Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/ray@2.9.1

Type pypi

Namespace

Name ray

Version 2.9.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.55.0

Latest_non_vulnerable_version 2.55.0

Affected_by_vulnerabilities

url VCID-43df-gr6k-5ygs

vulnerability_id VCID-43df-gr6k-5ygs

summary Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense uses the User-Agent header starting with the string "Mozilla" as a defense mechanism. This defense is insufficient as the fetch specification allows the User-Agent header to be modified. Combined with a DNS rebinding attack against the browser, and this vulnerability is exploitable against a developer running Ray who inadvertently visits a malicious website, or is served a malicious advertisement (malvertising). This issue has been patched in version 2.52.0.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62593.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62593.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-62593

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.01959
published_at	2026-06-11T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.01962
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-62593

reference_url

https://docs.ray.io/en/releases-2.51.1/ray-security/index.html

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://docs.ray.io/en/releases-2.51.1/ray-security/index.html

reference_url

https://en.wikipedia.org/wiki/Malvertising

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://en.wikipedia.org/wiki/Malvertising

reference_url

https://github.com/nccgroup/singularity/pull/68

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/nccgroup/singularity/pull/68

reference_url

https://github.com/ray-project/ray/blob/e7889ae542bf0188610bc8b06d274cbf53790cbd/python/ray/dashboard/http_server_head.py#L184-L196

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/ray-project/ray/blob/e7889ae542bf0188610bc8b06d274cbf53790cbd/python/ray/dashboard/http_server_head.py#L184-L196

reference_url

https://github.com/ray-project/ray/blob/f39a860436dca3ed5b9dfae84bd867ac10c84dc6/python/ray/dashboard/optional_utils.py#L129-L155

reference_id

reference_type

scores

value	9.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/ray-project/ray/blob/f39a860436dca3ed5b9dfae84bd867ac10c84dc6/python/ray/dashboard/optional_utils.py#L129-L155

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2417394
reference_id	2417394
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2417394

reference_url

https://github.com/ray-project/ray/commit/70e7c72780bdec075dba6cad1afe0832772bfe09

reference_id

70e7c72780bdec075dba6cad1afe0832772bfe09

reference_type

scores

value	9.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-28T18:21:16Z/

url

https://github.com/ray-project/ray/commit/70e7c72780bdec075dba6cad1afe0832772bfe09

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-62593

reference_id

CVE-2025-62593

reference_type

scores

value	9.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-62593

reference_url

https://github.com/advisories/GHSA-q279-jhrf-cc6v

reference_id

GHSA-q279-jhrf-cc6v

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q279-jhrf-cc6v

reference_url

https://github.com/ray-project/ray/security/advisories/GHSA-q279-jhrf-cc6v

reference_id

GHSA-q279-jhrf-cc6v

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	9.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-28T18:21:16Z/

url

https://github.com/ray-project/ray/security/advisories/GHSA-q279-jhrf-cc6v

reference_url	https://access.redhat.com/errata/RHSA-2025:23078
reference_id	RHSA-2025:23078
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23078

reference_url	https://access.redhat.com/errata/RHSA-2025:23079
reference_id	RHSA-2025:23079
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23079

reference_url	https://access.redhat.com/errata/RHSA-2025:23080
reference_id	RHSA-2025:23080
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23080

reference_url	https://access.redhat.com/errata/RHSA-2025:23204
reference_id	RHSA-2025:23204
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23204

reference_url	https://access.redhat.com/errata/RHSA-2025:23531
reference_id	RHSA-2025:23531
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23531

reference_url	https://access.redhat.com/errata/RHSA-2026:3461
reference_id	RHSA-2026:3461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3461

reference_url	https://access.redhat.com/errata/RHSA-2026:3462
reference_id	RHSA-2026:3462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3462

reference_url	https://access.redhat.com/errata/RHSA-2026:3713
reference_id	RHSA-2026:3713
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3713

fixed_packages

url pkg:pypi/ray@2.52.0

purl pkg:pypi/ray@2.52.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bf2z-xe6r-zqgt

vulnerability	VCID-jrbh-pyq6-kqbb

vulnerability	VCID-p5j5-4rvx-93ax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ray@2.52.0

aliases CVE-2025-62593, GHSA-q279-jhrf-cc6v

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-43df-gr6k-5ygs

url VCID-bf2z-xe6r-zqgt

vulnerability_id VCID-bf2z-xe6r-zqgt

summary Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable (e.g., --dashboard-host=0.0.0.0), a web page via DNS rebinding or same-network access can issue DELETE requests that shut down Serve or delete jobs without user interaction. This is a drive-by availability impact. The fix for this vulnerability is to update to Ray 2.54.0 or higher.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-27482

reference_id

reference_type

scores

value	0.00061
scoring_system	epss
scoring_elements	0.19375
published_at	2026-06-12T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19206
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-27482

reference_url

https://github.com/ray-project/ray/commit/0fda8b824cdc9dc6edd763bb28dfd7d1cc9b02a4

reference_id

0fda8b824cdc9dc6edd763bb28dfd7d1cc9b02a4

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:51:47Z/

url

https://github.com/ray-project/ray/commit/0fda8b824cdc9dc6edd763bb28dfd7d1cc9b02a4

reference_url

https://github.com/ray-project/ray/pull/60526

reference_id

60526

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:51:47Z/

url

https://github.com/ray-project/ray/pull/60526

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-27482

reference_id

CVE-2026-27482

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-27482

reference_url

https://github.com/advisories/GHSA-q5fh-2hc8-f6rq

reference_id

GHSA-q5fh-2hc8-f6rq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q5fh-2hc8-f6rq

reference_url

https://github.com/ray-project/ray/security/advisories/GHSA-q5fh-2hc8-f6rq

reference_id

GHSA-q5fh-2hc8-f6rq

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:51:47Z/

url

https://github.com/ray-project/ray/security/advisories/GHSA-q5fh-2hc8-f6rq

reference_url

https://github.com/ray-project/ray/releases/tag/ray-2.54.0

reference_id

ray-2.54.0

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:51:47Z/

url

https://github.com/ray-project/ray/releases/tag/ray-2.54.0

fixed_packages

url pkg:pypi/ray@2.54.0

purl pkg:pypi/ray@2.54.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-p5j5-4rvx-93ax

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ray@2.54.0

aliases CVE-2026-27482, GHSA-q5fh-2hc8-f6rq

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bf2z-xe6r-zqgt

url

VCID-jrbh-pyq6-kqbb

vulnerability_id

VCID-jrbh-pyq6-kqbb

summary

Ray's New Token Authentication is Disabled By Default

references

reference_url

https://github.com/ray-project/ray/releases/tag/ray-2.52.0

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/ray-project/ray/releases/tag/ray-2.52.0

reference_url

https://www.cve.org/resourcessupport/allresources/cnarules#section_4-1_Vulnerability_Determination

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.cve.org/resourcessupport/allresources/cnarules#section_4-1_Vulnerability_Determination

reference_url

https://www.linkedin.com/posts/jonathan-leitschuh_the-latest-piece-of-mind-bending-research-activity-7396976425997606912-qizE

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.linkedin.com/posts/jonathan-leitschuh_the-latest-piece-of-mind-bending-research-activity-7396976425997606912-qizE

reference_url

https://www.oligo.security/blog/shadowray-2-0-attackers-turn-ai-against-itself-in-global-campaign-that-hijacks-ai-into-self-propagating-botnet

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oligo.security/blog/shadowray-2-0-attackers-turn-ai-against-itself-in-global-campaign-that-hijacks-ai-into-self-propagating-botnet

reference_url

https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild

reference_url

https://www.vulncheck.com/advisories/anyscale-ray-token-authentication-disabled-by-default-insecure-configuration

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.vulncheck.com/advisories/anyscale-ray-token-authentication-disabled-by-default-insecure-configuration

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-34351

reference_id

CVE-2025-34351

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-34351

reference_url

https://github.com/advisories/GHSA-gx77-xgc2-4888

reference_id

GHSA-gx77-xgc2-4888

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gx77-xgc2-4888

reference_url

https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-w8vc-465m-jjw6

reference_id

GHSA-w8vc-465m-jjw6

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-w8vc-465m-jjw6

fixed_packages

aliases

CVE-2025-34351, GHSA-gx77-xgc2-4888

risk_score

4.5

exploitability

0.5

weighted_severity

9.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-jrbh-pyq6-kqbb

url VCID-ryw5-w6de-97d2

vulnerability_id VCID-ryw5-w6de-97d2

summary Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could potentially leak the password. This is only exploitable if: 1) Logging is enabled; 2) Redis is using password authentication; 3) Those logs are accessible to an attacker, who can reach that redis instance. **Note:** It is recommended that anyone who is running in this configuration should update to the latest version of Ray, then rotate their redis password.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1979.json

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1979.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1979

reference_id

reference_type

scores

value	0.0006
scoring_system	epss
scoring_elements	0.19166
published_at	2026-06-12T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.19001
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1979

reference_url	https://github.com/advisories/GHSA-w4rh-fgx7-q63m
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-w4rh-fgx7-q63m

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/ray/PYSEC-2025-23.yaml

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/ray/PYSEC-2025-23.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-1979

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-1979

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2350231
reference_id	2350231
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2350231

reference_url

https://github.com/ray-project/ray/issues/50266

reference_id

50266

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:13:32Z/

url

https://github.com/ray-project/ray/issues/50266

reference_url

https://github.com/ray-project/ray/pull/50409

reference_id

50409

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:13:32Z/

url

https://github.com/ray-project/ray/pull/50409

reference_url

https://github.com/ray-project/ray/commit/64a2e4010522d60b90c389634f24df77b603d85d

reference_id

64a2e4010522d60b90c389634f24df77b603d85d

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:13:32Z/

url

https://github.com/ray-project/ray/commit/64a2e4010522d60b90c389634f24df77b603d85d

reference_url

https://security.snyk.io/vuln/SNYK-PYTHON-RAY-8745212

reference_id

SNYK-PYTHON-RAY-8745212

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:13:32Z/

url

https://security.snyk.io/vuln/SNYK-PYTHON-RAY-8745212

fixed_packages

url pkg:pypi/ray@2.43.0

purl pkg:pypi/ray@2.43.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-43df-gr6k-5ygs

vulnerability	VCID-bf2z-xe6r-zqgt

vulnerability	VCID-jrbh-pyq6-kqbb

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ray@2.43.0

aliases CVE-2025-1979, GHSA-w4rh-fgx7-q63m, PYSEC-2025-23

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ryw5-w6de-97d2

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ray@2.9.1

Package Instance