pkg:PyPI/ray

All known vulnerabilities

• CRITICAL9.8CVE-2024-57000Withdrawn Advisory: Command injection in Ray
  >= 2.9.3, <= 2.40.0
• CRITICAL9.8CVE-2023-48022Ray has arbitrary code execution via jobs submission API
  from 0, <= 2.49.2
• CRITICAL9.8CVE-2023-6019Ray OS Command Injection vulnerability
  from 0, < 2.8.1
• CRITICAL9.3CVE-2023-6020Ray Missing Authorization vulnerability
  from 0, < 2.8.1
• CRITICAL9.3CVE-2023-6021Ray Path Traversal vulnerability
  from 0, < 2.8.1
• HIGH7.5CVE-2026-32981A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2.8.1.
  from 0, < 2.8.1
• MEDIUM6.4CVE-2025-1979ray vulnerable to Insertion of Sensitive Information into Log File
  from 0, < 64a2e4010522d60b90c389634f24df77b603d85d | from 0, < 2.43.0
• MEDIUM6.4CVE-2025-1979ray vulnerable to Insertion of Sensitive Information into Log File
  from 0, < 2.43.0
• MEDIUM5.9CVE-2026-27482Ray dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)
  from 0, < 2.54.0
• —CVE-2026-41486Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization
  >= 2.49.0, < 2.55.0
• —CVE-2025-34351Ray's New Token Authentication is Disabled By Default
  from 0, <= 2.52.0
• —CVE-2025-62593Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
  from 0, < 2.52.0