Ray

This hub aggregates every CVE we track for Ray, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 11 most recently published vulnerabilities affecting Ray.

• CVE-2026-41486Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization8.8May 8, 2026
• CVE-2026-32981Ray Dashboard <= 2.8.0 Path Traversal Leading to Local File Disclosure7.5Mar 17, 2026
• CVE-2026-27482Ray: Dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)5.9Feb 21, 2026
• CVE-2025-62593Ray is vulnerable to RCE via Safari & Firefox Browsers through DNS Rebinding Attack9.6Nov 26, 2025
• CVE-2025-1979Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password ...6.4Mar 6, 2025
• CVE-2023-48023Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a ...9.1Nov 28, 2023
• CVE-2023-48022Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in i...9.8Nov 28, 2023
• CVE-2023-6020Ray Static File Local File Include7.5Nov 16, 2023
• CVE-2023-6019Ray Command Injection in cpu_profile Parameter9.8Nov 16, 2023
• CVE-2023-6021Ray Log File Local File Include7.5Nov 16, 2023
• CVE-2008-3166PHP remote file inclusion vulnerability in modules/global/inc/content.inc.php in BoonEx Ray 3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in...9.3Jul 14, 2008