Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses pygments-2.19.2-py3-none-any.whl which is vulnerable to CVE-2026-4539

Summary IBM Maximo Application Suite - Visual Inspection component uses pygments-2.19.2-py3-none-any.whl which is vulnerable to CVE-2026-4539 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-4539 DESCRIPTION: A security fla...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Resource Consumption in pygments [CVE-2026-4539]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Resource Consumption in pygments, due to a flaw in function AdlLexer of the file pygments/lexers/archetype.py that results in inefficient regular expression complexity CVE-2026-4539. Pygments is used in our speech...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pygments-2.19.2-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in pygments-2.19.2-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-4539 DESCRIPTION: A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file...

a-mailx (=0.1.0), a2grunnerp (>=0.1.0 <=0.1.8) +1647 more potentially affected by CVE-2026-4539 via pygments (>=1.6.0 <=2.1.3)

pygments PYPI version =1.6.0, =0.1.0, =0.1.0, =0.0.2, =2.0.0.1, =0.1.2, =0.0.1, =0.3.4, =0.4.0, =0.0.6, =0.1.0, =0.1.2 and more Source cves: CVE-2026-4539 Source advisory: OSV:GHSA-5239-WWWM-4PMQ...

Linux Distros Unpatched Vulnerability : CVE-2026-4539

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The...

EUVD-2021-0207

Malware in sbrugna...

EUVD-2016-0026

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-27291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have...

Azure Linux 3.0 Security Update: python-pygments (CVE-2021-20270)

The version of python-pygments installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-20270 advisory. - An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 May lead to denial of service when...

USN-7128-1: Pygments vulnerability

Sebastian Chnelik discovered that Pygments had an inefficient regex query for analyzing certain inputs. An attacker could possibly use this issue to cause a denial of service...

Ubuntu 22.04 LTS : Pygments vulnerability (USN-7128-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7128-1 advisory. Sebastian Chnelik discovered that Pygments had an inefficient regex query for analyzing certain inputs. An attacker could possibly use this issue to cause a denia...

USN-4897-1 pygments vulnerability

Ben Caller discovered that Pygments incorrectly handled parsing certain files. If a user or automated system were tricked into parsing a specially crafted file, a remote attacker could cause Pygments to hang or consume resources, resulting in a denial of service...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Pygments vulnerability (USN-4897-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4897-1 advisory. Ben Caller discovered that Pygments incorrectly handled parsing certain files. If a user or automated system were tricked into parsing a...

Pygments Denial of Service Attack Vulnerability

Pygments is a general-purpose syntax highlighting tool for code hosting, forums, wikis, or other applications that need to beautify their source code. A denial of service vulnerability exists in Pygments versions 1.5 through 2.7.3. The vulnerability arises due to an infinite loop in the SMLLexer ...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Pygments vulnerability (USN-4885-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4885-1 advisory. It was discovered that Pygments incorrectly handled parsing SML files. If a user or automated system were tricked into parsing a specially...

Regular Expression Denial Of Service (ReDoS)

pygments is vulnerable to regular expression denial of service. An attacker is able to crash the application by submitting a malicious string via Lexer for Values used in ADL and ODIN...

AZL-35138 CVE-2021-27291 affecting package python-pygments for versions less than 2.7.4-1

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service...

CVE-2021-27291

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service...

AZL-40759 CVE-2019-11358 affecting package python-pygments for versions less than 2.7.4-1

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

CVE-2015-8557

The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...