| CVE-2026-41486 |
high |
8.8 |
8.8 |
|
|
|
26d ago |
Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization |
| CVE-2023-48022 |
unknown |
— |
1.0 |
|
|
|
3y ago |
Ray has arbitrary code execution via jobs submission API |
| CVE-2023-6020 |
unknown |
— |
1.0 |
|
|
|
3y ago |
Ray Missing Authorization vulnerability |
| CVE-2023-6019 |
unknown |
— |
1.0 |
|
|
|
3y ago |
Ray OS Command Injection vulnerability |
| CVE-2026-32981 |
unknown |
— |
— |
|
|
|
3mo ago |
A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static fil… |
| CVE-2026-27482 |
unknown |
— |
— |
|
|
|
3mo ago |
Ray dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion) |
| CVE-2025-34351 |
unknown |
— |
— |
|
|
|
6mo ago |
Ray's New Token Authentication is Disabled By Default |
| CVE-2025-62593 |
unknown |
— |
— |
|
|
|
6mo ago |
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack |
| CVE-2025-1979 |
unknown |
— |
— |
|
|
|
1y ago |
Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is… |
| CVE-2024-57000 |
unknown |
— |
— |
|
|
|
1y ago |
Withdrawn Advisory: Command injection in Ray |
| CVE-2023-6021 |
unknown |
— |
— |
|
|
|
3y ago |
Ray Path Traversal vulnerability |
