Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: python314Packages.pygments

Found 1 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2026-4539
3.3 LOW
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Exploit Code Maturity (E): Proof-of-Concept (P)
  • Remediation Level (RL): Not Defined (X)
  • Report Confidence (RC): Reasonable (R)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 3 months ago by @LeSuisse Activity log
  • Created suggestion 3 months ago
  • @LeSuisse ignored
    24 packages
    • python312Packages.fluent-pygments
    • python313Packages.fluent-pygments
    • python314Packages.fluent-pygments
    • python312Packages.xstatic-pygments
    • python313Packages.xstatic-pygments
    • python314Packages.xstatic-pygments
    • python312Packages.accessible-pygments
    • python312Packages.jupyterlab-pygments
    • python313Packages.accessible-pygments
    • python313Packages.jupyterlab-pygments
    • python314Packages.accessible-pygments
    • python314Packages.jupyterlab-pygments
    • python312Packages.pygments-better-html
    • python313Packages.pygments-better-html
    • python314Packages.pygments-better-html
    • python312Packages.pygments-style-github
    • python313Packages.pygments-style-github
    • python314Packages.pygments-style-github
    • python312Packages.ipython-pygments-lexers
    • python312Packages.pygments-markdown-lexer
    • python313Packages.ipython-pygments-lexers
    • python313Packages.pygments-markdown-lexer
    • python314Packages.ipython-pygments-lexers
    • python314Packages.pygments-markdown-lexer
    3 months ago
  • @LeSuisse accepted 3 months ago
  • @LeSuisse published on GitHub 3 months ago
pygments archetype.py AdlLexer redos

A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Affected products

pygments
  • ==2.19.2
  • ==2.19.0
  • ==2.19.1

Matching in nixpkgs

Ignored packages (24)

Package maintainers

Upstream advisory: https://github.com/advisories/GHSA-5239-wwwm-4pmq