36 matches found
CVE-2026-33230 nltk Vulnerable to Cross-site Scripting
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp contains a reflected cross-site scripting issue in the lookup... route. A crafted...
01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +939 more potentially affected by CVE-2026-33236 via nltk (>=2.0.4 <=3.9.3)
nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2026-33236 Source advisory: SNYK:PYTHON-NLTK-15692505...
01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +939 more potentially affected by CVE-2026-33231 via nltk (>=2.0.4 <=3.9.3)
nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2026-33231 Source advisory: OSV:GHSA-JM6W-M3J8-898G...
01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +939 more potentially affected by CVE-2026-33231 via nltk (>=2.0.4 <=3.9.3)
nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2026-33231 Source advisory: SNYK:PYTHON-NLTK-15692504...
01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +939 more potentially affected by unknown CVE via nltk (>=2.0.4 <=3.9.3)
nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-RF74-V2FM-23PW...
01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +939 more potentially affected by unknown CVE via nltk (>=2.0.4 <=3.9.3)
nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-NLTK-15692479...
annotald (>=1.3.1 <=1.3.8), caterpillar (>=1.0.0.dev4 <=1.0.0.dev17) potentially affected by CVE-2026-0846 via nltk (>=2.0.4 <=2.0.5)
nltk PYPI version =2.0.4, =1.3.1, =1.0.0.dev4, =1.0.0.dev17 Source cves: CVE-2026-0846 Source advisory: OSV:PYSEC-2026-97...
01os (>=0.0.1 <=0.0.14), 3m (>=0.1.0 <=0.1.3) +6534 more potentially affected by CVE-2026-0846 via nltk (>=3.0.0 <=3.9.4)
nltk PYPI version =3.0.0, =0.0.1, =0.1.0, =0.1.0, =0.0.0, =0.10.11, =0.3.7, =0.1.0, =0.1.1, =1.2.0, =0.0.1, =0.0.0.1, =0.0.0.314, =0.0.0.1, =0.0.0.55 and more Source cves: CVE-2026-0846 Source advisory: OSV:PYSEC-2026-97...
01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +935 more potentially affected by CVE-2026-0846 via nltk (>=2.0.4 <=3.9.2)
nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2026-0846 Source advisory: OSV:PYSEC-2026-97...
01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +933 more potentially affected by CVE-2026-0846 via nltk (>=3.0.0 <=3.9.2)
nltk PYPI version =3.0.0, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2026-0846 Source advisory: SNYK:PYTHON-NLTK-15460783...
01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +935 more potentially affected by CVE-2026-0848 via nltk (>=2.0.4 <=3.9.2)
nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2026-0848 Source advisory: OSV:PYSEC-2026-99...
01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +933 more potentially affected by CVE-2026-0848 via nltk (>=3.0.0 <=3.9.2)
nltk PYPI version =3.0.0, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2026-0848 Source advisory: SNYK:PYTHON-NLTK-15763329...
Unsafe Dependency Resolution
Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Unsafe Dependency Resolution due to lack of verification or sandboxing in the StanfordSegmenter module, when unvalidated Java Archive JAR files...
01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +935 more potentially affected by CVE-2026-0847 via nltk (>=2.0.4 <=3.9.2)
nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2026-0847 Source advisory: OSV:PYSEC-2026-98...
CVE-2026-0847
NLTK up to 3.9.2 contains a path traversal vulnerability in CorpusReader classes (WordListCorpusReader, TaggedCorpusReader, BracketParseCorpusReader) that can lead to arbitrary file reads on the server. Root cause is improper sanitization/validation of file paths, enabling access to sensitive fil...
01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +933 more potentially affected by CVE-2026-0847 via nltk (>=3.0.0 <=3.9.2)
nltk PYPI version =3.0.0, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2026-0847 Source advisory: SNYK:PYTHON-NLTK-15460762...
01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +935 more potentially affected by CVE-2025-14009 via nltk (>=2.0.4 <=3.9.2)
nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2025-14009 Source advisory: OSV:PYSEC-2026-96...
01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +933 more potentially affected by CVE-2025-14009 via nltk (>=3.0.0 <=3.9.2)
nltk PYPI version =3.0.0, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2025-14009 Source advisory: SNYK:PYTHON-NLTK-15317401...
EUVD-2021-0147
Malware in sbrugna...
EUVD-2022-0162
Malicious code in bioql PyPI...