diff --git a/pkgs/development/python-modules/Pygments/2_5.nix b/pkgs/development/python-modules/Pygments/2_5.nix
index a0c40550c9a..aa59c370d2e 100644
--- a/pkgs/development/python-modules/Pygments/2_5.nix
+++ b/pkgs/development/python-modules/Pygments/2_5.nix
@@ -1,6 +1,7 @@
 { lib
 , buildPythonPackage
 , fetchPypi
+, fetchpatch
 , docutils
 }:
 
@@ -13,6 +14,15 @@ buildPythonPackage rec {
     sha256 = "98c8aa5a9f778fcd1026a17361ddaf7330d1b7c62ae97c3bb0ae73e0b9b6b0fe";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2021-27291.patch";
+      url = "https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14.patch";
+      sha256 = "0ap7jgkmvkkzijabsgnfrwl376cjsxa4jmzvqysrkwpjq3q4rxpa";
+      excludes = ["CHANGES"];
+    })
+  ];
+
   propagatedBuildInputs = [ docutils ];
 
   # Circular dependency with sphinx