Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/28912?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/28912?format=api", "purl": "pkg:pypi/vtk@9.0.0", "type": "pypi", "namespace": "", "name": "vtk", "version": "9.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.5.1", "latest_non_vulnerable_version": "9.5.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37137?format=api", "vulnerability_id": "VCID-c5b6-p1ee-6fgz", "summary": "Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF accessor data.", "references": [ { "reference_url": "https://gitlab.kitware.com/vtk/vtk/-/issues/19733", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://gitlab.kitware.com/vtk/vtk/-/issues/19733" }, { "reference_url": "https://gitlab.kitware.com/vtk/vtk/-/issues/19734", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://gitlab.kitware.com/vtk/vtk/-/issues/19734" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119821", "reference_id": "1119821", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119821" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46430?format=api", "purl": "pkg:pypi/vtk@9.5.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.5.1" } ], "aliases": [ "CVE-2025-57106", "PYSEC-2025-224" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c5b6-p1ee-6fgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37139?format=api", "vulnerability_id": "VCID-dayh-vxpr-n7h7", "summary": "Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files with corrupted or invalid mesh reference structures.", "references": [ { "reference_url": "https://gitlab.kitware.com/vtk/vtk/-/issues/19736", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://gitlab.kitware.com/vtk/vtk/-/issues/19736" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119823", "reference_id": "1119823", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119823" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46430?format=api", "purl": "pkg:pypi/vtk@9.5.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.5.1" } ], "aliases": [ "CVE-2025-57108", "PYSEC-2025-226" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dayh-vxpr-n7h7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36169?format=api", "vulnerability_id": "VCID-qp5d-yddh-67a4", "summary": "There is a NULL pointer dereference vulnerability in VTK, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer dereference may crash the application.", "references": [ { "reference_url": "https://discourse.vtk.org/t/vtk-9-2-5-is-out/10549", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discourse.vtk.org/t/vtk-9-2-5-is-out/10549" }, { "reference_url": "https://github.com/advisories/GHSA-xfhg-9pjg-xg7g", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xfhg-9pjg-xg7g" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/vtk/PYSEC-2022-255.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/vtk/PYSEC-2022-255.yaml" }, { "reference_url": "https://gitlab.kitware.com/vtk/vtk", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.kitware.com/vtk/vtk" }, { "reference_url": "https://gitlab.kitware.com/vtk/vtk/issues/17818", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.kitware.com/vtk/vtk/issues/17818" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCTMSAAVP4BW2HTZLDWMGKZ2WEC5OFLK", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCTMSAAVP4BW2HTZLDWMGKZ2WEC5OFLK" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42521", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42521" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031877", "reference_id": "1031877", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031877" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034843", "reference_id": "1034843", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034843" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034844", "reference_id": "1034844", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034844" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28913?format=api", "purl": "pkg:pypi/vtk@9.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-c5b6-p1ee-6fgz" }, { "vulnerability": "VCID-dayh-vxpr-n7h7" }, { "vulnerability": "VCID-tnex-thhe-bfba" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.0.1" } ], "aliases": [ "CVE-2021-42521", "GHSA-xfhg-9pjg-xg7g", "PYSEC-2022-255" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qp5d-yddh-67a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37138?format=api", "vulnerability_id": "VCID-tnex-thhe-bfba", "summary": "Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries before performing memory read operations.", "references": [ { "reference_url": "https://gitlab.kitware.com/vtk/vtk/-/issues/19732", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://gitlab.kitware.com/vtk/vtk/-/issues/19732" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119822", "reference_id": "1119822", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119822" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46430?format=api", "purl": "pkg:pypi/vtk@9.5.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.5.1" } ], "aliases": [ "CVE-2025-57107", "PYSEC-2025-225" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tnex-thhe-bfba" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vtk@9.0.0" }