Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/pygments@2.1
purl pkg:pypi/pygments@2.1
Next non-vulnerable version 2.20.0
Latest non-vulnerable version 2.20.0
Risk 4.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-1na8-nyq1-yfcy
Aliases:
CVE-2021-20270
GHSA-9w8r-397f-prfh
PYSEC-2021-140
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
2.7.4
Affected by 2 other vulnerabilities.
VCID-3kfv-bmqf-aqhv
Aliases:
CVE-2026-4539
GHSA-5239-wwwm-4pmq
Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching A security flaw has been discovered in pygments before 2.20.0. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
2.20.0
Affected by 0 other vulnerabilities.
VCID-brg4-rv29-1fgz
Aliases:
CVE-2021-27291
GHSA-pq64-v7f5-gqh8
PYSEC-2021-141
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
2.7.4
Affected by 2 other vulnerabilities.
VCID-uk9e-3t7h-jkar
Aliases:
CVE-2022-40896
GHSA-mrwq-x4v8-fh7p
PYSEC-2023-117
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.
2.15.0
Affected by 2 other vulnerabilities.
2.15.1
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-yesa-ghcy-mufw The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name. CVE-2015-8557
GHSA-fff8-4w9p-7v76
PYSEC-2016-32

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-01T14:57:35.541637+00:00 GHSA Importer Fixing VCID-yesa-ghcy-mufw https://github.com/advisories/GHSA-fff8-4w9p-7v76 38.6.0
2026-05-01T14:31:14.077832+00:00 GHSA Importer Affected by VCID-1na8-nyq1-yfcy https://github.com/advisories/GHSA-9w8r-397f-prfh 38.6.0
2026-05-01T14:29:58.948382+00:00 GHSA Importer Affected by VCID-brg4-rv29-1fgz https://github.com/advisories/GHSA-pq64-v7f5-gqh8 38.6.0
2026-04-29T23:30:23.672947+00:00 GitLab Importer Affected by VCID-3kfv-bmqf-aqhv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2026-4539.yml 38.5.0
2026-04-29T21:15:15.357221+00:00 GitLab Importer Affected by VCID-uk9e-3t7h-jkar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2022-40896.yml 38.5.0
2026-04-29T20:33:09.763816+00:00 GitLab Importer Fixing VCID-yesa-ghcy-mufw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2015-8557.yml 38.5.0
2026-04-29T19:58:58.973814+00:00 GitLab Importer Affected by VCID-1na8-nyq1-yfcy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-20270.yml 38.5.0
2026-04-29T19:57:29.987060+00:00 GitLab Importer Affected by VCID-brg4-rv29-1fgz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-27291.yml 38.5.0
2026-04-25T02:07:23.982661+00:00 GitLab Importer Affected by VCID-3kfv-bmqf-aqhv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2026-4539.yml 38.4.0
2026-04-16T22:34:20.098387+00:00 GitLab Importer Affected by VCID-uk9e-3t7h-jkar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2022-40896.yml 38.4.0
2026-04-16T21:53:32.263821+00:00 GitLab Importer Fixing VCID-yesa-ghcy-mufw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2015-8557.yml 38.4.0
2026-04-16T21:21:15.100577+00:00 GitLab Importer Affected by VCID-1na8-nyq1-yfcy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-20270.yml 38.4.0
2026-04-16T21:19:44.523182+00:00 GitLab Importer Affected by VCID-brg4-rv29-1fgz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-27291.yml 38.4.0
2026-04-16T02:18:46.817274+00:00 GHSA Importer Fixing VCID-yesa-ghcy-mufw https://github.com/advisories/GHSA-fff8-4w9p-7v76 38.4.0
2026-04-16T01:43:28.079145+00:00 GHSA Importer Affected by VCID-1na8-nyq1-yfcy https://github.com/advisories/GHSA-9w8r-397f-prfh 38.4.0
2026-04-16T01:41:53.485698+00:00 GHSA Importer Affected by VCID-brg4-rv29-1fgz https://github.com/advisories/GHSA-pq64-v7f5-gqh8 38.4.0
2026-04-11T23:53:23.493143+00:00 GitLab Importer Affected by VCID-uk9e-3t7h-jkar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2022-40896.yml 38.3.0
2026-04-11T23:09:00.912090+00:00 GitLab Importer Fixing VCID-yesa-ghcy-mufw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2015-8557.yml 38.3.0
2026-04-11T22:33:42.639634+00:00 GitLab Importer Affected by VCID-1na8-nyq1-yfcy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-20270.yml 38.3.0
2026-04-11T22:32:06.490495+00:00 GitLab Importer Affected by VCID-brg4-rv29-1fgz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-27291.yml 38.3.0
2026-04-11T13:43:35.143021+00:00 GHSA Importer Fixing VCID-yesa-ghcy-mufw https://github.com/advisories/GHSA-fff8-4w9p-7v76 38.3.0
2026-04-11T13:12:40.662906+00:00 GHSA Importer Affected by VCID-1na8-nyq1-yfcy https://github.com/advisories/GHSA-9w8r-397f-prfh 38.3.0
2026-04-11T13:10:59.824865+00:00 GHSA Importer Affected by VCID-brg4-rv29-1fgz https://github.com/advisories/GHSA-pq64-v7f5-gqh8 38.3.0
2026-04-02T23:56:28.959347+00:00 GitLab Importer Affected by VCID-uk9e-3t7h-jkar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2022-40896.yml 38.1.0
2026-04-02T23:17:41.235675+00:00 GitLab Importer Fixing VCID-yesa-ghcy-mufw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2015-8557.yml 38.1.0
2026-04-02T22:44:50.128194+00:00 GitLab Importer Affected by VCID-1na8-nyq1-yfcy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-20270.yml 38.1.0
2026-04-02T22:43:22.614350+00:00 GitLab Importer Affected by VCID-brg4-rv29-1fgz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-27291.yml 38.1.0
2026-04-02T14:32:07.883099+00:00 GHSA Importer Fixing VCID-yesa-ghcy-mufw https://github.com/advisories/GHSA-fff8-4w9p-7v76 38.1.0
2026-04-02T14:04:07.638451+00:00 GHSA Importer Affected by VCID-1na8-nyq1-yfcy https://github.com/advisories/GHSA-9w8r-397f-prfh 38.1.0
2026-04-02T14:02:39.530547+00:00 GHSA Importer Affected by VCID-brg4-rv29-1fgz https://github.com/advisories/GHSA-pq64-v7f5-gqh8 38.1.0
2026-04-01T17:37:54.305667+00:00 GitLab Importer Fixing VCID-yesa-ghcy-mufw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2015-8557.yml 38.0.0
2026-04-01T17:02:46.865684+00:00 GitLab Importer Affected by VCID-1na8-nyq1-yfcy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-20270.yml 38.0.0
2026-04-01T17:01:06.618763+00:00 GitLab Importer Affected by VCID-brg4-rv29-1fgz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-27291.yml 38.0.0
2026-04-01T15:14:26.358934+00:00 PyPI Importer Affected by VCID-uk9e-3t7h-jkar https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:04:55.161280+00:00 PyPI Importer Affected by VCID-1na8-nyq1-yfcy https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T15:04:52.628109+00:00 PyPI Importer Affected by VCID-brg4-rv29-1fgz https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T14:59:24.207738+00:00 PyPI Importer Fixing VCID-yesa-ghcy-mufw https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T13:08:00.451354+00:00 GithubOSV Importer Fixing VCID-yesa-ghcy-mufw https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fff8-4w9p-7v76/GHSA-fff8-4w9p-7v76.json 38.0.0
2026-04-01T12:48:29.851576+00:00 Pypa Importer Affected by VCID-uk9e-3t7h-jkar https://github.com/pypa/advisory-database/blob/main/vulns/pygments/PYSEC-2023-117.yaml 38.0.0
2026-04-01T12:43:56.070048+00:00 Pypa Importer Affected by VCID-1na8-nyq1-yfcy https://github.com/pypa/advisory-database/blob/main/vulns/pygments/PYSEC-2021-140.yaml 38.0.0
2026-04-01T12:43:54.806161+00:00 Pypa Importer Affected by VCID-brg4-rv29-1fgz https://github.com/pypa/advisory-database/blob/main/vulns/pygments/PYSEC-2021-141.yaml 38.0.0
2026-04-01T12:41:16.186166+00:00 Pypa Importer Fixing VCID-yesa-ghcy-mufw https://github.com/pypa/advisory-database/blob/main/vulns/pygments/PYSEC-2016-32.yaml 38.0.0