DEBIAN-CVE-2025-14009

A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when...

PYSEC-2026-96

A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when...

EUVD-2023-2920

Malicious code in bioql PyPI...

CVE-2024-12389

A path traversal vulnerability exists in binary-husky/gptacademic version git 310122f. The application supports the extraction of user-provided 7z files without proper validation. The Python py7zr package used for extraction does not guarantee that files will remain within the intended extraction...

PT-2026-20477

Name of the Vulnerable Software and Affected Versions nltk/nltk affected versions not specified Description A critical issue exists in the NLTK downloader component. The unzip iter function within nltk/downloader.py utilizes zipfile.extractall without validating file paths or implementing securit...

Apache Ivy 路径遍历漏洞

Apache Ivy is a deliverable package manager from the Apache USA Foundation. A security vulnerability exists in Apache Ivy versions prior to 2.5.1 that stems from not validating the destination path when extracting archive files...

WordPress plugin Import any XML or CSV File 代码问题漏洞

WordPress is a blogging platform developed using the PHP language. WordPress Import any XML or CSV File plugin versions prior to 3.6.8 are vulnerable to arbitrary file uploads, which originate from accepting all zip files and automatically extracting the zip file without validating the extracted...