[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-27291":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":34,"duplicate_of":9,"upstream":37,"downstream":38,"duplicates":85,"related":86,"reserved_at":9,"published_at":96,"modified_at":97,"state":98,"summary":99,"references_raw":107,"kevs":190,"epss":191,"epss_history":194,"metrics":446,"affected":461},"CVE-2021-27291","In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-1333","Inefficient Regular Expression Complexity","The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.","weakness","Draft","Base","High",[20],{"id":21,"name":22,"techniques":23},"CAPEC-492","Regular Expression Exponential Blowup",[],[25],{"_key":26,"name":27,"source":28,"url":29,"maturity":30,"reliability_score":31,"verified":32,"type":9,"platforms":33,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_B-C-DS_B1A2CC0C68A35C57188575EB496DE5CE","B1A2Cc0C68A35C57188575Eb496De5Ce","github","https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce","poc",0.3,false,[],[35,36],"GHSA-pq64-v7f5-gqh8","PYSEC-2021-141",[],[39,41,43,45,47,49,51,53,55,57,59,61,63,65,67,69,71,73,75,77,79,81,83],{"_key":40},"ALPINE-CVE-2021-27291",{"_key":42},"SUSE-SU-2021:3839-1",{"_key":44},"SUSE-SU-2021:3814-1",{"_key":46},"SUSE-SU-2021:3840-1",{"_key":48},"SUSE-SU-2021:3841-1",{"_key":50},"OPENSUSE-SU-2021:1521-1",{"_key":52},"OPENSUSE-SU-2021:3839-1",{"_key":54},"OPENSUSE-SU-2021:3841-1",{"_key":56},"DLA-2600-1",{"_key":58},"DLA-2648-1",{"_key":60},"DSA-4878-1",{"_key":62},"DSA-4889-1",{"_key":64},"RHSA-2021:3252",{"_key":66},"RHSA-2021:4139",{"_key":68},"RHSA-2021:4150",{"_key":70},"RHSA-2021:4151",{"_key":72},"MGASA-2021-0218",{"_key":74},"MGASA-2021-0245",{"_key":76},"USN-4897-1",{"_key":78},"USN-4897-2",{"_key":80},"DEBIAN-CVE-2021-27291",{"_key":82},"RHSA-2021:0781",{"_key":84},"UBUNTU-CVE-2021-27291",[],[87,88,89,90,91,92,93,94,95],{"_key":42},{"_key":44},{"_key":46},{"_key":48},{"_key":50},{"_key":52},{"_key":54},{"_key":72},{"_key":74},"2021-03-17T12:31:15.000Z","2024-08-03T20:48:16.368Z","Modified",{"cisa_kev":32,"cisa_ransomware":32,"cisa_vendor":9,"epss_severity":100,"epss_score":101,"severity":102,"severity_score":103,"severity_version":104,"severity_source":105,"severity_vector":106,"severity_status":98},"low",0.034,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[108,117,123,129,136,140,144,149,153,157,161,166,170,174,178,182,186],{"url":29,"sources":109,"tags":112},[110,105,111],"cve.org","osv_pypi",[113,114,115,116],"X Refsource MISC","Exploit","Third Party Advisory","WEB",{"url":118,"sources":119,"tags":120},"https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14",[110,105,111],[113,121,115,116,122],"Patch","FIX",{"url":124,"sources":125,"tags":126},"https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html",[110,105,111],[127,128,115,116],"Mailing List","X Refsource MLIST",{"url":130,"sources":131,"tags":132},"https://www.debian.org/security/2021/dsa-4878",[110,105,111],[133,134,115,116,135],"Vendor Advisory","X Refsource DEBIAN","Advisory",{"url":137,"sources":138,"tags":139},"https://www.debian.org/security/2021/dsa-4889",[110,105,111],[133,134,115,116,135],{"url":141,"sources":142,"tags":143},"https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html",[110,105,111],[127,128,115,116],{"url":145,"sources":146,"tags":147},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/",[110,105],[133,148],"X Refsource FEDORA",{"url":150,"sources":151,"tags":152},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/",[110,105],[133,148],{"url":154,"sources":155,"tags":156},"https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html",[110,105,111],[127,128,115,116],{"url":158,"sources":159,"tags":160},"https://nvd.nist.gov/vuln/detail/CVE-2021-27291",[111],[135],{"url":162,"sources":163,"tags":164},"https://github.com/pygments/pygments",[111],[165],"PACKAGE",{"url":167,"sources":168,"tags":169},"https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2021-141.yaml",[111],[116],{"url":171,"sources":172,"tags":173},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55",[111],[116],{"url":175,"sources":176,"tags":177},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ",[111],[116],{"url":179,"sources":180,"tags":181},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/",[111],[116],{"url":183,"sources":184,"tags":185},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/",[111],[116],{"url":187,"sources":188,"tags":189},"https://github.com/advisories/GHSA-pq64-v7f5-gqh8",[111],[135],[],{"date":192,"score":101,"percentile":193},"2026-06-04",0.87634,[195,199,202,205,208,211,214,217,219,222,225,228,231,234,237,241,244,247,250,253,255,257,260,262,264,267,270,273,276,279,281,284,287,290,292,295,297,300,303,306,309,312,315,318,320,323,326,329,332,334,337,340,343,346,350,353,356,359,362,365,368,371,374,376,378,380,383,385,388,391,394,396,398,400,403,406,409,412,414,416,419,422,425,428,430,432,435,438,441,443],{"date":196,"score":197,"percentile":198},"2025-11-04",0.02751,0.85466,{"date":200,"score":197,"percentile":201},"2025-11-05",0.8547,{"date":203,"score":197,"percentile":204},"2025-11-06",0.85472,{"date":206,"score":197,"percentile":207},"2025-11-07",0.85482,{"date":209,"score":197,"percentile":210},"2025-11-08",0.85485,{"date":212,"score":197,"percentile":213},"2025-11-09",0.85481,{"date":215,"score":197,"percentile":216},"2025-11-10",0.85477,{"date":218,"score":197,"percentile":213},"2025-11-11",{"date":220,"score":197,"percentile":221},"2025-11-12",0.85492,{"date":223,"score":197,"percentile":224},"2025-11-13",0.85499,{"date":226,"score":197,"percentile":227},"2025-11-14",0.85501,{"date":229,"score":197,"percentile":230},"2025-11-15",0.85494,{"date":232,"score":197,"percentile":233},"2025-11-16",0.85493,{"date":235,"score":197,"percentile":236},"2025-11-17",0.85478,{"date":238,"score":239,"percentile":240},"2025-11-18",0.06674,0.90304,{"date":242,"score":239,"percentile":243},"2025-11-19",0.9031,{"date":245,"score":239,"percentile":246},"2025-11-20",0.90313,{"date":248,"score":197,"percentile":249},"2025-11-21",0.85491,{"date":251,"score":197,"percentile":252},"2025-11-22",0.85489,{"date":254,"score":197,"percentile":213},"2025-11-23",{"date":256,"score":197,"percentile":207},"2025-11-24",{"date":258,"score":197,"percentile":259},"2025-11-25",0.85479,{"date":261,"score":197,"percentile":213},"2025-11-26",{"date":263,"score":197,"percentile":213},"2025-11-27",{"date":265,"score":197,"percentile":266},"2025-11-28",0.85462,{"date":268,"score":197,"percentile":269},"2025-11-29",0.85508,{"date":271,"score":197,"percentile":272},"2025-11-30",0.85507,{"date":274,"score":197,"percentile":275},"2025-12-01",0.85565,{"date":277,"score":197,"percentile":278},"2025-12-02",0.85568,{"date":280,"score":197,"percentile":278},"2025-12-03",{"date":282,"score":197,"percentile":283},"2025-12-04",0.85505,{"date":285,"score":197,"percentile":286},"2025-12-05",0.85509,{"date":288,"score":197,"percentile":289},"2025-12-06",0.85506,{"date":291,"score":197,"percentile":230},"2025-12-07",{"date":293,"score":197,"percentile":294},"2025-12-08",0.85495,{"date":296,"score":197,"percentile":227},"2025-12-09",{"date":298,"score":197,"percentile":299},"2025-12-10",0.85524,{"date":301,"score":197,"percentile":302},"2025-12-11",0.85529,{"date":304,"score":197,"percentile":305},"2025-12-12",0.85533,{"date":307,"score":197,"percentile":308},"2025-12-13",0.85528,{"date":310,"score":197,"percentile":311},"2025-12-14",0.85523,{"date":313,"score":197,"percentile":314},"2025-12-15",0.85518,{"date":316,"score":197,"percentile":317},"2025-12-16",0.85525,{"date":319,"score":197,"percentile":302},"2025-12-17",{"date":321,"score":197,"percentile":322},"2025-12-18",0.85536,{"date":324,"score":197,"percentile":325},"2025-12-19",0.8554,{"date":327,"score":197,"percentile":328},"2025-12-20",0.85535,{"date":330,"score":197,"percentile":331},"2025-12-21",0.85537,{"date":333,"score":197,"percentile":322},"2025-12-22",{"date":335,"score":197,"percentile":336},"2025-12-23",0.85542,{"date":338,"score":197,"percentile":339},"2025-12-24",0.85547,{"date":341,"score":197,"percentile":342},"2025-12-25",0.85563,{"date":344,"score":197,"percentile":345},"2025-12-26",0.85564,{"date":347,"score":348,"percentile":349},"2025-12-27",0.02326,0.84445,{"date":351,"score":197,"percentile":352},"2025-12-28",0.85557,{"date":354,"score":197,"percentile":355},"2025-12-29",0.85556,{"date":357,"score":197,"percentile":358},"2025-12-30",0.85562,{"date":360,"score":197,"percentile":361},"2025-12-31",0.85572,{"date":363,"score":197,"percentile":364},"2026-01-01",0.8563,{"date":366,"score":197,"percentile":367},"2026-01-02",0.85633,{"date":369,"score":197,"percentile":370},"2026-01-03",0.85631,{"date":372,"score":197,"percentile":373},"2026-01-04",0.85573,{"date":375,"score":197,"percentile":278},"2026-01-05",{"date":377,"score":197,"percentile":361},"2026-01-06",{"date":379,"score":197,"percentile":361},"2026-01-07",{"date":381,"score":197,"percentile":382},"2026-01-08",0.85582,{"date":384,"score":197,"percentile":382},"2026-01-09",{"date":386,"score":197,"percentile":387},"2026-01-10",0.85579,{"date":389,"score":197,"percentile":390},"2026-01-11",0.85574,{"date":392,"score":197,"percentile":393},"2026-01-12",0.85569,{"date":395,"score":197,"percentile":345},"2026-01-13",{"date":397,"score":197,"percentile":382},"2026-01-14",{"date":399,"score":197,"percentile":382},"2026-01-15",{"date":401,"score":197,"percentile":402},"2026-01-16",0.85589,{"date":404,"score":197,"percentile":405},"2026-01-17",0.85593,{"date":407,"score":197,"percentile":408},"2026-01-18",0.8559,{"date":410,"score":197,"percentile":411},"2026-01-19",0.85587,{"date":413,"score":197,"percentile":402},"2026-01-20",{"date":415,"score":197,"percentile":405},"2026-01-21",{"date":417,"score":197,"percentile":418},"2026-01-22",0.85597,{"date":420,"score":197,"percentile":421},"2026-01-23",0.8561,{"date":423,"score":197,"percentile":424},"2026-01-24",0.85619,{"date":426,"score":197,"percentile":427},"2026-01-25",0.85615,{"date":429,"score":197,"percentile":427},"2026-01-26",{"date":431,"score":197,"percentile":424},"2026-01-27",{"date":433,"score":197,"percentile":434},"2026-01-28",0.85624,{"date":436,"score":197,"percentile":437},"2026-01-29",0.85627,{"date":439,"score":197,"percentile":440},"2026-01-30",0.85628,{"date":442,"score":197,"percentile":364},"2026-01-31",{"date":444,"score":197,"percentile":445},"2026-02-01",0.85695,[447,456],{"source":105,"cvss_v2_0":448,"cvss_v3_0":9,"cvss_v3_1":453,"cvss_v4_0":9},{"baseScore":449,"baseSeverity":9,"vectorString":450,"impactScore":451,"exploitabilityScore":452},5,"AV:N/AC:L/Au:N/C:N/I:N/A:P",2.9,10,{"baseScore":103,"baseSeverity":454,"vectorString":106,"impactScore":455,"exploitabilityScore":452},"HIGH",6,{"source":111,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":457,"cvss_v4_0":458},{"baseScore":103,"baseSeverity":9,"vectorString":106,"impactScore":455,"exploitabilityScore":452},{"baseScore":459,"baseSeverity":9,"vectorString":460,"impactScore":9,"exploitabilityScore":9},8.7,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",[462,473,481,492],{"ecosystem":9,"name":463,"vendor":464,"product":465,"cpe_part":466,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":467},"debian linux","debian","debian_linux","o",[468,471],{"version":469,"is_range":32,"range_type":470,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0","cpe",{"version":472,"is_range":32,"range_type":470,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0",{"ecosystem":9,"name":474,"vendor":475,"product":474,"cpe_part":466,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":476},"fedora","fedoraproject",[477,479],{"version":478,"is_range":32,"range_type":470,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"32",{"version":480,"is_range":32,"range_type":470,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"33",{"ecosystem":9,"name":482,"vendor":482,"product":482,"cpe_part":483,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":484},"pygments","a",[485],{"version":486,"is_range":487,"range_type":470,"version_start":488,"version_start_type":489,"version_end":490,"version_end_type":491,"fixed_in":9},"gte1.1_lt2.7.4",true,"1.1","including","2.7.4","excluding",{"ecosystem":493,"name":482,"vendor":493,"product":482,"cpe_part":9,"purl_type":494,"purl_namespace":9,"purl_name":482,"source":9,"versions":495},"PyPI","pypi",[496,500],{"version":497,"is_range":487,"range_type":498,"version_start":9,"version_start_type":9,"version_end":499,"version_end_type":491,"fixed_in":9},"lt2e7e8c4a7b318f4032493773732754e418279a14","ecosystem","2e7e8c4a7b318f4032493773732754e418279a14",{"version":501,"is_range":487,"range_type":498,"version_start":488,"version_start_type":489,"version_end":490,"version_end_type":491,"fixed_in":9},"gte1_1_lt2_7_4"]