Update dependency ragas to v0.1.10#6
Security Report
❌ New vulnerabilities:
| Vulnerability | Severity |  CVSS Score |
Vulnerable Library | Direct Library | Suggested Fix | Issue |
|---|---|---|---|---|---|---|
CVE-2026-35030Path to dependency file: /06_OpenSource_examples/requirements.txt Path to vulnerable library: /tmp/ws-ua_20260601031625_QOPCFO/python_LRSOKL/202606010316491/env/lib/python3.10/site-packages/litellm-1.60.2.dist-info Dependency Hierarchy: -> crewai-0.102.0-py3-none-any.whl (Root Library) -> ❌ litellm-1.60.2-py3-none-any.whl (Vulnerable Library) |
 Critical |
10.0 | Transitive litellm-1.60.2-py3-none-any.whl |
crewai-0.102.0-py3-none-any.whl | None | |
CVE-2026-35029Path to dependency file: /06_OpenSource_examples/requirements.txt Path to vulnerable library: /tmp/ws-ua_20260601031625_QOPCFO/python_LRSOKL/202606010316491/env/lib/python3.10/site-packages/litellm-1.60.2.dist-info Dependency Hierarchy: -> crewai-0.102.0-py3-none-any.whl (Root Library) -> ❌ litellm-1.60.2-py3-none-any.whl (Vulnerable Library) |
Critical |
9.9 | Transitive litellm-1.60.2-py3-none-any.whl |
crewai-0.102.0-py3-none-any.whl | Transitive Upgrade to version litellm - 1.83.0 or greater |
None |
CVE-2026-40217Path to dependency file: /06_OpenSource_examples/requirements.txt Path to vulnerable library: /tmp/ws-ua_20260601031625_QOPCFO/python_LRSOKL/202606010316491/env/lib/python3.10/site-packages/litellm-1.60.2.dist-info Dependency Hierarchy: -> crewai-0.102.0-py3-none-any.whl (Root Library) -> ❌ litellm-1.60.2-py3-none-any.whl (Vulnerable Library) |
 High |
8.8 | Transitive litellm-1.60.2-py3-none-any.whl |
crewai-0.102.0-py3-none-any.whl | Transitive Upgrade to version litellm - 1.83.10 or greater |
None |
CVE-2024-6825Path to dependency file: /06_OpenSource_examples/requirements.txt Path to vulnerable library: /tmp/ws-ua_20260601031625_QOPCFO/python_LRSOKL/202606010316491/env/lib/python3.10/site-packages/litellm-1.60.2.dist-info Dependency Hierarchy: -> crewai-0.102.0-py3-none-any.whl (Root Library) -> ❌ litellm-1.60.2-py3-none-any.whl (Vulnerable Library) |
High |
8.8 | Transitive litellm-1.60.2-py3-none-any.whl |
crewai-0.102.0-py3-none-any.whl | Transitive litellm - no_fix |
None |
CVE-2025-0628Path to dependency file: /06_OpenSource_examples/requirements.txt Path to vulnerable library: /tmp/ws-ua_20260601031625_QOPCFO/python_LRSOKL/202606010316491/env/lib/python3.10/site-packages/litellm-1.60.2.dist-info Dependency Hierarchy: -> crewai-0.102.0-py3-none-any.whl (Root Library) -> ❌ litellm-1.60.2-py3-none-any.whl (Vulnerable Library) |
High |
8.1 | Transitive litellm-1.60.2-py3-none-any.whl |
crewai-0.102.0-py3-none-any.whl | Transitive 1.61.15 |
None |
CVE-2025-45809Path to dependency file: /06_OpenSource_examples/requirements.txt Path to vulnerable library: /tmp/ws-ua_20260601031625_QOPCFO/python_LRSOKL/202606010316491/env/lib/python3.10/site-packages/litellm-1.60.2.dist-info Dependency Hierarchy: -> crewai-0.102.0-py3-none-any.whl (Root Library) -> ❌ litellm-1.60.2-py3-none-any.whl (Vulnerable Library) |
 Medium |
5.4 | Transitive litellm-1.60.2-py3-none-any.whl |
crewai-0.102.0-py3-none-any.whl | None |
✔️ Remediated vulnerabilities:
| Vulnerability | Vulnerable Library |
|---|---|
| CVE-2026-34517 | aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2026-34514 | aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2025-69226 | aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2025-43859 | h11-0.14.0-py3-none-any.whl |
| CVE-2026-44431 | urllib3-1.26.20-py2.py3-none-any.whl |
| CVE-2026-44843 | langchain_core-0.3.41-py3-none-any.whl |
| CVE-2025-50182 | urllib3-1.26.20-py2.py3-none-any.whl |
| CVE-2026-25645 | requests-2.32.3-py3-none-any.whl |
| CVE-2026-22815 | aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2025-69229 | aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2025-68146 | filelock-3.17.0-py3-none-any.whl |
| CVE-2024-47081 | requests-2.32.3-py3-none-any.whl |
| CVE-2025-6984 | langchain_community-0.3.19-py3-none-any.whl |
| CVE-2025-65106 | langchain_core-0.3.41-py3-none-any.whl |
| CVE-2026-34515 | aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2026-26013 | langchain_core-0.3.41-py3-none-any.whl |
| CVE-2025-69224 | aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2025-69223 | aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2026-34516 | aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2026-45134 | langchain-0.3.20-py3-none-any.whl |
| CVE-2025-66471 | urllib3-1.26.20-py2.py3-none-any.whl |
| CVE-2026-40087 | langchain_core-0.3.41-py3-none-any.whl |
| CVE-2026-45134 | langsmith-0.3.12-py3-none-any.whl |
| CVE-2026-4539 | pygments-2.19.1-py3-none-any.whl |
| CVE-2025-67221 | orjson-3.10.15-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2025-50181 | urllib3-1.26.20-py2.py3-none-any.whl |
| CVE-2026-34525 | aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2025-68664 | langchain_core-0.3.41-py3-none-any.whl |
| CVE-2026-34518 | aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2026-34513 | aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2026-34520 | aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2026-25087 | pyarrow-19.0.1-cp39-cp39-manylinux_2_28_x86_64.whl |
| CVE-2026-41182 | langsmith-0.3.12-py3-none-any.whl |
| CVE-2025-69225 | aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2026-45409 | idna-3.10-py3-none-any.whl |
| CVE-2026-34519 | aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2026-34070 | langchain_core-0.3.41-py3-none-any.whl |
| CVE-2025-68480 | marshmallow-3.26.1-py3-none-any.whl |
| CVE-2025-69228 | aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2026-21441 | urllib3-1.26.20-py2.py3-none-any.whl |
| CVE-2025-53643 | aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2025-69230 | aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2026-41066 | lxml-5.3.1-cp39-cp39-manylinux_2_28_x86_64.whl |
| CVE-2025-69227 | aiohttp-3.11.13-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl |
| CVE-2025-6985 | langchain_text_splitters-0.3.6-py3-none-any.whl |
| CVE-2026-41488 | langchain_openai-0.3.7-py3-none-any.whl |
| CVE-2025-64439 | langgraph_checkpoint-2.0.17-py3-none-any.whl |
Base branch total remaining vulnerabilities: 58
Base branch commit: 6d36e1de7991f86f4efb71f4207005cef8e6d437
Total libraries scanned: 202
Scan token: 535834dcfc01424caeb9cd6f400bcfd2