Search for packages
| purl | pkg:pypi/ray@2.47.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-25r5-wdzx-cqhu
Aliases: CVE-2026-27482 GHSA-q5fh-2hc8-f6rq |
Ray dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion) Ray’s dashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable (e.g., --dashboard-host=0.0.0.0), a web page via DNS rebinding or same-network access can issue DELETE requests that shut down Serve or delete jobs without user interaction. This is a drive-by availability impact. |
Affected by 1 other vulnerability. |
|
VCID-c8b7-h6ah-v7au
Aliases: CVE-2025-62593 GHSA-q279-jhrf-cc6v |
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack Developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. Due to the longstanding [decision](https://docs.ray.io/en/releases-2.51.1/ray-security/index.html) by the Ray Development team to not implement any sort of authentication on critical endpoints, like the `/api/jobs` & `/api/job_agent/jobs/` has once again led to a severe vulnerability that allows attackers to execute arbitrary code against Ray. This time in a development context via the browsers Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense uses the `User-Agent` header starting with the string "Mozilla" as a defense mechanism. This defense is insufficient as the fetch specification allows the `User-Agent` header to be modified. Combined with a DNS rebinding attack against the browser, and this vulnerability is exploitable against a developer running Ray who inadvertently visits a malicious website, or is served a malicious advertisement ([malvertising](https://en.wikipedia.org/wiki/Malvertising)). |
Affected by 3 other vulnerabilities. |
|
VCID-kd8z-ysxx-d3gd
Aliases: CVE-2025-34351 GHSA-gx77-xgc2-4888 |
Ray's New Token Authentication is Disabled By Default Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces (including the dashboard and Jobs API) is disabled unless explicitly enabled by setting RAY_AUTH_MODE=token. In the default unauthenticated state, a remote attacker with network access to these interfaces can submit jobs and execute arbitrary code on the Ray cluster. NOTE: The vendor plans to enable token authentication by default in a future release. They recommend enabling token authentication to protect your cluster from unauthorized access. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T06:55:56.445947+00:00 | GitLab Importer | Affected by | VCID-25r5-wdzx-cqhu | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ray/CVE-2026-27482.yml | 38.6.0 |
| 2026-06-06T06:27:27.083747+00:00 | GitLab Importer | Affected by | VCID-kd8z-ysxx-d3gd | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ray/CVE-2025-34351.yml | 38.6.0 |
| 2026-06-06T06:27:20.055215+00:00 | GitLab Importer | Affected by | VCID-c8b7-h6ah-v7au | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ray/CVE-2025-62593.yml | 38.6.0 |