nltk
PyPI13 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting nltkpage 1 of 1
- CVE-2019-14751HIGHCVSS 7.5EG 7.5✓ Fixed in 3.4.52019-08-22
vulnerable: 2.0.1rc2-git ... 3.4.4 (45 versions)
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.
- CVE-2021-3828HIGHCVSS 7.5EG 7.5✓ Fixed in 3.6.42021-09-27
vulnerable: 0.8 ... 3.6.3 (52 versions)
nltk is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-3842HIGHCVSS 7.5EG 7.5✓ Fixed in 3.6.62022-01-04
vulnerable: 0.8 ... 3.6.5 (54 versions)
nltk is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-43854HIGHCVSS 7.5EG 7.5✓ Fixed in 3.6.52021-12-23
vulnerable: 0.8 ... 3.6.4 (53 versions)
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of s…
- CVE-2024-39705CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.92024-06-27
vulnerable: 0.8 ... 3.9b1 (60 versions)
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.
- CVE-2025-14009HIGHCVSS 8.8EG 10.0✓ Fixed in 3.9.32026-02-18
vulnerable: 0.8 ... 3.9b1 (63 versions)
A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This all…
- CVE-2026-0846HIGHCVSS 7.5EG 7.52026-03-09
vulnerable: 0.8 ... 3.9b1 (63 versions)
A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitiza…
- CVE-2026-0847HIGHCVSS 7.5EG 8.6✓ Fixed in 3.9.32026-03-04
vulnerable: 0.8 ... 3.9b1 (63 versions)
A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail…
- CVE-2026-0848CRITICALCVSS 10.0EG 10.0✓ Fixed in 3.9.32026-03-05
vulnerable: 0.8 ... 3.9b1 (63 versions)
NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can su…
- CVE-2026-12243HIGHCVSS 7.5EG 7.52026-06-30
vulnerable: 0.8 ... 3.9b1 (65 versions)
NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue #3504. The `_UNSAFE_NO_PROTOCOL_RE` regex in `nltk/data.py` checks for literal `../` sequences but fails to account for percent-encoded t…
- CVE-2026-33231HIGHCVSS 7.5EG 7.5✓ Fixed in 3.9.42026-03-20
vulnerable: 0.8 ... 3.9b1 (64 versions)
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` allows unauthenticat…
- CVE-2026-33236HIGHCVSS 8.1EG 8.12026-03-20
vulnerable: 0.8 ... 3.9b1 (63 versions)
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the `…
- CVE-2026-54293HIGHCVSS 7.5EG 7.52026-06-16
vulnerable: 0.8 ... 3.9b1 (65 versions)
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load() in NLTK is vulnerable to path trav…
Check whether nltk is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for nltk CVEs against the assets you own.
Start Free Scan →