Nltk

Nltk

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.16%
  • Veröffentlicht 04.07.2026 00:58:58
  • Zuletzt bearbeitet 08.07.2026 15:01:20

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes (StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser) are vulnerable to untrusted JAR code execution. These classe...

Exploit
  • EPSS 0.51%
  • Veröffentlicht 30.06.2026 01:16:29
  • Zuletzt bearbeitet 30.06.2026 20:10:25

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue #3504. The `_UNSAFE_NO_PROTOCOL_RE` regex in `nltk/data.py` checks for literal `../` sequences but fails to account for percent-encoded traversal se...

Exploit
  • EPSS 0.38%
  • Veröffentlicht 22.06.2026 17:25:05
  • Zuletzt bearbeitet 30.06.2026 03:21:02

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load() in NLTK is vulnerable to path traversal via U...

Exploit
  • EPSS 0.5%
  • Veröffentlicht 20.03.2026 22:47:10
  • Zuletzt bearbeitet 10.07.2026 12:16:40

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the `subdir` and...

Exploit
  • EPSS 0.88%
  • Veröffentlicht 20.03.2026 22:45:40
  • Zuletzt bearbeitet 10.07.2026 12:16:40

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` allows unauthenticated remote s...

Exploit
  • EPSS 0.33%
  • Veröffentlicht 20.03.2026 22:43:39
  • Zuletzt bearbeitet 23.03.2026 19:14:50

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` contains a reflected cross-site...

Exploit
  • EPSS 0.43%
  • Veröffentlicht 09.03.2026 19:19:09
  • Zuletzt bearbeitet 30.06.2026 03:17:03

A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabl...

Exploit
  • EPSS 0.81%
  • Veröffentlicht 05.03.2026 20:48:05
  • Zuletzt bearbeitet 21.04.2026 14:56:46

NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or rep...

Exploit
  • EPSS 0.92%
  • Veröffentlicht 04.03.2026 18:25:30
  • Zuletzt bearbeitet 30.06.2026 03:17:03

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properl...

Exploit
  • EPSS 0.79%
  • Veröffentlicht 18.02.2026 17:45:17
  • Zuletzt bearbeitet 30.06.2026 03:16:43

A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This allows attacke...