Nltk
by Nltk
Source repositories
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-0848 | Cri | 0.65 | 10.0 | 0.01 | Mar 5, 2026 | NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling… | ||
| CVE-2024-39705 | Cri | 0.57 | 9.8 | 0.01 | Jun 27, 2024 | NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt. | ||
| CVE-2026-12243 | imp | 0.49 | 7.5 | — | Jun 30, 2026 | nltk: NLTK: Information disclosure via path traversal vulnerability | ||
| CVE-2026-54293 | hig | 0.45 | — | 0.00 | Jun 16, 2026 | ### Summary nltk.data.load() in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments when using the nltk: URL scheme. The unsafe-path regex check is performed before url2pathname() decodes the %xx sequences (a classic decode-after-check /… | ||
| CVE-2026-0846 | Hig | 0.42 | 7.5 | 0.00 | Mar 9, 2026 | A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access… | ||
| CVE-2026-0847 | Hig | 0.42 | 7.5 | 0.01 | Mar 4, 2026 | A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file… | ||
| CVE-2026-12199 | 0.00 | — | 0.00 | Jun 17, 2026 | A vulnerability in `nltk.app.wordnet_app` up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its default mode. The server listens on all interfaces and processes a specific unauthenticated GET request… | |||
| CVE-2026-33236 | 0.00 | — | 0.00 | Mar 20, 2026 | NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the `subdir` and `id` attributes when… | |||
| CVE-2026-33231 | 0.00 | — | 0.01 | Mar 20, 2026 | NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` allows unauthenticated remote shutdown of the local WordNet… | |||
| CVE-2026-33230 | 0.00 | — | 0.00 | Mar 20, 2026 | NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` contains a reflected cross-site scripting issue in the… | |||
| CVE-2025-14009 | 0.00 | — | 0.01 | Feb 18, 2026 | A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This allows attackers to craft malicious zip… | |||
| CVE-2021-3842 | 0.00 | — | 0.01 | Jan 4, 2022 | nltk is vulnerable to Inefficient Regular Expression Complexity | |||
| CVE-2021-43854 | 0.00 | — | 0.03 | Dec 23, 2021 | NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service (ReDoS) attacks. The… | |||
| CVE-2021-3828 | 0.00 | — | 0.02 | Sep 27, 2021 | nltk is vulnerable to Inefficient Regular Expression Complexity |
- risk 0.65cvss 10.0epss 0.01
NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling…
- risk 0.57cvss 9.8epss 0.01
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.
- risk 0.49cvss 7.5epss —
nltk: NLTK: Information disclosure via path traversal vulnerability
- risk 0.45cvss —epss 0.00
### Summary nltk.data.load() in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments when using the nltk: URL scheme. The unsafe-path regex check is performed before url2pathname() decodes the %xx sequences (a classic decode-after-check /…
- risk 0.42cvss 7.5epss 0.00
A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access…
- risk 0.42cvss 7.5epss 0.01
A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file…
- CVE-2026-12199Jun 17, 2026risk 0.00cvss —epss 0.00
A vulnerability in `nltk.app.wordnet_app` up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its default mode. The server listens on all interfaces and processes a specific unauthenticated GET request…
- CVE-2026-33236Mar 20, 2026risk 0.00cvss —epss 0.00
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the `subdir` and `id` attributes when…
- CVE-2026-33231Mar 20, 2026risk 0.00cvss —epss 0.01
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` allows unauthenticated remote shutdown of the local WordNet…
- CVE-2026-33230Mar 20, 2026risk 0.00cvss —epss 0.00
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` contains a reflected cross-site scripting issue in the…
- CVE-2025-14009Feb 18, 2026risk 0.00cvss —epss 0.01
A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This allows attackers to craft malicious zip…
- CVE-2021-3842Jan 4, 2022risk 0.00cvss —epss 0.01
nltk is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-43854Dec 23, 2021risk 0.00cvss —epss 0.03
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service (ReDoS) attacks. The…
- CVE-2021-3828Sep 27, 2021risk 0.00cvss —epss 0.02
nltk is vulnerable to Inefficient Regular Expression Complexity