PyPI: nltk

CVE-2021-3842

Safety vulnerability ID: SFTY-20220104-12451

Safety legacy ID: pyup.io-54703

Nltk before 3.6.6 is vulnerable to Inefficient Regular Expression Complexity.

PyPI

NVD

GHSA

Created at: Nov 5, 2025Updated at: Nov 5, 2025

Overview

NLTK Vulnerable to REDoS

Advisory

Nltk before 3.6.6 is vulnerable to Inefficient Regular Expression Complexity.

Affected Package

Affecting nltk package, versions

>=0,<3.6.6

Also affects

---

How to Fix

Upgrade

nltk

3.6.6

or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

https://getsafety.com/vulnerabilities/SFTY-20220104-12451/CVE-2021-3842
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3842
https://github.com/advisories/GHSA-rqjh-jp2r-59cj
https://github.com/nltk/nltk
https://github.com/nltk/nltk/commit/2a50a3edc9d35f57ae42a921c621edc160877f4d
https://huntr.dev/bounties/761a761e-2be2-430a-8d92-6f74ffe9866a
https://nvd.nist.gov/vuln/detail/CVE-2021-3842
https://nvd.nist.gov/vuln/detail/CVE-2021-3842
https://github.com/nltk/nltk/commit/2a50a3edc9d35f57ae42a921c621edc160877f4d
https://huntr.dev/bounties/761a761e-2be2-430a-8d92-6f74ffe9866a
https://github.com/nltk/nltk/pull/2906
https://github.com/pypa/advisory-database/tree/main/vulns/nltk/PYSEC-2022-5.yaml
https://github.com/advisories/GHSA-rqjh-jp2r-59cj

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more