ragas
PyPI2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting ragaspage 1 of 1
- CVE-2025-45691HIGHCVSS 7.5EG 7.5✓ Fixed in 0.3.0-rc12026-03-05
vulnerable: 0.2.10 ... 0.2.9 (13 versions)
An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts para…
- CVE-2026-6587MEDIUMCVSS 6.3EG 6.32026-04-20
vulnerable: 0.2.10 ... 0.4.3 (34 versions)
A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function _try_process_local_file/_try_process_url of the file src/ragas/metrics/collections/multi_modal_faithfulness/util.py of the compone…
Check whether ragas is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for ragas CVEs against the assets you own.
Start Free Scan →