Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/vtk@8.1.0
purl pkg:pypi/vtk@8.1.0
Next non-vulnerable version 9.5.1
Latest non-vulnerable version 9.5.1
Risk
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-c5b6-p1ee-6fgz
Aliases:
CVE-2025-57106
PYSEC-2025-224
Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF accessor data.
9.5.1
Affected by 0 other vulnerabilities.
VCID-dayh-vxpr-n7h7
Aliases:
CVE-2025-57108
PYSEC-2025-226
Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files with corrupted or invalid mesh reference structures.
9.5.1
Affected by 0 other vulnerabilities.
VCID-qp5d-yddh-67a4
Aliases:
CVE-2021-42521
GHSA-xfhg-9pjg-xg7g
PYSEC-2022-255
There is a NULL pointer dereference vulnerability in VTK, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer dereference may crash the application.
9.0.1
Affected by 3 other vulnerabilities.
VCID-tnex-thhe-bfba
Aliases:
CVE-2025-57107
PYSEC-2025-225
Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries before performing memory read operations.
9.5.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:23:23.854019+00:00 Pypa Importer Affected by VCID-dayh-vxpr-n7h7 https://github.com/pypa/advisory-database/blob/main/vulns/vtk/PYSEC-2025-226.yaml 38.6.0
2026-06-02T04:23:23.762297+00:00 Pypa Importer Affected by VCID-tnex-thhe-bfba https://github.com/pypa/advisory-database/blob/main/vulns/vtk/PYSEC-2025-225.yaml 38.6.0
2026-06-02T04:23:23.643584+00:00 Pypa Importer Affected by VCID-c5b6-p1ee-6fgz https://github.com/pypa/advisory-database/blob/main/vulns/vtk/PYSEC-2025-224.yaml 38.6.0
2026-06-02T04:17:34.568668+00:00 Pypa Importer Affected by VCID-qp5d-yddh-67a4 https://github.com/pypa/advisory-database/blob/main/vulns/vtk/PYSEC-2022-255.yaml 38.6.0