CRITICAL 9.3 PyPI
GHSA-3pww-qvr8-6mhp · CVE-2023-6021 Ray Path Traversal vulnerability
Modified: 1/9/2025
package
PyPI / ray
pkg:pypi/ray
CRITICAL 9.3 PyPI
GHSA-6cxr-8q3m-jwrr · CVE-2023-6020 Ray Missing Authorization vulnerability
Modified: 1/9/2025
CRITICAL 9.8 PyPI
GHSA-6wgj-66m2-xxp2 · CVE-2023-48022 Ray has arbitrary code execution via jobs submission API
Modified: 2/4/2026
CRITICAL PyPI
GHSA-gx77-xgc2-4888 · CVE-2025-34351 Ray's New Token Authentication is Disabled By Default
Modified: 2/4/2026
CRITICAL 9.8 PyPI
GHSA-h3xg-wv58-5p43 · CVE-2023-6019 Ray OS Command Injection vulnerability
Modified: 1/9/2025
HIGH 7.5 PyPI
GHSA-j3mh-qmjj-xp83 · CVE-2026-32981, PYSEC-2026-130 Ray Dashboard is vulnerable to path traversal through its static file handling mechanism
Modified: 6/9/2026
HIGH PyPI
GHSA-mw35-8rx3-xf9r · CVE-2026-41486 Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization
Modified: 5/13/2026
CRITICAL PyPI
GHSA-q279-jhrf-cc6v · CVE-2025-62593 Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
Modified: 2/4/2026
MEDIUM 5.9 PyPI
GHSA-q5fh-2hc8-f6rq · CVE-2026-27482 Ray dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)
Modified: 2/24/2026
MEDIUM 6.4 PyPI
GHSA-w4rh-fgx7-q63m · CVE-2025-1979, PYSEC-2025-23 ray vulnerable to Insertion of Sensitive Information into Log File
Modified: 2/4/2026
— PyPI
PYSEC-2025-23 · CVE-2025-1979, GHSA-w4rh-fgx7-q63m Modified: 6/10/2026
HIGH 7.5 PyPI
PYSEC-2026-130 · CVE-2026-32981, GHSA-j3mh-qmjj-xp83 Modified: 6/10/2026