Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/pygments@2.7.1%2Bdfsg-2.1?distro=trixie
purl pkg:deb/debian/pygments@2.7.1%2Bdfsg-2.1?distro=trixie
Next non-vulnerable version 2.15.1+dfsg-1
Latest non-vulnerable version 2.19.2+dfsg-1
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-uk9e-3t7h-jkar
Aliases:
CVE-2022-40896
GHSA-mrwq-x4v8-fh7p
PYSEC-2023-117
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.
2.15.1+dfsg-1
Affected by 0 other vulnerabilities.
2.18.0+dfsg-2
Affected by 0 other vulnerabilities.
2.19.2+dfsg-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-1na8-nyq1-yfcy An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. CVE-2021-20270
GHSA-9w8r-397f-prfh
PYSEC-2021-140
VCID-brg4-rv29-1fgz In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. CVE-2021-27291
GHSA-pq64-v7f5-gqh8
PYSEC-2021-141
VCID-yesa-ghcy-mufw The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name. CVE-2015-8557
GHSA-fff8-4w9p-7v76
PYSEC-2016-32

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T12:03:19.899472+00:00 Debian Importer Fixing VCID-1na8-nyq1-yfcy https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:34:23.167459+00:00 Debian Importer Fixing VCID-yesa-ghcy-mufw https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:43:17.546209+00:00 Debian Importer Fixing VCID-brg4-rv29-1fgz https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T08:14:12.676856+00:00 Debian Importer Fixing VCID-1na8-nyq1-yfcy https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:53:22.922239+00:00 Debian Importer Fixing VCID-yesa-ghcy-mufw https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:15:01.965849+00:00 Debian Importer Fixing VCID-brg4-rv29-1fgz https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:50:30.510439+00:00 Debian Importer Affected by VCID-uk9e-3t7h-jkar https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:50:30.479818+00:00 Debian Importer Fixing VCID-brg4-rv29-1fgz https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:50:30.438903+00:00 Debian Importer Fixing VCID-1na8-nyq1-yfcy https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:50:30.386388+00:00 Debian Importer Fixing VCID-yesa-ghcy-mufw https://security-tracker.debian.org/tracker/data/json 38.1.0