{"package":"nltk","ecosystem":"conda","latest_version":"3.9.4","description":"Natural Language Toolkit","license":"Apache-2.0","homepage":"http://nltk.org/","repository":"https://github.com/nltk/nltk","downloads_weekly":14404,"health":{"score":70,"risk":"moderate","breakdown":{"maintenance":25,"popularity":10,"security":21,"maturity":12,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":3,"critical":0,"high":0,"medium":2,"low":1,"details":[{"vuln_id":"CVE-2026-33236","severity":"medium","summary":"NLTK has a Downloader Path Traversal Vulnerability (AFO) - Arbitrary File Overwrite","affected_versions":">=0","fixed_version":null,"source":"osv","published_at":"2026-03-19T12:42:42Z","in_kev":false,"epss_prob":0.00043,"epss_percentile":0.1307,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-33231","severity":"medium","summary":"Unauthenticated remote shutdown in nltk.app.wordnet_app","affected_versions":">=0","fixed_version":null,"source":"osv","published_at":"2026-03-19T12:42:20Z","in_kev":false,"epss_prob":0.00053,"epss_percentile":0.16629,"threat_tier":"theoretical"},{"vuln_id":"GHSA-rf74-v2fm-23pw","severity":"unknown","summary":"Natural Language Toolkit (NLTK) has unbounded recursion in JSONTaggedDecoder.decode_obj() may cause DoS","affected_versions":">=0","fixed_version":null,"source":"osv","published_at":"2026-03-18T20:17:43Z","in_kev":false,"threat_tier":"unknown"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"3.9.4","total_count":22,"recent":["3.2.4","3.2.5","3.4.4","3.5","3.6","3.6.1","3.6.2","3.6.3","3.6.4","3.6.5","3.6.6","3.6.7","3.7","3.8","3.8.1","3.8.2","3.9.1","3.9.2","3.9.3","3.9.4"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":"2021-03-23 13:25:58.880000+00:00","last_published":"2026-03-24 08:28:25.393000+00:00","dependencies_count":0,"dependencies":[]},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"recommendation":{"action":"safe_to_use","issues":[],"use_version":"3.9.4","version_hint":null,"summary":"nltk@3.9.4 is safe to use (health: 70/100)"},"requested_version":null,"_cache":"miss","_response_ms":785,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":4,"active_contributors_12m":4,"primary_author_ratio":0.59,"owner_account_age_days":6068,"is_archived":false,"stars":14595,"alerts":[]},"malicious":{"is_malicious":false},"scorecard":{"available":true,"score":5.1,"tier":"moderate"},"quality":{"available":false}}