VulnerableCode Package Details - pkg:pypi/ray@2.52.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-kd8z-ysxx-d3gd Aliases: CVE-2025-34351 GHSA-gx77-xgc2-4888	Ray's New Token Authentication is Disabled By Default Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces (including the dashboard and Jobs API) is disabled unless explicitly enabled by setting RAY_AUTH_MODE=token. In the default unauthenticated state, a remote attacker with network access to these interfaces can submit jobs and execute arbitrary code on the Ray cluster. NOTE: The vendor plans to enable token authentication by default in a future release. They recommend enabling token authentication to protect your cluster from unauthorized access.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-kd8z-ysxx-d3gd
Aliases:
CVE-2025-34351
GHSA-gx77-xgc2-4888

Ray's New Token Authentication is Disabled By Default Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces (including the dashboard and Jobs API) is disabled unless explicitly enabled by setting RAY_AUTH_MODE=token. In the default unauthenticated state, a remote attacker with network access to these interfaces can submit jobs and execute arbitrary code on the Ray cluster. NOTE: The vendor plans to enable token authentication by default in a future release. They recommend enabling token authentication to protect your cluster from unauthorized access.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
VCID-c8b7-h6ah-v7au	Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack Developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. Due to the longstanding [decision](https://docs.ray.io/en/releases-2.51.1/ray-security/index.html) by the Ray Development team to not implement any sort of authentication on critical endpoints, like the `/api/jobs` & `/api/job_agent/jobs/` has once again led to a severe vulnerability that allows attackers to execute arbitrary code against Ray. This time in a development context via the browsers Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense uses the `User-Agent` header starting with the string "Mozilla" as a defense mechanism. This defense is insufficient as the fetch specification allows the `User-Agent` header to be modified. Combined with a DNS rebinding attack against the browser, and this vulnerability is exploitable against a developer running Ray who inadvertently visits a malicious website, or is served a malicious advertisement ([malvertising](https://en.wikipedia.org/wiki/Malvertising)).	CVE-2025-62593 GHSA-q279-jhrf-cc6v

Vulnerability

Summary

Aliases

VCID-c8b7-h6ah-v7au

Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack Developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. Due to the longstanding [decision](https://docs.ray.io/en/releases-2.51.1/ray-security/index.html) by the Ray Development team to not implement any sort of authentication on critical endpoints, like the `/api/jobs` & `/api/job_agent/jobs/` has once again led to a severe vulnerability that allows attackers to execute arbitrary code against Ray. This time in a development context via the browsers Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense uses the `User-Agent` header starting with the string "Mozilla" as a defense mechanism. This defense is insufficient as the fetch specification allows the `User-Agent` header to be modified. Combined with a DNS rebinding attack against the browser, and this vulnerability is exploitable against a developer running Ray who inadvertently visits a malicious website, or is served a malicious advertisement ([malvertising](https://en.wikipedia.org/wiki/Malvertising)).

CVE-2025-62593
GHSA-q279-jhrf-cc6v

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:48:58.319692+00:00	GitLab Importer	Affected by	VCID-kd8z-ysxx-d3gd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ray/CVE-2025-34351.yml	38.6.0
2026-06-02T04:48:57.761901+00:00	GitLab Importer	Fixing	VCID-c8b7-h6ah-v7au	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ray/CVE-2025-62593.yml	38.6.0

2026-06-02T04:48:58.319692+00:00

GitLab Importer

Affected by

VCID-kd8z-ysxx-d3gd

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ray/CVE-2025-34351.yml

38.6.0

2026-06-02T04:48:57.761901+00:00

GitLab Importer

Fixing

VCID-c8b7-h6ah-v7au

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ray/CVE-2025-62593.yml

38.6.0

Next non-vulnerable version	2.54.0
Latest non-vulnerable version	2.54.0
Risk