VYPR

apk package

chainguard/py3.11-nltk

pkg:apk/chainguard/py3.11-nltk

Vulnerabilities (5)

  • CVE-2026-33236Mar 20, 2026
    affected < 3.9.4-r0fixed 3.9.4-r0

    NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the `subdir` and `id` attributes when processi

  • CVE-2026-33231Mar 20, 2026
    affected < 3.9.4-r0fixed 3.9.4-r0

    NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` allows unauthenticated remote shutdown of the local WordNet B

  • CVE-2026-33230Mar 20, 2026
    affected < 3.9.4-r0fixed 3.9.4-r0

    NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` contains a reflected cross-site scripting issue in the `looku

  • CVE-2025-14009Feb 18, 2026
    affected < 3.9.3-r0fixed 3.9.3-r0

    A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This allows attackers to craft malicious zip pack

  • CVE-2024-39705CriJun 27, 2024
    affected < 3.8.2-r0fixed 3.8.2-r0

    NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.