nltk

vulnerable: 2.0.1rc2-git ... 3.4.4 (45 versions)

NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.

vulnerable: 0.8 ... 3.6.3 (52 versions)

nltk is vulnerable to Inefficient Regular Expression Complexity

vulnerable: 0.8 ... 3.6.5 (54 versions)

nltk is vulnerable to Inefficient Regular Expression Complexity

vulnerable: 0.8 ... 3.6.4 (53 versions)

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of s…

vulnerable: 0.8 ... 3.9b1 (60 versions)

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.

vulnerable: 0.8 ... 3.9b1 (63 versions)

A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitiza…

vulnerable: 0.8 ... 3.9b1 (63 versions)

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail…

vulnerable: 0.8 ... 3.9b1 (63 versions)

NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can su…