Fix: replace nltk with spacy CVE 2025 14009 (#4255)

Co-authored-by: Lawrence Elitzer <[email protected]>
Co-authored-by: Claude Opus 4.6 <[email protected]>
Co-authored-by: ryannikolaidis <[email protected]>
Co-authored-by: badGarnet <[email protected]>

Author: 4 people

.github/actions/base-cache/action.yml

@@ -1,4 +1,3 @@
-
 name: 'Base Cache Build'
 description: 'Set up uv and install project dependencies'
 inputs:
@@ -20,4 +19,3 @@ runs:
       shell: bash
       run: |
         uv sync --locked --all-extras --all-groups
-        make install-nltk-models

.github/workflows/ci.yml

@@ -12,9 +12,6 @@ permissions:
   id-token: write
   contents: read
 
-env:
-  NLTK_DATA: ${{ github.workspace }}/nltk_data
-
 jobs:
   setup:
     strategy:
@@ -123,7 +120,6 @@ jobs:
         UNS_API_KEY: ${{ secrets.UNS_API_KEY }}
       run: |
         uv sync --locked --group test
-        make install-nltk-models
         make test-no-extras CI=true
 
   test_unit_dependency_extras:
@@ -163,7 +159,6 @@ jobs:
     - name: Install extra dependencies
       run: |
         uv sync --locked ${{ matrix.uv-extras }} --group test
-        make install-nltk-models
     - name: Install system dependencies
       run: |
         sudo apt-get update

.github/workflows/codeflash.yml

@@ -16,8 +16,6 @@ jobs:
     name: Optimize new Python code
     if: ${{ github.actor != 'codeflash-ai[bot]' }}
     runs-on: ubuntu-latest
-    env:
-      NLTK_DATA: ${{ github.workspace }}/nltk_data
     steps:
       - uses: actions/checkout@v4
         with:

.github/workflows/ingest-test-fixtures-update-pr.yml

@@ -5,7 +5,6 @@ on:
 
 env:
   PYTHON_VERSION: "3.12"
-  NLTK_DATA: ${{ github.workspace }}/nltk_data
 
 permissions:
   id-token: write

.gitignore

@@ -24,7 +24,6 @@ wheels/
 pip-wheel-metadata/
 share/python-wheels/
 *.egg-info/
-nltk_data/
 .installed.cfg
 *.egg
 MANIFEST

CHANGELOG.md

@@ -1,3 +1,8 @@
+## 0.21.0
+
+### Fixes
+- **Replace NLTK with spaCy to remediate CVE-2025-14009**: NLTK's downloader uses `zipfile.extractall()` without path validation, enabling RCE via malicious packages (CVSS 10.0, no patch available). spaCy models install as pip packages, eliminating the vulnerable downloader entirely.
+
 ## 0.20.8
 
 ### Fixes

Dockerfile

@@ -68,14 +68,11 @@ RUN ./initialize-libreoffice.sh && rm initialize-libreoffice.sh
 WORKDIR /app
 
 ENV TESSDATA_PREFIX=/usr/local/share/tessdata
-ENV NLTK_DATA=/home/notebook-user/nltk_data
 ENV UV_COMPILE_BYTECODE=1
 ENV UV_PYTHON_DOWNLOADS=never
 
-# Install Python dependencies via uv and download required NLTK packages
+# Install Python dependencies via uv (en-core-web-sm is declared in pyproject.toml)
 RUN uv sync --locked --all-extras --no-group dev --no-group lint --no-group test --no-group release && \
-    mkdir -p ${NLTK_DATA} && \
-    uv run --no-sync $PYTHON -m nltk.downloader -d ${NLTK_DATA} punkt_tab averaged_perceptron_tagger_eng && \
     uv run --no-sync $PYTHON -c "from unstructured.partition.model_init import initialize; initialize()" && \
     uv run --no-sync $PYTHON -c "from unstructured_inference.models.tables import UnstructuredTableTransformerModel; model = UnstructuredTableTransformerModel(); model.initialize('microsoft/table-transformer-structure-recognition')"
 

Makefile

@@ -14,17 +14,12 @@ help: Makefile
 .PHONY: install
 install:
 	@uv sync --locked --all-extras --all-groups
-	@$(MAKE) install-nltk-models
 
 ## lock:                    update and lock all dependencies
 .PHONY: lock
 lock:
 	@uv lock --upgrade
 
-.PHONY: install-nltk-models
-install-nltk-models:
-	uv run --no-sync python -c "from unstructured.nlp.tokenize import download_nltk_packages; download_nltk_packages()"
-
 
 #################
 # Test and Lint #

pyproject.toml

@@ -28,14 +28,16 @@ dependencies = [
     "html5lib>=1.1, <2.0.0",
     "langdetect>=1.0.9, <2.0.0",
     "lxml>=5.0.0, <7.0.0",
-    "nltk>=3.9.2, <4.0.0",
+    "spacy>=3.7.0, <4.0.0",
+    "en-core-web-sm>=3.8.0, <4.0.0",
     "numba>=0.60.0, <1.0.0",
     "numpy>=1.26.0, <3.0.0",
     "psutil>=7.2.2, <8.0.0",
     "python-iso639>=2026.1.31, <2027.0.0",
     "python-magic>=0.4.27, <1.0.0",
     "python-oxmsg>=0.0.2, <1.0.0",
     "rapidfuzz>=3.14.3, <4.0.0",
+    "regex>=2024.0.0, <2027.0.0",
     "requests>=2.32.5, <3.0.0",
     "tqdm>=4.67.3, <5.0.0",
     "typing-extensions>=4.15.0, <5.0.0",
@@ -179,6 +181,9 @@ release = [
     "twine>=6.0.0, <7.0.0",
 ]
 
+[tool.uv.sources]
+en-core-web-sm = { url = "https://github.com/explosion/spacy-models/releases/download/en_core_web_sm-3.8.0/en_core_web_sm-3.8.0-py3-none-any.whl" }
+
 [tool.uv]
 required-environments = [
     "sys_platform == 'linux' and platform_machine == 'x86_64'",

test_unstructured/metrics/test_element_type.py

@@ -27,8 +27,8 @@
             "sample-presentation.pptx",
             {
                 ("Title", 0): 4,
-                ("Title", 1): 1,
-                ("NarrativeText", 0): 3,
+                ("Title", 1): 2,
+                ("NarrativeText", 0): 2,
                 ("PageBreak", None): 3,
                 ("ListItem", 0): 6,
                 ("ListItem", 1): 6,
@@ -68,7 +68,7 @@ def test_get_element_type_frequency(filename: str, frequency: dict[tuple[str, in
                 ("ListItem", 2): 3,
                 ("Table", None): 1,
             },
-            (0.96, 0.96, 0.96),
+            (0.92, 0.92, 0.92),
         ),
         (
             "handbook-1p.docx",