Apache-2.0
All Versions
Vulnerabilities (Public)
Known vulnerabilities and security issues detected in the extension's dependencies and code.
| Vulnerability ID | Advisory | Affected Versions | |||
|---|---|---|---|---|---|
| CVE-2025-14009 | NLTK has a Zip Slip Vulnerability | Critical | – | – | <= 3.9.2 |
| CVE-2024-39705 | Affected versions of NLTK are vulnerable to Remote Code Execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for exam… | Critical | – | – | >=0.9,<3.9 |
| CVE-2026-33236 | Affected versions of the nltk package are vulnerable to Arbitrary File Overwrite due to improper validation of path components from remote XML index files. The vulnerability exists in nltk/downloader.… | High | – | – | <=3.9.2 |
| CVE-2026-33231 | Affected versions of the nltk package are vulnerable to Denial of Service (DoS) due to missing authentication on a shutdown function in the WordNet Browser HTTP server. In nltk.app.wordnet_app, HTTPSe… | High | – | – | <=3.9.3 |
| CVE-2026-0846 | NLTK has Arbitrary File Read via Absolute Path Input in nltk.util.filestring() | High | – | – | < 3.9.3 |
| CVE-2026-0847 | NLTK has a Path Traversal issue | High | – | – | <= 3.9.2 |
| CVE-2021-3842 | Nltk before 3.6.6 is vulnerable to Inefficient Regular Expression Complexity. | High | – | – | >=0,<3.6.6 |
| CVE-2021-43854 | Nltk 3.6.5 includes a fix for CVE-2021-43854: Versions prior to 3.6.5 are vulnerable to regular expression denial of service (ReDoS) attacks. The vulnerability is present in PunktSentenceTokenizer, se… | High | – | – | <3.6.5 |
| CVE-2026-33230 | Affected versions of the nltk package are vulnerable to Cross-site Scripting (XSS) due to improper output encoding of user-controlled input. In nltk.app.wordnet_app, requests to the lookup_... route a… | Medium | – | – | <=3.9.3 |
| SFTY-20260318-30374 | Natural Language Toolkit (NLTK) has unbounded recursion in JSONTaggedDecoder.decode_obj() may cause DoS | Unknown | – | – | <= 3.9.3 |
Page 1
Safety Discovered Vulnerabilities
Additional security issues found by Safety, exclusive to our platform.