Pygments Pygments

Do you want an email whenever new security vulnerabilities are reported in Pygments?

By the Year

In 2022 there have been 0 vulnerabilities in Pygments . Last year Pygments had 2 security vulnerabilities published. Right now, Pygments is on track to have less security vulnerabilities in 2022 than it did last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 2 7.50
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Pygments vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Pygments Security Vulnerabilities

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input

CVE-2021-20270 7.5 - High - March 23, 2021

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

Infinite Loop

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions

CVE-2021-27291 7.5 - High - March 17, 2021

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Pygments or by Pygments? Click the Watch button to subscribe.

Pygments
Vendor

Pygments
Product

subscribe