380 matches found
CVE-2026-4539 pygments archetype.py AdlLexer redos
A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released...
Matthäus G. Chajdas pygments 安全漏洞
Matthäus G. Chajdas’ pygments is an open-source application developed by Matthäus G. Chajdas. It provides a general-purpose syntax highlighting tool. Versions of Matthäus G. Chajdas’ pygments prior to 2.19.2 contained security vulnerabilities. These vulnerabilities were caused by inefficient...
Linux Distros Unpatched Vulnerability : CVE-2026-4539
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The...
PT-2026-26970
Name of the Vulnerable Software and Affected Versions pygments versions up to 2.19.2 Description A security flaw exists in pygments. The issue resides within the AdlLexer function located in the pygments/lexers/archetype.py file, leading to inefficient regular expression complexity. This...
Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering
Summary An unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. Details When Pygments returns more lines than it was given a known upstream quirk...
EUVD-2026-8597
Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering...
GHSA-VP6Q-7M36-PQ3W Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering
Summary An unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. Details When Pygments returns more lines than it was given a known upstream quirk...
CVE-2026-27614
Bugsink (self-hosted error tracking) is affected by a Stored XSS in versions before 2.0.13. The root cause is how Pygments fallback in stacktrace rendering handles line mismatches: _pygmentize_lines() returns raw lines when line counts differ, and then mark_safe() is applied unconditionally to th...
CVE-2026-27614 Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering
Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. When Pygments...
CVE-2026-27614 Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering
Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. When Pygments...
CVE-2026-27614 Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering
Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. When Pygments...
Azure Linux 3.0 Security Update: m2crypto / python-pygments (CVE-2019-11358)
The version of m2crypto / python-pygments installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-11358 advisory. - jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles...
MiracleLinux 8 : resource-agents-4.1.1-98.el8 (AXSA:2021-2804:10)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2804:10 advisory. python-pygments: Infinite loop in SML lexer may lead to DoS CVE-2021-20270 python-pygments: ReDoS in multiple lexers CVE-2021-27291 Tenable has...
MiracleLinux 8 : python27:2.7 (AXSA:2021-2829:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2829:01 advisory. python: Unsafe use of eval on data retrieved via HTTP in the test suite CVE-2020-27619 python-jinja2: ReDoS vulnerability in the urlize filter...
MiracleLinux 8 : python36:3.6 (AXSA:2021-2854:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2854:01 advisory. python-pygments: Infinite loop in SML lexer may lead to DoS CVE-2021-20270 python-pygments: ReDoS in multiple lexers CVE-2021-27291 Tenable has...
Astra Linux - уязвимость в pygments
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer...
Malicious code in pygments-richstyle (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a965f61b1e51e6c96a8987633eaf2f23001320e4c6b884c33603230c66798e74 Packages silently decrypt content hidden in a dependency and load them as Python extension modules. In the first wave, those are copies of legitimate aiohttp a...
MAL-2025-191654 Malicious code in pygments-richstyle (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a965f61b1e51e6c96a8987633eaf2f23001320e4c6b884c33603230c66798e74 Packages silently decrypt content hidden in a dependency and load them as Python extension modules. In the first wave, those are copies of legitimate aiohttp a...
EUVD-2021-0208
Malware in sbrugna...
EUVD-2021-0207
Malware in sbrugna...