Search for packages
| purl | pkg:deb/debian/pygments@2.2.0%2Bdfsg-1 |
| Next non-vulnerable version | 2.18.0+dfsg-2 |
| Latest non-vulnerable version | 2.18.0+dfsg-2 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-gkzq-thjf-z7fa
Aliases: CVE-2021-20270 GHSA-9w8r-397f-prfh PYSEC-2021-140 |
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-p93c-damj-kbec
Aliases: CVE-2021-27291 GHSA-pq64-v7f5-gqh8 PYSEC-2021-141 |
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-08-01T17:00:59.301993+00:00 | Debian Oval Importer | Affected by | VCID-p93c-damj-kbec | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 37.0.0 |
| 2025-08-01T14:56:16.521972+00:00 | Debian Oval Importer | Affected by | VCID-gkzq-thjf-z7fa | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 37.0.0 |
| 2025-08-01T11:27:15.039663+00:00 | Debian Oval Importer | Affected by | VCID-gkzq-thjf-z7fa | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 37.0.0 |
| 2025-08-01T11:12:08.082826+00:00 | Debian Oval Importer | Affected by | VCID-p93c-damj-kbec | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 37.0.0 |