nltk has 3 known vulnerabilities on the latest version (3.9.4). DepScope rates its health at 50/100 (high risk).

What is the latest version of nltk?

The latest version of nltk is 3.9.4, released 2026-03-24.

Does nltk have known vulnerabilities?

Yes. nltk has 3 known vulnerabilities. See depscope.dev/pkg/pypi/nltk for details.

No, nltk is actively maintained. Latest release: 3.9.4 (2026-03-24).

Popular alternatives to nltk in PyPI include: boto3, packaging, urllib3, idna, typing_extensions.

nltk is licensed under Apache License, Version 2.0.

pypiv3.9.4

Natural Language Toolkit

License Apache License, Version 2.064 versions1 maintainers20 deps

/ 100

Health

update required

[email protected] has vulnerabilities — update to latest

Health breakdown0 – 100

20/25

maintenance

0/20

popularity

13/25

security

15/15

maturity

2/15

community

Vulnerabilities

2 high1 medium

Advisories (3)

Severity	ID	Summary	Fixed in
high	CVE-2026-33236	NLTK has a Downloader Path Traversal Vulnerability (AFO) - Arbitrary File Overwrite	—
high	CVE-2026-33231	Unauthenticated remote shutdown in nltk.app.wordnet_app	—
medium	GHSA-rf74-v2fm-23pw	Natural Language Toolkit (NLTK) has unbounded recursion in JSONTaggedDecoder.decode_obj() may cause DoS	—

Quality signals

OSS Criticality

0.47medium

Dependencies (20)

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/pypi/nltk