28 matches found
CVE-2025-45691
An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...
Server-side Request Forgery (SSRF)
Overview ragas is an Evaluation framework for RAG and LLM applications Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper validation of URLs in the retrievedcontexts parameter when processing multimodal inputs. An attacker can access arbitrary files,...
CVE-2025-45691
An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...
langevals-ragas (>=0.1.10 <=0.1.17), llama-stack-provider-ragas (>=0.3.4 <=0.6.1) +1 more potentially affected by CVE-2025-45691 via ragas (>=0.2.6 <=0.3.0)
ragas PYPI version =0.2.6, =0.1.10, =0.3.4, =1.0.0, =1.0.1 Source cves: CVE-2025-45691 Source advisory: SNYK:PYTHON-RAGAS-15440561...
CVE-2025-45691
CVE-2025-45691 affects VibrantLabs RAGAS (up to v0.4.3); the vulnerability lies in improper validation of URLs in retrieved_contexts during multimodal input processing, enabling Server-Side Request Forgery (SSRF) and arbitrary file reads. Several connected sources describe exploitation via manipu...
lightspeed-stack (>=0.1.1 <=0.4.0), lightspeed-stack-providers (>=0.1.10 <=0.1.18) +5 more potentially affected by CVE-2026-25211 via llama-stack (>=0.2.10.1 <=0.3.5)
llama-stack PYPI version =0.2.10.1, =0.1.1, =0.1.10, =1.0.1, =0.3.4, =0.1.0, =0.2.0, =0.3.0a0 Source cves: CVE-2026-25211 Source advisory: SNYK:PYTHON-LLAMASTACK-15166608...
Malicious code in test-mlw2-ragas-bides (npm)
The package test-mlw2-ragas-bides was found to contain malicious code...
MAL-2025-36078 Malicious code in test-mlw2-ragas-bides (npm)
The package test-mlw2-ragas-bides was found to contain malicious code...