VulnerableCode Package Details - pkg:deb/debian/pygments@2.2.0%2Bdfsg-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-1na8-nyq1-yfcy Aliases: CVE-2021-20270 GHSA-9w8r-397f-prfh PYSEC-2021-140	An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.	2.3.1+dfsg-1+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.7.1+dfsg-2.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-brg4-rv29-1fgz Aliases: CVE-2021-27291 GHSA-pq64-v7f5-gqh8 PYSEC-2021-141	In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.	2.3.1+dfsg-1+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.7.1+dfsg-2.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-1na8-nyq1-yfcy
Aliases:
CVE-2021-20270
GHSA-9w8r-397f-prfh
PYSEC-2021-140

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

2.3.1+dfsg-1+deb10u2
Affected by 2 other vulnerabilities.

2.7.1+dfsg-2.1
Affected by 1 other vulnerability.

VCID-brg4-rv29-1fgz
Aliases:
CVE-2021-27291
GHSA-pq64-v7f5-gqh8
PYSEC-2021-141

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.

2.3.1+dfsg-1+deb10u2
Affected by 2 other vulnerabilities.

2.7.1+dfsg-2.1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T21:18:54.104531+00:00	Debian Oval Importer	Affected by	VCID-brg4-rv29-1fgz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:52:30.239852+00:00	Debian Oval Importer	Affected by	VCID-1na8-nyq1-yfcy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T14:56:10.477615+00:00	Debian Oval Importer	Affected by	VCID-1na8-nyq1-yfcy	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.4.0
2026-04-15T14:41:04.352739+00:00	Debian Oval Importer	Affected by	VCID-brg4-rv29-1fgz	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.4.0
2026-04-11T20:58:32.090902+00:00	Debian Oval Importer	Affected by	VCID-brg4-rv29-1fgz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:36:59.569347+00:00	Debian Oval Importer	Affected by	VCID-1na8-nyq1-yfcy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T14:44:27.506395+00:00	Debian Oval Importer	Affected by	VCID-1na8-nyq1-yfcy	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.3.0
2026-04-11T14:29:22.335755+00:00	Debian Oval Importer	Affected by	VCID-brg4-rv29-1fgz	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.3.0
2026-04-08T20:37:50.839935+00:00	Debian Oval Importer	Affected by	VCID-brg4-rv29-1fgz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:22:06.371917+00:00	Debian Oval Importer	Affected by	VCID-1na8-nyq1-yfcy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-07T23:17:19.759354+00:00	Debian Oval Importer	Affected by	VCID-1na8-nyq1-yfcy	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.1.0
2026-04-07T23:02:44.748889+00:00	Debian Oval Importer	Affected by	VCID-brg4-rv29-1fgz	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.1.0