Search for packages
| purl | pkg:pypi/ray@0.7.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-25r5-wdzx-cqhu
Aliases: CVE-2026-27482 GHSA-q5fh-2hc8-f6rq |
Ray dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion) Ray’s dashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable (e.g., --dashboard-host=0.0.0.0), a web page via DNS rebinding or same-network access can issue DELETE requests that shut down Serve or delete jobs without user interaction. This is a drive-by availability impact. |
Affected by 0 other vulnerabilities. |
|
VCID-79ae-r9sy-kuc3
Aliases: CVE-2023-6020 GHSA-6cxr-8q3m-jwrr |
Ray Missing Authorization vulnerability LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023 |
Affected by 4 other vulnerabilities. |
|
VCID-9s66-w31a-p7gd
Aliases: CVE-2023-6019 GHSA-h3xg-wv58-5p43 |
Ray OS Command Injection vulnerability A command injection exists in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. |
Affected by 4 other vulnerabilities. |
|
VCID-bu1m-265h-f7h4
Aliases: CVE-2025-1979 GHSA-w4rh-fgx7-q63m PYSEC-2025-23 |
Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could potentially leak the password. This is only exploitable if: 1) Logging is enabled; 2) Redis is using password authentication; 3) Those logs are accessible to an attacker, who can reach that redis instance. **Note:** It is recommended that anyone who is running in this configuration should update to the latest version of Ray, then rotate their redis password. |
Affected by 3 other vulnerabilities. |
|
VCID-c8b7-h6ah-v7au
Aliases: CVE-2025-62593 GHSA-q279-jhrf-cc6v |
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack Developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. Due to the longstanding [decision](https://docs.ray.io/en/releases-2.51.1/ray-security/index.html) by the Ray Development team to not implement any sort of authentication on critical endpoints, like the `/api/jobs` & `/api/job_agent/jobs/` has once again led to a severe vulnerability that allows attackers to execute arbitrary code against Ray. This time in a development context via the browsers Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense uses the `User-Agent` header starting with the string "Mozilla" as a defense mechanism. This defense is insufficient as the fetch specification allows the `User-Agent` header to be modified. Combined with a DNS rebinding attack against the browser, and this vulnerability is exploitable against a developer running Ray who inadvertently visits a malicious website, or is served a malicious advertisement ([malvertising](https://en.wikipedia.org/wiki/Malvertising)). |
Affected by 2 other vulnerabilities. |
|
VCID-hfx6-9t71-qkfw
Aliases: CVE-2023-6021 GHSA-3pww-qvr8-6mhp |
Ray Path Traversal vulnerability LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023 |
Affected by 4 other vulnerabilities. |
|
VCID-kd8z-ysxx-d3gd
Aliases: CVE-2025-34351 GHSA-gx77-xgc2-4888 |
Ray's New Token Authentication is Disabled By Default Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces (including the dashboard and Jobs API) is disabled unless explicitly enabled by setting RAY_AUTH_MODE=token. In the default unauthenticated state, a remote attacker with network access to these interfaces can submit jobs and execute arbitrary code on the Ray cluster. NOTE: The vendor plans to enable token authentication by default in a future release. They recommend enabling token authentication to protect your cluster from unauthorized access. | There are no reported fixed by versions. |
|
VCID-m5xy-sdtw-3uh7
Aliases: CVE-2026-32981 PYSEC-2026-130 |
A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences (e.g., ../) to access files outside the intended static directory, resulting in local file disclosure. |
Affected by 4 other vulnerabilities. |
|
VCID-wjjq-cmu6-sqbb
Aliases: CVE-2023-48022 GHSA-6wgj-66m2-xxp2 |
Ray has arbitrary code execution via jobs submission API Anyscale Ray allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||