Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/pygments@2.3.1%2Bdfsg-1%2Bdeb10u2
purl pkg:deb/debian/pygments@2.3.1%2Bdfsg-1%2Bdeb10u2
Next non-vulnerable version 2.18.0+dfsg-2
Latest non-vulnerable version 2.18.0+dfsg-2
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-1na8-nyq1-yfcy
Aliases:
CVE-2021-20270
GHSA-9w8r-397f-prfh
PYSEC-2021-140
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
2.7.1+dfsg-2.1
Affected by 1 other vulnerability.
VCID-brg4-rv29-1fgz
Aliases:
CVE-2021-27291
GHSA-pq64-v7f5-gqh8
PYSEC-2021-141
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
2.7.1+dfsg-2.1
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-1na8-nyq1-yfcy An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. CVE-2021-20270
GHSA-9w8r-397f-prfh
PYSEC-2021-140
VCID-brg4-rv29-1fgz In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. CVE-2021-27291
GHSA-pq64-v7f5-gqh8
PYSEC-2021-141

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-15T21:18:54.108380+00:00 Debian Oval Importer Affected by VCID-brg4-rv29-1fgz https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T18:52:30.243683+00:00 Debian Oval Importer Affected by VCID-1na8-nyq1-yfcy https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T14:56:10.480905+00:00 Debian Oval Importer Fixing VCID-1na8-nyq1-yfcy https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.4.0
2026-04-15T14:41:04.356169+00:00 Debian Oval Importer Fixing VCID-brg4-rv29-1fgz https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.4.0
2026-04-11T20:58:32.094561+00:00 Debian Oval Importer Affected by VCID-brg4-rv29-1fgz https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T18:36:59.571151+00:00 Debian Oval Importer Affected by VCID-1na8-nyq1-yfcy https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T14:44:27.510291+00:00 Debian Oval Importer Fixing VCID-1na8-nyq1-yfcy https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.3.0
2026-04-11T14:29:22.339530+00:00 Debian Oval Importer Fixing VCID-brg4-rv29-1fgz https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.3.0
2026-04-08T20:37:50.844209+00:00 Debian Oval Importer Affected by VCID-brg4-rv29-1fgz https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T18:22:06.376686+00:00 Debian Oval Importer Affected by VCID-1na8-nyq1-yfcy https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-07T23:17:19.764027+00:00 Debian Oval Importer Fixing VCID-1na8-nyq1-yfcy https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.1.0
2026-04-07T23:02:44.754037+00:00 Debian Oval Importer Fixing VCID-brg4-rv29-1fgz https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.1.0