Search for packages
| purl | pkg:pypi/ray@2.50.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-43df-gr6k-5ygs
Aliases: CVE-2025-62593 GHSA-q279-jhrf-cc6v |
Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense uses the User-Agent header starting with the string "Mozilla" as a defense mechanism. This defense is insufficient as the fetch specification allows the User-Agent header to be modified. Combined with a DNS rebinding attack against the browser, and this vulnerability is exploitable against a developer running Ray who inadvertently visits a malicious website, or is served a malicious advertisement (malvertising). This issue has been patched in version 2.52.0. |
Affected by 3 other vulnerabilities. |
|
VCID-bf2z-xe6r-zqgt
Aliases: CVE-2026-27482 GHSA-q5fh-2hc8-f6rq |
Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable (e.g., --dashboard-host=0.0.0.0), a web page via DNS rebinding or same-network access can issue DELETE requests that shut down Serve or delete jobs without user interaction. This is a drive-by availability impact. The fix for this vulnerability is to update to Ray 2.54.0 or higher. |
Affected by 1 other vulnerability. |
|
VCID-jrbh-pyq6-kqbb
Aliases: CVE-2025-34351 GHSA-gx77-xgc2-4888 |
Ray's New Token Authentication is Disabled By Default | There are no reported fixed by versions. |
|
VCID-p5j5-4rvx-93ax
Aliases: CVE-2026-41486 GHSA-mw35-8rx3-xf9r |
Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types (ray.data.arrow_tensor, ray.data.arrow_tensor_v2, ray.data.arrow_variable_shaped_tensor) globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension types, it calls __arrow_ext_deserialize__ on the field's metadata bytes. Ray's implementation passes these bytes directly to cloudpickle.loads(), achieving arbitrary code execution during schema parsing, before any row data is read. This issue has been patched in version 2.55.0. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-12T22:13:29.989079+00:00 | GitLab Importer | Affected by | VCID-p5j5-4rvx-93ax | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ray/CVE-2026-41486.yml | 38.6.0 |
| 2026-06-12T21:01:56.150842+00:00 | GitLab Importer | Affected by | VCID-bf2z-xe6r-zqgt | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ray/CVE-2026-27482.yml | 38.6.0 |
| 2026-06-12T20:37:05.421208+00:00 | GitLab Importer | Affected by | VCID-jrbh-pyq6-kqbb | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ray/CVE-2025-34351.yml | 38.6.0 |
| 2026-06-12T20:36:56.846391+00:00 | GitLab Importer | Affected by | VCID-43df-gr6k-5ygs | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ray/CVE-2025-62593.yml | 38.6.0 |