164 matches found
CVE-2026-12243 vulnerabilities
Vulnerabilities for packages: py3-nltk...
GHSA-P4GQ-832X-FM9V vulnerabilities
Vulnerabilities for packages: py3-nltk...
CVE-2026-54293 vulnerabilities
Vulnerabilities for packages: py3-nltk, apache-beam-python-3.11-sdk, apache-beam-python-3.13-sdk, apache-beam-python-3.12-sdk...
CVE-2026-12252
A flaw was found in the nltk library. Several Stanford interface classes within nltk are susceptible to arbitrary code execution. This vulnerability allows a local attacker to execute malicious code by providing an untrusted Java Archive JAR file, as the system lacks integrity verification for...
DEBIAN-CVE-2026-12252
In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...
UBUNTU-CVE-2026-12252
In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...
EUVD-2026-41656
In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...
CVE-2026-12252
In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...
CVE-2026-12243
NLTK 3.9.4 is documented to be vulnerable to a path traversal attack due to an incomplete fix (GitHub Issue #3504). The root cause is that the _UNSAFE_NO_PROTOCOL_RE regex in nltk/data.py only checks for literal ../ sequences and does not account for percent-encoded traversal such as ..%2f. Even ...
CVE-2026-12243 Path Traversal via Percent-Encoding in nltk.data.find() and nltk.data.load()
NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...
CVE-2026-54293
A flaw was found in NLTK Natural Language Toolkit. The nltk.data.load function is vulnerable to path traversal when processing specially crafted nltk: URLs. An attacker can exploit a decode-after-check flaw, where URL-encoded path separators and traversal segments bypass security checks. This...
CVE-2026-54293
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...
UBUNTU-CVE-2026-54293
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...
CVE-2026-54293
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...
EUVD-2026-38333
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...
CVE-2026-54293
CVE-2026-54293 affects NLTK’s nltk.data.load() in Python. A TOCTOU-style flaw lets an attacker bypass the unsafe-path regex (UNSAFE_NO_PROTOCOL_RE) by using URL-encoded path separators (e.g., %2f, %2e%2e) and then decoding, enabling arbitrary local file reads prior to the fix. Affected until vers...
CVE-2026-54293 NLTK: URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...
OPENSUSE-SU-2026:11098-1 python311-nltk-3.10.0rc1-1.1 on GA media
These are all security issues fixed in the python311-nltk-3.10.0rc1-1.1 package on the GA media of openSUSE Tumbleweed...
Security Bulletin: Multiple Vulnerabilities in NLTK bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage include the Natural Language Toolkit NLTK library, which is susceptible to several critical security vulnerabilities. These flaws could allow a remote attacker to execute arbitrary code, perform arbitrary file reads via path...
GHSA-P4GQ-832X-FM9V Natural Language Toolkit (NLTK): URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read
Summary nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments when using the nltk: URL scheme. The unsafe-path regex check is performed before url2pathname decodes the %xx sequences a classic decode-after-check / TOCTOU-style flaw, allowing ...