Lucene search
K

28 matches found

Cvelist
Cvelist
added 2026/03/05 12:0 a.m.30 views

CVE-2025-45691

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

0.00534EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/05 12:0 a.m.3 views

Server-side Request Forgery (SSRF)

Overview ragas is an Evaluation framework for RAG and LLM applications Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper validation of URLs in the retrievedcontexts parameter when processing multimodal inputs. An attacker can access arbitrary files,...

8.7CVSS5.9AI score0.00534EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/05 12:0 a.m.3 views

CVE-2025-45691

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

5.8AI score0.00534EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2026/03/05 12:0 a.m.6 views

langevals-ragas (>=0.1.10 <=0.1.17), llama-stack-provider-ragas (>=0.3.4 <=0.6.1) +1 more potentially affected by CVE-2025-45691 via ragas (>=0.2.6 <=0.3.0)

ragas PYPI version =0.2.6, =0.1.10, =0.3.4, =1.0.0, =1.0.1 Source cves: CVE-2025-45691 Source advisory: SNYK:PYTHON-RAGAS-15440561...

7.5CVSS6.5AI score0.00534EPSS
Exploits1
CVE
CVE
added 2026/03/05 12:0 a.m.19 views

CVE-2025-45691

CVE-2025-45691 affects VibrantLabs RAGAS (up to v0.4.3); the vulnerability lies in improper validation of URLs in retrieved_contexts during multimodal input processing, enabling Server-Side Request Forgery (SSRF) and arbitrary file reads. Several connected sources describe exploitation via manipu...

7.5CVSS5.9AI score0.00534EPSS
Exploits1References7Affected Software1
vulnersOsv
vulnersOsv
added 2026/01/30 9:30 a.m.5 views

lightspeed-stack (>=0.1.1 <=0.4.0), lightspeed-stack-providers (>=0.1.10 <=0.1.18) +5 more potentially affected by CVE-2026-25211 via llama-stack (>=0.2.10.1 <=0.3.5)

llama-stack PYPI version =0.2.10.1, =0.1.1, =0.1.10, =1.0.1, =0.3.4, =0.1.0, =0.2.0, =0.3.0a0 Source cves: CVE-2026-25211 Source advisory: SNYK:PYTHON-LLAMASTACK-15166608...

3.2CVSS6AI score0.00219EPSS
Exploits1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in test-mlw2-ragas-bides (npm)

The package test-mlw2-ragas-bides was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-36078 Malicious code in test-mlw2-ragas-bides (npm)

The package test-mlw2-ragas-bides was found to contain malicious code...

7.2AI score
Exploits0
Rows per page
Query Builder