Search for packages
| purl | pkg:pypi/nltk@3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1n1s-amsg-83aa
Aliases: CVE-2024-39705 GHSA-cgvx-9447-vcch PYSEC-2024-167 |
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt. |
Affected by 7 other vulnerabilities. |
|
VCID-48uj-cw5e-mucw
Aliases: CVE-2021-3828 GHSA-2ww3-fxvq-293j PYSEC-2021-356 |
nltk is vulnerable to Inefficient Regular Expression Complexity |
Affected by 10 other vulnerabilities. |
|
VCID-5skj-ygwz-73e6
Aliases: CVE-2026-33231 GHSA-jm6w-m3j8-898g |
nltk: NLTK: Denial of Service via unauthenticated remote shutdown |
Affected by 0 other vulnerabilities. |
|
VCID-924g-fe71-9uhp
Aliases: CVE-2026-33236 GHSA-469j-vmhf-r6v7 |
nltk: NLTK: Arbitrary file overwrite and creation via path traversal in XML index files |
Affected by 3 other vulnerabilities. |
|
VCID-94me-p193-vfb8
Aliases: CVE-2025-14009 GHSA-7p94-766c-hgjp PYSEC-2026-96 |
A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when downloaded and extracted by NLTK, can execute arbitrary code. The vulnerability arises because NLTK assumes all downloaded packages are trusted and extracts them without validation. If a malicious package contains Python files, such as __init__.py, these files are executed automatically upon import, leading to remote code execution. This issue can result in full system compromise, including file system access, network access, and potential persistence mechanisms. |
Affected by 3 other vulnerabilities. |
|
VCID-ajve-q4uj-qffv
Aliases: CVE-2021-3842 GHSA-rqjh-jp2r-59cj PYSEC-2022-5 |
nltk is vulnerable to Inefficient Regular Expression Complexity |
Affected by 8 other vulnerabilities. |
|
VCID-c8bp-rz92-53g8
Aliases: GHSA-rf74-v2fm-23pw |
Natural Language Toolkit (NLTK) has unbounded recursion in JSONTaggedDecoder.decode_obj() may cause DoS ### Summary `JSONTaggedDecoder.decode_obj()` in `nltk/jsontags.py` calls itself recursively without any depth limit. A deeply nested JSON structure exceeding `sys.getrecursionlimit()` (default: 1000) will raise an unhandled `RecursionError`, crashing the Python process. ### Affected code File: `nltk/jsontags.py`, lines 47–52 ```python @classmethod def decode_obj(cls, obj): if isinstance(obj, dict): obj = {key: cls.decode_obj(val) for (key, val) in obj.items()} elif isinstance(obj, list): obj = list(cls.decode_obj(val) for val in obj) ``` ### Proof of Concept ```python import sys, json from nltk.jsontags import JSONTaggedDecoder depth = sys.getrecursionlimit() + 50 # e.g. 1050 payload = '{"x":' * depth + "null" + "}" * depth # Raises RecursionError, crashing the process json.loads(payload, cls=JSONTaggedDecoder) ``` ### Impact Any code path that passes externally-supplied JSON to `JSONTaggedDecoder` is vulnerable to denial of service. The severity depends on whether such a path exists in the calling code (e.g. `nltk/data.py`). ### Suggested Fix Add a depth parameter with a hard limit: ```python @classmethod def decode_obj(cls, obj, _depth=0): if _depth > 100: raise ValueError("JSON nesting too deep") if isinstance(obj, dict): obj = {key: cls.decode_obj(val, _depth + 1) for (key, val) in obj.items()} elif isinstance(obj, list): obj = list(cls.decode_obj(val, _depth + 1) for val in obj) ``` | There are no reported fixed by versions. |
|
VCID-esfz-42mm-x3ad
Aliases: CVE-2019-14751 GHSA-mr7p-25v2-35wr PYSEC-2019-106 |
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction. |
Affected by 11 other vulnerabilities. |
|
VCID-g2jr-e9d2-qqgz
Aliases: CVE-2026-33230 GHSA-gfwx-w7gr-fvh7 |
nltk: NLTK: Script execution via reflected cross-site scripting in WordNet Browser |
Affected by 0 other vulnerabilities. |
|
VCID-muw6-dqdh-u3fb
Aliases: CVE-2021-43854 GHSA-f8m6-h2c7-8h9x PYSEC-2021-859 |
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service (ReDoS) attacks. The vulnerability is present in PunktSentenceTokenizer, sent_tokenize and word_tokenize. Any users of this class, or these two functions, are vulnerable to the ReDoS attack. In short, a specifically crafted long input to any of these vulnerable functions will cause them to take a significant amount of execution time. If your program relies on any of the vulnerable functions for tokenizing unpredictable user input, then we would strongly recommend upgrading to a version of NLTK without the vulnerability. For users unable to upgrade the execution time can be bounded by limiting the maximum length of an input to any of the vulnerable functions. Our recommendation is to implement such a limit. |
Affected by 10 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-rkj9-d4q7-aqhv
Aliases: CVE-2026-0846 GHSA-h8wq-7xc4-p3qx PYSEC-2026-97 |
A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by providing absolute paths or traversal paths. This vulnerability can be exploited locally or remotely, particularly in scenarios where the function is used in web APIs or other interfaces that accept user-supplied input. |
Affected by 3 other vulnerabilities. |
|
VCID-un8t-2sde-ekc3
Aliases: CVE-2026-0847 GHSA-68j8-pq59-fqgm PYSEC-2026-98 |
A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling attackers to traverse directories and access sensitive files on the server. This issue is particularly critical in scenarios where user-controlled file inputs are processed, such as in machine learning APIs, chatbots, or NLP pipelines. Exploitation of this vulnerability can lead to unauthorized access to sensitive files, including system files, SSH private keys, and API tokens, and may potentially escalate to remote code execution when combined with other vulnerabilities. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||