Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/37097?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37097?format=api", "vulnerability_id": "VCID-1gme-shqk-5ydx", "summary": "Local File Inclusion in dagster._grpc.impl.get_notebook_data in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebook_path field of ExternalNotebookData requests, bypassing the intended extension-based check.", "aliases": [ { "alias": "CVE-2025-51481" }, { "alias": "PYSEC-2025-102" } ], "fixed_packages": [], "affected_packages": [], "references": [ { "reference_url": "https://github.com/dagster-io/dagster", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L" } ], "url": "https://github.com/dagster-io/dagster" }, { "reference_url": "https://github.com/dagster-io/dagster/pull/30002", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L" } ], "url": "https://github.com/dagster-io/dagster/pull/30002" }, { "reference_url": "https://www.gecko.security/blog/cve-2025-51481", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L" } ], "url": "https://www.gecko.security/blog/cve-2025-51481" } ], "weaknesses": [], "exploits": [], "severity_range_score": "6.6 - 6.6", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1gme-shqk-5ydx" }