Browse all 4 CVE security advisories affecting stanfordnlp. AI-powered Chinese analysis, POCs, and references for each vulnerability.
StanfordNLP is a natural language processing library primarily used for linguistic analysis and machine learning tasks. Historically, it has been associated with vulnerabilities like remote code execution and cross-site scripting, often stemming from insecure input handling in parsing functions. While no major public security incidents have been documented, the four CVEs on record highlight risks in deserialization and command injection flaws. The library's academic nature means security updates may lag behind commercial alternatives, requiring careful input validation and sandboxing in production environments. Users should monitor for patches, especially when processing untrusted text data.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-0239 | Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp — stanfordnlp/corenlpCWE-611 | 8.4 | - | 2022-01-17 |
| CVE-2022-0198 | Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp — stanfordnlp/corenlpCWE-611 | 8.4 | - | 2022-01-13 |
| CVE-2021-3869 | Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp — stanfordnlp/corenlpCWE-611 | 8.4 | - | 2021-10-19 |
| CVE-2021-3878 | Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp — stanfordnlp/corenlpCWE-611 | 8.4 | - | 2021-10-15 |
This page lists every published CVE security advisory associated with stanfordnlp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.