VulnerableCode Package Details - pkg:pypi/pygments@2.14.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-3kfv-bmqf-aqhv Aliases: CVE-2026-4539 GHSA-5239-wwwm-4pmq	Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching A security flaw has been discovered in pygments before 2.20.0. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.	2.20.0 Affected by 0 other vulnerabilities.
VCID-uk9e-3t7h-jkar Aliases: CVE-2022-40896 GHSA-mrwq-x4v8-fh7p PYSEC-2023-117	A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.	2.15.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.15.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-3kfv-bmqf-aqhv
Aliases:
CVE-2026-4539
GHSA-5239-wwwm-4pmq

Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching A security flaw has been discovered in pygments before 2.20.0. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

2.20.0
Affected by 0 other vulnerabilities.

VCID-uk9e-3t7h-jkar
Aliases:
CVE-2022-40896
GHSA-mrwq-x4v8-fh7p
PYSEC-2023-117

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.

2.15.0
Affected by 2 other vulnerabilities.

2.15.1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-25T02:07:24.090464+00:00	GitLab Importer	Affected by	VCID-3kfv-bmqf-aqhv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2026-4539.yml	38.4.0
2026-04-16T22:34:20.188015+00:00	GitLab Importer	Affected by	VCID-uk9e-3t7h-jkar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2022-40896.yml	38.4.0
2026-04-11T23:53:23.603366+00:00	GitLab Importer	Affected by	VCID-uk9e-3t7h-jkar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2022-40896.yml	38.3.0
2026-04-02T23:56:29.050641+00:00	GitLab Importer	Affected by	VCID-uk9e-3t7h-jkar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2022-40896.yml	38.1.0
2026-04-01T15:14:26.455610+00:00	PyPI Importer	Affected by	VCID-uk9e-3t7h-jkar	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.0.0
2026-04-01T12:48:29.910132+00:00	Pypa Importer	Affected by	VCID-uk9e-3t7h-jkar	https://github.com/pypa/advisory-database/blob/main/vulns/pygments/PYSEC-2023-117.yaml	38.0.0