Nixpkgs security tracker
3.3 LOW
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
pygments archetype.py AdlLexer redos
A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
References
-
-
-
Submit #774685 | pygments <=2.19.2 Denial of Service third-party-advisory
-
Affected products
- ==2.19.2
- ==2.19.1
- ==2.19.0
Matching in nixpkgs
pkgs.python312Packages.pygments
Generic syntax highlighter
pkgs.python313Packages.pygments
Generic syntax highlighter
pkgs.python314Packages.pygments
Generic syntax highlighter
pkgs.python312Packages.fluent-pygments
Plugin for pygments to add syntax highlighting of Fluent files in Sphinx
pkgs.python313Packages.fluent-pygments
Plugin for pygments to add syntax highlighting of Fluent files in Sphinx
pkgs.python314Packages.fluent-pygments
Plugin for pygments to add syntax highlighting of Fluent files in Sphinx
pkgs.python312Packages.xstatic-pygments
pygments packaged static files for python
pkgs.python313Packages.xstatic-pygments
pygments packaged static files for python
pkgs.python314Packages.xstatic-pygments
Pygments packaged static files for python
pkgs.python312Packages.accessible-pygments
Collection of accessible pygments styles
pkgs.python312Packages.jupyterlab-pygments
Jupyterlab syntax coloring theme for pygments
pkgs.python313Packages.accessible-pygments
Collection of accessible pygments styles
pkgs.python313Packages.jupyterlab-pygments
Jupyterlab syntax coloring theme for pygments
pkgs.python314Packages.accessible-pygments
Collection of accessible pygments styles
pkgs.python314Packages.jupyterlab-pygments
Jupyterlab syntax coloring theme for pygments
pkgs.python312Packages.pygments-better-html
Improved line numbering for Pygments’ HTML formatter
pkgs.python313Packages.pygments-better-html
Improved line numbering for Pygments’ HTML formatter
pkgs.python314Packages.pygments-better-html
Improved line numbering for Pygments’ HTML formatter
pkgs.python312Packages.pygments-style-github
Port of the github color scheme for pygments
pkgs.python313Packages.pygments-style-github
Port of the github color scheme for pygments
pkgs.python314Packages.pygments-style-github
Port of the github color scheme for pygments
pkgs.python312Packages.ipython-pygments-lexers
Pygments lexers for syntax-highlighting IPython code & sessions
pkgs.python312Packages.pygments-markdown-lexer
Pygments Markdown Lexer – A Markdown lexer for Pygments to highlight Markdown code snippets
-
nixos-25.11 0.1.0.dev39
- nixos-25.11-small 0.1.0.dev39
- nixpkgs-25.11-darwin 0.1.0.dev39
pkgs.python313Packages.ipython-pygments-lexers
Pygments lexers for syntax-highlighting IPython code & sessions
pkgs.python313Packages.pygments-markdown-lexer
Pygments Markdown Lexer – A Markdown lexer for Pygments to highlight Markdown code snippets
-
nixos-unstable 0.1.0.dev39
- nixpkgs-unstable 0.1.0.dev39
- nixos-unstable-small 0.1.0.dev39
-
nixos-25.11 0.1.0.dev39
- nixos-25.11-small 0.1.0.dev39
- nixpkgs-25.11-darwin 0.1.0.dev39
pkgs.python314Packages.ipython-pygments-lexers
Pygments lexers for syntax-highlighting IPython code & sessions
pkgs.python314Packages.pygments-markdown-lexer
Pygments Markdown Lexer – A Markdown lexer for Pygments to highlight Markdown code snippets
-
nixos-unstable 0.1.0.dev39
- nixpkgs-unstable 0.1.0.dev39
- nixos-unstable-small 0.1.0.dev39
Package maintainers
-
@GetPsyched Priyanshu Tripathi <nixos@getpsyched.dev>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@Sigmanificient Yohann Boniface <sigmanificient@gmail.com>
-
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
-
@drupol Pol Dellaiera <pol.dellaiera@protonmail.com>
-
@makefu Felix Richter <makefu@syntax-fehler.de>
-
@ryand56 Ryan Omasta <git@ryand.ca>