rpm package
opensuse/python-nltk&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/python-nltk&distro=openSUSE%20Tumbleweed
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-33230 | — | < 3.9.4-1.1 | 3.9.4-1.1 | Mar 20, 2026 | NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` contains a reflected cross-site scripting issue in the `looku | ||
| CVE-2026-0847 | Hig | 7.5 | < 3.9.3-1.1 | 3.9.3-1.1 | Mar 4, 2026 | A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file pa | |
| CVE-2025-14009 | — | < 3.9.1-3.1 | 3.9.1-3.1 | Feb 18, 2026 | A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This allows attackers to craft malicious zip pack | ||
| CVE-2024-39705 | Cri | 9.8 | < 3.8.1-2.1 | 3.8.1-2.1 | Jun 27, 2024 | NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt. | |
| CVE-2021-3828 | — | < 3.7-1.1 | 3.7-1.1 | Sep 27, 2021 | nltk is vulnerable to Inefficient Regular Expression Complexity | ||
| CVE-2019-14751 | — | < 3.5-1.10 | 3.5-1.10 | Aug 22, 2019 | NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction. |
- CVE-2026-33230Mar 20, 2026affected < 3.9.4-1.1fixed 3.9.4-1.1
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` contains a reflected cross-site scripting issue in the `looku
- affected < 3.9.3-1.1fixed 3.9.3-1.1
A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file pa
- CVE-2025-14009Feb 18, 2026affected < 3.9.1-3.1fixed 3.9.1-3.1
A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This allows attackers to craft malicious zip pack
- affected < 3.8.1-2.1fixed 3.8.1-2.1
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.
- CVE-2021-3828Sep 27, 2021affected < 3.7-1.1fixed 3.7-1.1
nltk is vulnerable to Inefficient Regular Expression Complexity
- CVE-2019-14751Aug 22, 2019affected < 3.5-1.10fixed 3.5-1.10
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.