VulnerableCode Package Details - pkg:deb/debian/pygments@2.2.0%2Bdfsg-1~bpo8%2B1

Search for packages

Vulnerability	Summary	Fixed by
VCID-1na8-nyq1-yfcy Aliases: CVE-2021-20270 GHSA-9w8r-397f-prfh PYSEC-2021-140	An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.	2.3.1+dfsg-1+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.7.1+dfsg-2.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-brg4-rv29-1fgz Aliases: CVE-2021-27291 GHSA-pq64-v7f5-gqh8 PYSEC-2021-141	In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.	2.3.1+dfsg-1+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.7.1+dfsg-2.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-1na8-nyq1-yfcy
Aliases:
CVE-2021-20270
GHSA-9w8r-397f-prfh
PYSEC-2021-140

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

2.3.1+dfsg-1+deb10u2
Affected by 2 other vulnerabilities.

2.7.1+dfsg-2.1
Affected by 1 other vulnerability.

VCID-brg4-rv29-1fgz
Aliases:
CVE-2021-27291
GHSA-pq64-v7f5-gqh8
PYSEC-2021-141

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.

2.3.1+dfsg-1+deb10u2
Affected by 2 other vulnerabilities.

2.7.1+dfsg-2.1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-yesa-ghcy-mufw	The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.	CVE-2015-8557 GHSA-fff8-4w9p-7v76 PYSEC-2016-32

Vulnerability

Summary

Aliases

VCID-yesa-ghcy-mufw

The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.

CVE-2015-8557
GHSA-fff8-4w9p-7v76
PYSEC-2016-32

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T01:07:22.678332+00:00	Debian Oval Importer	Fixing	VCID-yesa-ghcy-mufw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T21:18:54.100851+00:00	Debian Oval Importer	Affected by	VCID-brg4-rv29-1fgz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:52:30.235931+00:00	Debian Oval Importer	Affected by	VCID-1na8-nyq1-yfcy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T14:56:10.474309+00:00	Debian Oval Importer	Affected by	VCID-1na8-nyq1-yfcy	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.4.0
2026-04-15T14:41:04.349287+00:00	Debian Oval Importer	Affected by	VCID-brg4-rv29-1fgz	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.4.0
2026-04-12T00:39:21.196079+00:00	Debian Oval Importer	Fixing	VCID-yesa-ghcy-mufw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T20:58:32.087189+00:00	Debian Oval Importer	Affected by	VCID-brg4-rv29-1fgz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:36:59.567519+00:00	Debian Oval Importer	Affected by	VCID-1na8-nyq1-yfcy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T14:44:27.502493+00:00	Debian Oval Importer	Affected by	VCID-1na8-nyq1-yfcy	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.3.0
2026-04-11T14:29:22.331953+00:00	Debian Oval Importer	Affected by	VCID-brg4-rv29-1fgz	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.3.0
2026-04-09T00:09:16.809124+00:00	Debian Oval Importer	Fixing	VCID-yesa-ghcy-mufw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T20:37:50.835849+00:00	Debian Oval Importer	Affected by	VCID-brg4-rv29-1fgz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:22:06.367527+00:00	Debian Oval Importer	Affected by	VCID-1na8-nyq1-yfcy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-07T23:17:19.754875+00:00	Debian Oval Importer	Affected by	VCID-1na8-nyq1-yfcy	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.1.0
2026-04-07T23:02:44.743688+00:00	Debian Oval Importer	Affected by	VCID-brg4-rv29-1fgz	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.1.0