VulnerableCode Package Details - pkg:deb/debian/pygments@2.7.1%2Bdfsg-2.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-uk9e-3t7h-jkar Aliases: CVE-2022-40896 GHSA-mrwq-x4v8-fh7p PYSEC-2023-117	A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.	2.18.0+dfsg-2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-uk9e-3t7h-jkar
Aliases:
CVE-2022-40896
GHSA-mrwq-x4v8-fh7p
PYSEC-2023-117

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.

2.18.0+dfsg-2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1na8-nyq1-yfcy	An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.	CVE-2021-20270 GHSA-9w8r-397f-prfh PYSEC-2021-140
VCID-brg4-rv29-1fgz	In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.	CVE-2021-27291 GHSA-pq64-v7f5-gqh8 PYSEC-2021-141

Vulnerability

Summary

Aliases

VCID-1na8-nyq1-yfcy

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

CVE-2021-20270
GHSA-9w8r-397f-prfh
PYSEC-2021-140

VCID-brg4-rv29-1fgz

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.

CVE-2021-27291
GHSA-pq64-v7f5-gqh8
PYSEC-2021-141

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T10:38:24.212781+00:00	Debian Importer	Affected by	VCID-uk9e-3t7h-jkar	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-15T21:18:54.112776+00:00	Debian Oval Importer	Fixing	VCID-brg4-rv29-1fgz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:52:30.247587+00:00	Debian Oval Importer	Fixing	VCID-1na8-nyq1-yfcy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-13T07:11:34.037800+00:00	Debian Importer	Affected by	VCID-uk9e-3t7h-jkar	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T20:58:32.098229+00:00	Debian Oval Importer	Fixing	VCID-brg4-rv29-1fgz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:36:59.572990+00:00	Debian Oval Importer	Fixing	VCID-1na8-nyq1-yfcy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T20:37:50.848666+00:00	Debian Oval Importer	Fixing	VCID-brg4-rv29-1fgz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:46:36.976135+00:00	Debian Importer	Affected by	VCID-uk9e-3t7h-jkar	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:22:06.382549+00:00	Debian Oval Importer	Fixing	VCID-1na8-nyq1-yfcy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0