Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-q5fh-2hc8-f6rq
  • PyPI/ray
 Ray dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion) 20 Feb
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-gx77-xgc2-4888
  • PyPI/ray
 Ray's New Token Authentication is Disabled By Default 27 Nov 2025
  • No fix available
  • Severity - 9.3 (Critical)
GHSA-q279-jhrf-cc6v
  • PyPI/ray
 Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack 26 Nov 2025
  • Fix available
  • Severity - 9.4 (Critical)
GHSA-w4rh-fgx7-q63m
  • PyPI/ray
 ray vulnerable to Insertion of Sensitive Information into Log File 06 Mar 2025
  • Fix available
  • Severity - 5.7 (Medium)
PYSEC-2025-23
  • PyPI/ray
  • github.com/ray-project/ray
 See record for full details 06 Mar 2025
  • Fix available
GHSA-6wgj-66m2-xxp2
  • PyPI/ray
 Ray has arbitrary code execution via jobs submission API 28 Nov 2023
  • No fix available
  • Severity - 9.8 (Critical)
GHSA-6cxr-8q3m-jwrr
  • PyPI/ray
 Ray Missing Authorization vulnerability 16 Nov 2023
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-3pww-qvr8-6mhp
  • PyPI/ray
 Ray Path Traversal vulnerability 16 Nov 2023
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-h3xg-wv58-5p43
  • PyPI/ray
 Ray OS Command Injection vulnerability 16 Nov 2023
  • Fix available
  • Severity - 9.8 (Critical)