VulnerableCode Package Details - pkg:pypi/pygments@2.7.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-3kfv-bmqf-aqhv Aliases: CVE-2026-4539 GHSA-5239-wwwm-4pmq	Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching A security flaw has been discovered in pygments before 2.20.0. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.	2.20.0 Affected by 0 other vulnerabilities.
VCID-uk9e-3t7h-jkar Aliases: CVE-2022-40896 GHSA-mrwq-x4v8-fh7p PYSEC-2023-117	A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.	2.15.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.15.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-3kfv-bmqf-aqhv
Aliases:
CVE-2026-4539
GHSA-5239-wwwm-4pmq

Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching A security flaw has been discovered in pygments before 2.20.0. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

2.20.0
Affected by 0 other vulnerabilities.

VCID-uk9e-3t7h-jkar
Aliases:
CVE-2022-40896
GHSA-mrwq-x4v8-fh7p
PYSEC-2023-117

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.

2.15.0
Affected by 2 other vulnerabilities.

2.15.1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-1na8-nyq1-yfcy	An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.	CVE-2021-20270 GHSA-9w8r-397f-prfh PYSEC-2021-140
VCID-brg4-rv29-1fgz	In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.	CVE-2021-27291 GHSA-pq64-v7f5-gqh8 PYSEC-2021-141

Vulnerability

Summary

Aliases

VCID-1na8-nyq1-yfcy

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

CVE-2021-20270
GHSA-9w8r-397f-prfh
PYSEC-2021-140

VCID-brg4-rv29-1fgz

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.

CVE-2021-27291
GHSA-pq64-v7f5-gqh8
PYSEC-2021-141

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-01T14:31:14.112292+00:00	GHSA Importer	Fixing	VCID-1na8-nyq1-yfcy	https://github.com/advisories/GHSA-9w8r-397f-prfh	38.6.0
2026-05-01T14:29:58.978775+00:00	GHSA Importer	Fixing	VCID-brg4-rv29-1fgz	https://github.com/advisories/GHSA-pq64-v7f5-gqh8	38.6.0
2026-04-29T23:30:23.732660+00:00	GitLab Importer	Affected by	VCID-3kfv-bmqf-aqhv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2026-4539.yml	38.5.0
2026-04-29T21:15:15.417556+00:00	GitLab Importer	Affected by	VCID-uk9e-3t7h-jkar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2022-40896.yml	38.5.0
2026-04-29T19:58:59.034150+00:00	GitLab Importer	Fixing	VCID-1na8-nyq1-yfcy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-20270.yml	38.5.0
2026-04-29T19:57:30.046696+00:00	GitLab Importer	Fixing	VCID-brg4-rv29-1fgz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-27291.yml	38.5.0
2026-04-25T02:07:24.051214+00:00	GitLab Importer	Affected by	VCID-3kfv-bmqf-aqhv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2026-4539.yml	38.4.0
2026-04-16T22:34:20.156087+00:00	GitLab Importer	Affected by	VCID-uk9e-3t7h-jkar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2022-40896.yml	38.4.0
2026-04-16T21:21:15.158922+00:00	GitLab Importer	Fixing	VCID-1na8-nyq1-yfcy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-20270.yml	38.4.0
2026-04-16T21:19:44.586172+00:00	GitLab Importer	Fixing	VCID-brg4-rv29-1fgz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-27291.yml	38.4.0
2026-04-16T01:43:28.144347+00:00	GHSA Importer	Fixing	VCID-1na8-nyq1-yfcy	https://github.com/advisories/GHSA-9w8r-397f-prfh	38.4.0
2026-04-16T01:41:53.553578+00:00	GHSA Importer	Fixing	VCID-brg4-rv29-1fgz	https://github.com/advisories/GHSA-pq64-v7f5-gqh8	38.4.0
2026-04-11T23:53:23.563843+00:00	GitLab Importer	Affected by	VCID-uk9e-3t7h-jkar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2022-40896.yml	38.3.0
2026-04-11T22:33:42.705536+00:00	GitLab Importer	Fixing	VCID-1na8-nyq1-yfcy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-20270.yml	38.3.0
2026-04-11T22:32:06.554588+00:00	GitLab Importer	Fixing	VCID-brg4-rv29-1fgz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-27291.yml	38.3.0
2026-04-11T13:12:40.734143+00:00	GHSA Importer	Fixing	VCID-1na8-nyq1-yfcy	https://github.com/advisories/GHSA-9w8r-397f-prfh	38.3.0
2026-04-11T13:10:59.890011+00:00	GHSA Importer	Fixing	VCID-brg4-rv29-1fgz	https://github.com/advisories/GHSA-pq64-v7f5-gqh8	38.3.0
2026-04-02T23:56:29.018437+00:00	GitLab Importer	Affected by	VCID-uk9e-3t7h-jkar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2022-40896.yml	38.1.0
2026-04-02T22:44:50.186668+00:00	GitLab Importer	Fixing	VCID-1na8-nyq1-yfcy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-20270.yml	38.1.0
2026-04-02T22:43:22.672802+00:00	GitLab Importer	Fixing	VCID-brg4-rv29-1fgz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-27291.yml	38.1.0
2026-04-02T14:04:07.698046+00:00	GHSA Importer	Fixing	VCID-1na8-nyq1-yfcy	https://github.com/advisories/GHSA-9w8r-397f-prfh	38.1.0
2026-04-02T14:02:39.591228+00:00	GHSA Importer	Fixing	VCID-brg4-rv29-1fgz	https://github.com/advisories/GHSA-pq64-v7f5-gqh8	38.1.0
2026-04-01T17:02:46.927353+00:00	GitLab Importer	Fixing	VCID-1na8-nyq1-yfcy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-20270.yml	38.0.0
2026-04-01T17:01:06.677974+00:00	GitLab Importer	Fixing	VCID-brg4-rv29-1fgz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Pygments/CVE-2021-27291.yml	38.0.0
2026-04-01T15:14:26.420938+00:00	PyPI Importer	Affected by	VCID-uk9e-3t7h-jkar	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.0.0
2026-04-01T15:04:55.228645+00:00	PyPI Importer	Fixing	VCID-1na8-nyq1-yfcy	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.0.0
2026-04-01T15:04:52.698987+00:00	PyPI Importer	Fixing	VCID-brg4-rv29-1fgz	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.0.0
2026-04-01T13:01:53.851957+00:00	GithubOSV Importer	Fixing	VCID-brg4-rv29-1fgz	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-pq64-v7f5-gqh8/GHSA-pq64-v7f5-gqh8.json	38.0.0
2026-04-01T13:00:52.245304+00:00	GithubOSV Importer	Fixing	VCID-1na8-nyq1-yfcy	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-9w8r-397f-prfh/GHSA-9w8r-397f-prfh.json	38.0.0
2026-04-01T12:48:29.886568+00:00	Pypa Importer	Affected by	VCID-uk9e-3t7h-jkar	https://github.com/pypa/advisory-database/blob/main/vulns/pygments/PYSEC-2023-117.yaml	38.0.0
2026-04-01T12:43:56.102825+00:00	Pypa Importer	Fixing	VCID-1na8-nyq1-yfcy	https://github.com/pypa/advisory-database/blob/main/vulns/pygments/PYSEC-2021-140.yaml	38.0.0
2026-04-01T12:43:54.844979+00:00	Pypa Importer	Fixing	VCID-brg4-rv29-1fgz	https://github.com/pypa/advisory-database/blob/main/vulns/pygments/PYSEC-2021-141.yaml	38.0.0