Debian Nltk vulnerabilities

CVE-2026-0848 [CRITICAL] CVE-2026-0848: nltk - NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper... NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of arbitrary Java bytecode at import time. This vulnerability can be exploite

CVE-2026-33231 [HIGH] CVE-2026-33231: nltk - NLTK (Natural Language Toolkit) is a suite of open source Python modules, data s... NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when it is started in its default mode. A simple `GET /SHUTDOWN%20THE%20

CVE-2026-33236 [HIGH] CVE-2026-33236: nltk - NLTK (Natural Language Toolkit) is a suite of open source Python modules, data s... NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the `subdir` and `id` attributes when processing remote XML index files. Attackers can control a remote XML index server to provide malic

CVE-2026-0846 [HIGH] CVE-2026-0846: nltk - A vulnerability in the `filestring()` function of the `nltk.util` module in nltk... A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by providing absolute paths or traversal paths. This vulnerability can be ex

CVE-2026-0847 [HIGH] CVE-2026-0847: nltk - A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file... A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling attackers to traverse directories and access sensitive files on the server. Thi

CVE-2026-33230 [MEDIUM] CVE-2026-33230: nltk - NLTK (Natural Language Toolkit) is a suite of open source Python modules, data s... NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` contains a reflected cross-site scripting issue in the `lookup_...` route. A crafted `lookup_` URL can inject arbitrary HTML/JavaScript into the respo

CVE-2025-14009 [CRITICAL] CVE-2025-14009: nltk - A critical vulnerability exists in the NLTK downloader component of nltk/nltk, a... A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when downloaded and extracted by NLTK, can execute arbitrary code. The vulne

CVE-2024-39705 [CRITICAL] CVE-2024-39705: nltk - NLTK through 3.8.1 allows remote code execution if untrusted packages have pickl... NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 3.9.1-1) sid: resolved (fixed in 3.9.1-1) trixie: resolved (fixed in 3.9.

CVE-2021-3828 [HIGH] CVE-2021-3828: nltk - nltk is vulnerable to Inefficient Regular Expression Complexity nltk is vulnerable to Inefficient Regular Expression Complexity Scope: local bookworm: resolved (fixed in 3.6.5-1) bullseye: open forky: resolved (fixed in 3.6.5-1) sid: resolved (fixed in 3.6.5-1) trixie: resolved (fixed in 3.6.5-1)

CVE-2021-43854 [HIGH] CVE-2021-43854: nltk - NLTK (Natural Language Toolkit) is a suite of open source Python modules, data s... NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service (ReDoS) attacks. The vulnerability is present in PunktSentenceTokenizer, sent_tokenize and word_tokenize. Any users of this c

CVE-2021-3842 [HIGH] CVE-2021-3842: nltk - nltk is vulnerable to Inefficient Regular Expression Complexity nltk is vulnerable to Inefficient Regular Expression Complexity Scope: local bookworm: resolved (fixed in 3.6.7-1) bullseye: open forky: resolved (fixed in 3.6.7-1) sid: resolved (fixed in 3.6.7-1) trixie: resolved (fixed in 3.6.7-1)

CVE-2019-14751 [HIGH] CVE-2019-14751: nltk - NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing at... NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction. Scope: local bookworm: resolved (fixed in 3.4.5-1) bullseye: resolved (fixed in 3.4.5-1) forky: resolved (fixed in 3.4.5-1) sid: resolved (fixed in 3.4.5-1) trix