nltk has 3 known vulnerabilities on the latest version (3.9.4). DepScope rates its health at 65/100 (moderate risk).

What is the latest version of nltk?

The latest version of nltk is 3.9.4, released 2026-03-24.

Does nltk have known vulnerabilities?

Yes. nltk has 3 known vulnerabilities. See depscope.dev/pkg/conda/nltk for details.

No, nltk is actively maintained. Latest release: 3.9.4 (2026-03-24).

What are alternatives to nltk?

DepScope has no curated alternatives for nltk at this time.

What license does nltk use?

nltk is licensed under Apache-2.0.

nltk

condav3.9.4

Natural Language Toolkit

License Apache-2.0permissive22 versions1 maintainers0 deps14,399 weekly dl

nltk/nltk

/ 100

Health

update required

[email protected] has vulnerabilities — update to latest

2 high severity vulnerabilities

Health breakdown0 – 100

20/25

maintenance

10/20

popularity

13/25

security

12/15

maturity

10/15

community

Vulnerabilities

2 high1 medium

Advisories (3)

Severity	ID	Summary	Fixed in
high	CVE-2026-33236	NLTK has a Downloader Path Traversal Vulnerability (AFO) - Arbitrary File Overwrite	—
high	CVE-2026-33231	Unauthenticated remote shutdown in nltk.app.wordnet_app	—
medium	GHSA-rf74-v2fm-23pw	Natural Language Toolkit (NLTK) has unbounded recursion in JSONTaggedDecoder.decode_obj() may cause DoS	—

OSS Scorecard

OpenSSF security posture score

5.1/10

moderate

Maintainer trust

Active maintainers (3m)

4

Contributors (12m)

4

Primary author dominance

59%

GitHub stars

14,595

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/conda/nltk

First published · 2021-03-23 13:25:58.880000+00:00

Last updated · 2026-03-24 08:28:25.393000+00:00