa-ghcy-mufw	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.4.0
2026-04-12T00:39:21.163793+00:00	Debian Oval Importer	Affected by	VCID-yesa-ghcy-mufw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T20:58:32.057105+00:00	Debian Oval Importer	Affected by	VCID-brg4-rv29-1fgz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:36:59.551527+00:00	Debian Oval Importer	Affected by	VCID-1na8-nyq1-yfcy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T14:44:27.471056+00:00	Debian Oval Importer	Affected by	VCID-1na8-nyq1-yfcy	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.3.0
2026-04-11T14:29:22.299884+00:00	Debian Oval Importer	Affected by	VCID-brg4-rv29-1fgz	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.3.0
2026-04-11T13:16:07.752802+00:00	Debian Oval Importer	Affected by	VCID-yesa-ghcy-mufw	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.3.0
2026-04-11T13:02:00.184875+00:00	Debian Oval Importer	Affected by	VCID-yesa-ghcy-mufw	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.3.0
2026-04-09T00:09:16.776732+00:00	Debian Oval Importer	Affected by	VCID-yesa-ghcy-mufw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T20:37:50.786969+00:00	Debian Oval Importer	Affected by	VCID-brg4-rv29-1fgz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:22:06.312791+00:00	Debian Oval Importer	Affected by	VCID-1na8-nyq1-yfcy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-07T23:17:19.720214+00:00	Debian Oval Importer	Affected by	VCID-1na8-nyq1-yfcy	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.1.0
2026-04-07T23:02:44.708908+00:00	Debian Oval Importer	Affected by	VCID-brg4-rv29-1fgz	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.1.0
2026-04-07T21:52:04.941685+00:00	Debian Oval Importer	Affected by	VCID-yesa-ghcy-mufw	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.1.0
2026-04-07T21:36:59.238416+00:00	Debian Oval Importer	Affected by	VCID-yesa-ghcy-mufw	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.1.0