[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-40896":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":68,"aliases":78,"duplicate_of":9,"upstream":81,"downstream":82,"duplicates":95,"related":96,"reserved_at":9,"published_at":98,"modified_at":99,"state":100,"summary":101,"references_raw":109,"kevs":187,"epss":188,"epss_history":191,"metrics":457,"affected":468},"CVE-2022-40896","A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-434","Unrestricted Upload of File with Dangerous Type","The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.","weakness","Draft","Base","Medium",[20],{"id":21,"name":22,"techniques":23},"CAPEC-1","Accessing Functionality Not Properly Constrained by ACLs",[24],{"id":25,"name":26,"tactics":27,"countermeasures":43},"T1574.010","Services File Permissions Weakness",[28,31,34,37,40],{"id":29,"name":30},"TA0110","Persistence",{"id":32,"name":33},"TA0111","Privilege Escalation",{"id":35,"name":36},"TA0030","Defense Evasion",{"id":38,"name":39},"TA0005","Stealth",{"id":41,"name":42},"TA0104","Execution",[44,49,53,58,63],{"id":45,"name":46,"tactic":47},"D3-SWI","Software Inventory",{"name":48},"Model",{"id":50,"name":51,"tactic":52},"D3-AVE","Asset Vulnerability Enumeration",{"name":48},{"id":54,"name":55,"tactic":56},"D3-SBV","Service Binary Verification",{"name":57},"Detect",{"id":59,"name":60,"tactic":61},"D3-SU","Software Update",{"name":62},"Harden",{"id":64,"name":65,"tactic":66},"D3-RS","Restore Software",{"name":67},"Restore",[69],{"_key":70,"name":71,"source":72,"url":73,"maturity":74,"reliability_score":75,"verified":76,"type":9,"platforms":77,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_175ECC10E31EAB40","Exploit Reference (pyup.io)","reference","https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/","unknown",0.2,false,[],[79,80],"GHSA-mrwq-x4v8-fh7p","PYSEC-2023-117",[],[83,85,87,89,91,93],{"_key":84},"UBUNTU-CVE-2022-40896",{"_key":86},"USN-7128-1",{"_key":88},"MGASA-2024-0107",{"_key":90},"DEBIAN-CVE-2022-40896",{"_key":92},"RHSA-2024:1057",{"_key":94},"RHSA-2024:2010",[],[97],{"_key":88},"2023-07-19T00:00:00.000Z","2024-11-27T14:28:58.875Z","Modified",{"cisa_kev":76,"cisa_ransomware":76,"cisa_vendor":9,"epss_severity":102,"epss_score":103,"severity":104,"severity_score":105,"severity_version":106,"severity_source":107,"severity_vector":108,"severity_status":100},"low",0.00069,"medium",5.5,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",[110,118,124,129,134,138,142,146,151,155,159,163,167,171,175,179,183],{"url":111,"sources":112,"tags":115},"https://pypi.org/project/Pygments/",[113,107,114],"cve.org","osv_pypi",[116,117],"Product","PACKAGE",{"url":119,"sources":120,"tags":121},"https://github.com/pygments/pygments/blob/master/pygments/lexers/smithy.py#L61",[113,107,114],[122,123],"Third Party Advisory","WEB",{"url":73,"sources":125,"tags":126},[113,107,114],[127,128,122,123],"Exploit","Patch",{"url":130,"sources":131,"tags":132},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZO4BQCIY2S2KZYHERQMKURB7AHXDBO/",[113,107],[133],"Vendor Advisory",{"url":135,"sources":136,"tags":137},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZGMXALE3HSP4OXC7UUWIKX3OXKZDTY3/",[113,107],[133],{"url":139,"sources":140,"tags":141},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZGMXALE3HSP4OXC7UUWIKX3OXKZDTY3/",[113,107],[],{"url":143,"sources":144,"tags":145},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUZO4BQCIY2S2KZYHERQMKURB7AHXDBO/",[113,107],[],{"url":147,"sources":148,"tags":149},"https://nvd.nist.gov/vuln/detail/CVE-2022-40896",[114],[150],"Advisory",{"url":152,"sources":153,"tags":154},"https://github.com/pygments/pygments/commit/97eb3d5ec7c1b3ea4fcf9dee30a2309cf92bd194",[114],[123],{"url":156,"sources":157,"tags":158},"https://github.com/pygments/pygments/commit/dd52102c38ebe78cd57748e09f38929fd283ad04",[114],[123],{"url":160,"sources":161,"tags":162},"https://github.com/pygments/pygments/commit/fdf182a7af85b1deeeb637ca970d31935e7c9d52",[114],[123],{"url":164,"sources":165,"tags":166},"https://github.com/pygments/pygments",[114],[117],{"url":168,"sources":169,"tags":170},"https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2023-117.yaml",[114],[123],{"url":172,"sources":173,"tags":174},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZGMXALE3HSP4OXC7UUWIKX3OXKZDTY3",[114],[123],{"url":176,"sources":177,"tags":178},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZO4BQCIY2S2KZYHERQMKURB7AHXDBO",[114],[123],{"url":180,"sources":181,"tags":182},"https://pypi.org/project/Pygments",[114],[123],{"url":184,"sources":185,"tags":186},"https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2",[114],[123],[],{"date":189,"score":103,"percentile":190},"2026-06-04",0.21293,[192,196,199,202,205,208,211,214,217,220,223,226,229,232,235,239,242,245,248,251,253,256,259,262,265,268,271,274,276,279,282,285,288,291,294,297,300,303,306,309,312,315,318,321,324,327,330,333,336,339,342,345,348,351,354,357,360,363,366,369,372,375,378,381,384,386,389,392,395,398,401,404,407,409,412,415,418,421,424,426,429,431,434,437,440,443,445,448,451,454],{"date":193,"score":194,"percentile":195},"2025-11-04",0.00053,0.16394,{"date":197,"score":194,"percentile":198},"2025-11-05",0.16422,{"date":200,"score":194,"percentile":201},"2025-11-06",0.1651,{"date":203,"score":194,"percentile":204},"2025-11-07",0.16525,{"date":206,"score":194,"percentile":207},"2025-11-08",0.16534,{"date":209,"score":194,"percentile":210},"2025-11-09",0.16504,{"date":212,"score":194,"percentile":213},"2025-11-10",0.16461,{"date":215,"score":194,"percentile":216},"2025-11-11",0.16483,{"date":218,"score":194,"percentile":219},"2025-11-12",0.16518,{"date":221,"score":194,"percentile":222},"2025-11-13",0.16547,{"date":224,"score":194,"percentile":225},"2025-11-14",0.16557,{"date":227,"score":194,"percentile":228},"2025-11-15",0.16524,{"date":230,"score":194,"percentile":231},"2025-11-16",0.16492,{"date":233,"score":194,"percentile":234},"2025-11-17",0.16451,{"date":236,"score":237,"percentile":238},"2025-11-18",0.00108,0.24744,{"date":240,"score":237,"percentile":241},"2025-11-19",0.2477,{"date":243,"score":237,"percentile":244},"2025-11-20",0.2478,{"date":246,"score":194,"percentile":247},"2025-11-21",0.16466,{"date":249,"score":194,"percentile":250},"2025-11-22",0.16474,{"date":252,"score":194,"percentile":234},"2025-11-23",{"date":254,"score":194,"percentile":255},"2025-11-24",0.16415,{"date":257,"score":194,"percentile":258},"2025-11-25",0.16405,{"date":260,"score":194,"percentile":261},"2025-11-26",0.16391,{"date":263,"score":194,"percentile":264},"2025-11-27",0.16401,{"date":266,"score":194,"percentile":267},"2025-11-28",0.16388,{"date":269,"score":194,"percentile":270},"2025-11-29",0.16374,{"date":272,"score":194,"percentile":273},"2025-11-30",0.16378,{"date":275,"score":194,"percentile":255},"2025-12-01",{"date":277,"score":194,"percentile":278},"2025-12-02",0.16428,{"date":280,"score":194,"percentile":281},"2025-12-03",0.16441,{"date":283,"score":194,"percentile":284},"2025-12-04",0.16407,{"date":286,"score":194,"percentile":287},"2025-12-05",0.16464,{"date":289,"score":194,"percentile":290},"2025-12-06",0.16473,{"date":292,"score":194,"percentile":293},"2025-12-07",0.16454,{"date":295,"score":194,"percentile":296},"2025-12-08",0.16463,{"date":298,"score":194,"percentile":299},"2025-12-09",0.16519,{"date":301,"score":194,"percentile":302},"2025-12-10",0.1657,{"date":304,"score":194,"percentile":305},"2025-12-11",0.16616,{"date":307,"score":194,"percentile":308},"2025-12-12",0.16661,{"date":310,"score":194,"percentile":311},"2025-12-13",0.16657,{"date":313,"score":194,"percentile":314},"2025-12-14",0.16615,{"date":316,"score":194,"percentile":317},"2025-12-15",0.16582,{"date":319,"score":194,"percentile":320},"2025-12-16",0.16608,{"date":322,"score":194,"percentile":323},"2025-12-17",0.16701,{"date":325,"score":194,"percentile":326},"2025-12-18",0.1676,{"date":328,"score":194,"percentile":329},"2025-12-19",0.16809,{"date":331,"score":194,"percentile":332},"2025-12-20",0.16788,{"date":334,"score":194,"percentile":335},"2025-12-21",0.16742,{"date":337,"score":194,"percentile":338},"2025-12-22",0.1668,{"date":340,"score":194,"percentile":341},"2025-12-23",0.16679,{"date":343,"score":194,"percentile":344},"2025-12-24",0.16698,{"date":346,"score":194,"percentile":347},"2025-12-25",0.16767,{"date":349,"score":194,"percentile":350},"2025-12-26",0.16758,{"date":352,"score":194,"percentile":353},"2025-12-27",0.16761,{"date":355,"score":194,"percentile":356},"2025-12-28",0.16723,{"date":358,"score":194,"percentile":359},"2025-12-29",0.16689,{"date":361,"score":194,"percentile":362},"2025-12-30",0.16702,{"date":364,"score":194,"percentile":365},"2025-12-31",0.16775,{"date":367,"score":194,"percentile":368},"2026-01-01",0.16878,{"date":370,"score":194,"percentile":371},"2026-01-02",0.16866,{"date":373,"score":194,"percentile":374},"2026-01-03",0.16848,{"date":376,"score":194,"percentile":377},"2026-01-04",0.16753,{"date":379,"score":194,"percentile":380},"2026-01-05",0.16714,{"date":382,"score":194,"percentile":383},"2026-01-06",0.16729,{"date":385,"score":194,"percentile":347},"2026-01-07",{"date":387,"score":194,"percentile":388},"2026-01-08",0.16825,{"date":390,"score":194,"percentile":391},"2026-01-09",0.16832,{"date":393,"score":194,"percentile":394},"2026-01-10",0.16849,{"date":396,"score":194,"percentile":397},"2026-01-11",0.16815,{"date":399,"score":194,"percentile":400},"2026-01-12",0.16776,{"date":402,"score":194,"percentile":403},"2026-01-13",0.16759,{"date":405,"score":194,"percentile":406},"2026-01-14",0.16817,{"date":408,"score":194,"percentile":406},"2026-01-15",{"date":410,"score":194,"percentile":411},"2026-01-16",0.16862,{"date":413,"score":194,"percentile":414},"2026-01-17",0.1687,{"date":416,"score":194,"percentile":417},"2026-01-18",0.16812,{"date":419,"score":194,"percentile":420},"2026-01-19",0.16764,{"date":422,"score":194,"percentile":423},"2026-01-20",0.16735,{"date":425,"score":194,"percentile":380},"2026-01-21",{"date":427,"score":194,"percentile":428},"2026-01-22",0.16651,{"date":430,"score":194,"percentile":383},"2026-01-23",{"date":432,"score":194,"percentile":433},"2026-01-24",0.16755,{"date":435,"score":194,"percentile":436},"2026-01-25",0.16686,{"date":438,"score":194,"percentile":439},"2026-01-26",0.16584,{"date":441,"score":194,"percentile":442},"2026-01-27",0.16574,{"date":444,"score":194,"percentile":439},"2026-01-28",{"date":446,"score":194,"percentile":447},"2026-01-29",0.16556,{"date":449,"score":194,"percentile":450},"2026-01-30",0.16565,{"date":452,"score":194,"percentile":453},"2026-01-31",0.1658,{"date":455,"score":194,"percentile":456},"2026-02-01",0.166,[458,463],{"source":107,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":459,"cvss_v4_0":9},{"baseScore":105,"baseSeverity":460,"vectorString":108,"impactScore":461,"exploitabilityScore":462},"MEDIUM",6,4.6,{"source":114,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":464,"cvss_v4_0":465},{"baseScore":105,"baseSeverity":9,"vectorString":108,"impactScore":461,"exploitabilityScore":462},{"baseScore":466,"baseSeverity":9,"vectorString":467,"impactScore":9,"exploitabilityScore":9},6.8,"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",[469,479],{"ecosystem":9,"name":470,"vendor":470,"product":470,"cpe_part":471,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":472},"pygments","a",[473],{"version":474,"is_range":475,"range_type":476,"version_start":9,"version_start_type":9,"version_end":477,"version_end_type":478,"fixed_in":9},"lte2.15.0",true,"cpe","2.15.0","including",{"ecosystem":480,"name":470,"vendor":480,"product":470,"cpe_part":9,"purl_type":481,"purl_namespace":9,"purl_name":470,"source":9,"versions":482},"PyPI","pypi",[483,487],{"version":484,"is_range":475,"range_type":485,"version_start":9,"version_start_type":9,"version_end":477,"version_end_type":486,"fixed_in":9},"lt2_15_0","ecosystem","excluding",{"version":488,"is_range":475,"range_type":485,"version_start":9,"version_start_type":9,"version_end":489,"version_end_type":486,"fixed_in":9},"lt2_15_1","2.15.1"]