The following pattern is inefficient, it may lead to a Regular expression Denial of Service vulnerability:
r'\{%-?\s*macro \w+\(.*\)\s*-?%\}\s+.*\s+\{%-?\s*endmacro\s*-?%\}'
https://github.com/pygments/pygments/blob/master/pygments/lexers/templates.py#L2295

This was originally reported privately on the security channel, but was asked to open an issue here