VulnerableCode Package Details - pkg:deb/debian/pygments@2.18.0%2Bdfsg-2?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1na8-nyq1-yfcy	An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.	CVE-2021-20270 GHSA-9w8r-397f-prfh PYSEC-2021-140
VCID-brg4-rv29-1fgz	In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.	CVE-2021-27291 GHSA-pq64-v7f5-gqh8 PYSEC-2021-141
VCID-uk9e-3t7h-jkar	A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.	CVE-2022-40896 GHSA-mrwq-x4v8-fh7p PYSEC-2023-117
VCID-yesa-ghcy-mufw	The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.	CVE-2015-8557 GHSA-fff8-4w9p-7v76 PYSEC-2016-32

Vulnerability

Summary

Aliases

VCID-1na8-nyq1-yfcy

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

CVE-2021-20270
GHSA-9w8r-397f-prfh
PYSEC-2021-140

VCID-brg4-rv29-1fgz

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.

CVE-2021-27291
GHSA-pq64-v7f5-gqh8
PYSEC-2021-141

VCID-uk9e-3t7h-jkar

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.

CVE-2022-40896
GHSA-mrwq-x4v8-fh7p
PYSEC-2023-117

VCID-yesa-ghcy-mufw

The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.

CVE-2015-8557
GHSA-fff8-4w9p-7v76
PYSEC-2016-32

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:03:19.911451+00:00	Debian Importer	Fixing	VCID-1na8-nyq1-yfcy	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:34:23.182203+00:00	Debian Importer	Fixing	VCID-yesa-ghcy-mufw	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:43:17.558326+00:00	Debian Importer	Fixing	VCID-brg4-rv29-1fgz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:14:12.689257+00:00	Debian Importer	Fixing	VCID-1na8-nyq1-yfcy	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:53:22.936628+00:00	Debian Importer	Fixing	VCID-yesa-ghcy-mufw	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:15:01.972638+00:00	Debian Importer	Fixing	VCID-brg4-rv29-1fgz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:50:30.544590+00:00	Debian Importer	Fixing	VCID-uk9e-3t7h-jkar	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:30.496135+00:00	Debian Importer	Fixing	VCID-brg4-rv29-1fgz	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:30.454960+00:00	Debian Importer	Fixing	VCID-1na8-nyq1-yfcy	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:30.404721+00:00	Debian Importer	Fixing	VCID-yesa-ghcy-mufw	https://security-tracker.debian.org/tracker/data/json	38.1.0