agentic-layer-testbench (>=0.9.1 <=0.9.2), agentic-rag-pdf (>=0.1.2 <=0.1.5) +55 more potentially affected by CVE-2026-6587 via ragas (>=0.2.6 <=0.4.3)

ragas PYPI version =0.2.6, =0.9.1, =0.1.2, =0.1.0a1, =1.0.8, =0.1.6, =11.1.12, =0.20.24, =0.1.1, =1.0.0, =1.1.0, =0.1.0, =0.1.0, =0.1.0b1, =2.0.0 and more Source cves: CVE-2026-6587 Source advisory: OSV:GHSA-95WW-475F-PR4F...

GHSA-95WW-475F-PR4F RAGAS has SSRF via Multi-Modal Faithfulness Collections Module

A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function tryprocesslocalfile/tryprocessurl of the file src/ragas/metrics/collections/multimodalfaithfulness/util.py of the component Collections Module. Performing a manipulation of the argument...

langevals-ragas (>=0.1.10 <=0.1.17), mmore (>=1.0.0 <=1.0.1) potentially affected by CVE-2025-45691 via ragas (>=0.2.6 <=0.2.9)

ragas PYPI version =0.2.6, =0.1.10, =1.0.0, =1.0.1 Source cves: CVE-2025-45691 Source advisory: OSV:GHSA-V2XR-WVRV-P969...