VulnerableCode Package Details - pkg:pypi/pygments@2.7.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-uk9e-3t7h-jkar Aliases: CVE-2022-40896 GHSA-mrwq-x4v8-fh7p PYSEC-2023-117	A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.	2.15.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 2.15.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-uk9e-3t7h-jkar
Aliases:
CVE-2022-40896
GHSA-mrwq-x4v8-fh7p
PYSEC-2023-117

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.

2.15.0
Affected by 1 other vulnerability.

2.15.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1na8-nyq1-yfcy	An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.	CVE-2021-20270 GHSA-9w8r-397f-prfh PYSEC-2021-140
VCID-brg4-rv29-1fgz	In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.	CVE-2021-27291 GHSA-pq64-v7f5-gqh8 PYSEC-2021-141

Vulnerability

Summary

Aliases

VCID-1na8-nyq1-yfcy

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

CVE-2021-20270
GHSA-9w8r-397f-prfh
PYSEC-2021-140

VCID-brg4-rv29-1fgz

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.

CVE-2021-27291
GHSA-pq64-v7f5-gqh8
PYSEC-2021-141

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:34:20.156087+00:00	GitLab Importer	Affected by	VCID-uk9e-3t7h-jkar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2022-40896.yml	38.4.0
2026-04-16T21:21:15.158922+00:00	GitLab Importer	Fixing	VCID-1na8-nyq1-yfcy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-20270.yml	38.4.0
2026-04-16T21:19:44.586172+00:00	GitLab Importer	Fixing	VCID-brg4-rv29-1fgz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-27291.yml	38.4.0
2026-04-16T01:43:28.144347+00:00	GHSA Importer	Fixing	VCID-1na8-nyq1-yfcy	https://github.com/advisories/GHSA-9w8r-397f-prfh	38.4.0
2026-04-16T01:41:53.553578+00:00	GHSA Importer	Fixing	VCID-brg4-rv29-1fgz	https://github.com/advisories/GHSA-pq64-v7f5-gqh8	38.4.0
2026-04-11T23:53:23.563843+00:00	GitLab Importer	Affected by	VCID-uk9e-3t7h-jkar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2022-40896.yml	38.3.0
2026-04-11T22:33:42.705536+00:00	GitLab Importer	Fixing	VCID-1na8-nyq1-yfcy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-20270.yml	38.3.0
2026-04-11T22:32:06.554588+00:00	GitLab Importer	Fixing	VCID-brg4-rv29-1fgz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-27291.yml	38.3.0
2026-04-11T13:12:40.734143+00:00	GHSA Importer	Fixing	VCID-1na8-nyq1-yfcy	https://github.com/advisories/GHSA-9w8r-397f-prfh	38.3.0
2026-04-11T13:10:59.890011+00:00	GHSA Importer	Fixing	VCID-brg4-rv29-1fgz	https://github.com/advisories/GHSA-pq64-v7f5-gqh8	38.3.0
2026-04-02T23:56:29.018437+00:00	GitLab Importer	Affected by	VCID-uk9e-3t7h-jkar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2022-40896.yml	38.1.0
2026-04-02T22:44:50.186668+00:00	GitLab Importer	Fixing	VCID-1na8-nyq1-yfcy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-20270.yml	38.1.0
2026-04-02T22:43:22.672802+00:00	GitLab Importer	Fixing	VCID-brg4-rv29-1fgz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-27291.yml	38.1.0
2026-04-02T14:04:07.698046+00:00	GHSA Importer	Fixing	VCID-1na8-nyq1-yfcy	https://github.com/advisories/GHSA-9w8r-397f-prfh	38.1.0
2026-04-02T14:02:39.591228+00:00	GHSA Importer	Fixing	VCID-brg4-rv29-1fgz	https://github.com/advisories/GHSA-pq64-v7f5-gqh8	38.1.0
2026-04-01T17:02:46.927353+00:00	GitLab Importer	Fixing	VCID-1na8-nyq1-yfcy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-20270.yml	38.0.0
2026-04-01T17:01:06.677974+00:00	GitLab Importer	Fixing	VCID-brg4-rv29-1fgz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-27291.yml	38.0.0
2026-04-01T15:14:26.420938+00:00	PyPI Importer	Affected by	VCID-uk9e-3t7h-jkar	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.0.0
2026-04-01T15:04:55.228645+00:00	PyPI Importer	Fixing	VCID-1na8-nyq1-yfcy	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.0.0
2026-04-01T15:04:52.698987+00:00	PyPI Importer	Fixing	VCID-brg4-rv29-1fgz	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.0.0
2026-04-01T13:01:53.851957+00:00	GithubOSV Importer	Fixing	VCID-brg4-rv29-1fgz	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-pq64-v7f5-gqh8/GHSA-pq64-v7f5-gqh8.json	38.0.0
2026-04-01T13:00:52.245304+00:00	GithubOSV Importer	Fixing	VCID-1na8-nyq1-yfcy	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-9w8r-397f-prfh/GHSA-9w8r-397f-prfh.json	38.0.0
2026-04-01T12:48:29.886568+00:00	Pypa Importer	Affected by	VCID-uk9e-3t7h-jkar	https://github.com/pypa/advisory-database/blob/main/vulns/pygments/PYSEC-2023-117.yaml	38.0.0
2026-04-01T12:43:56.102825+00:00	Pypa Importer	Fixing	VCID-1na8-nyq1-yfcy	https://github.com/pypa/advisory-database/blob/main/vulns/pygments/PYSEC-2021-140.yaml	38.0.0
2026-04-01T12:43:54.844979+00:00	Pypa Importer	Fixing	VCID-brg4-rv29-1fgz	https://github.com/pypa/advisory-database/blob/main/vulns/pygments/PYSEC-2021-141.yaml	38.0.0