Ray Support & Health

GHSA-3pww-qvr8-6mhp CVSS_V3

Ray Path Traversal vulnerability

Published: 2023-11-16 Fixed in: 2.8.1

GHSA-6cxr-8q3m-jwrr CVSS_V3

Ray Missing Authorization vulnerability

Published: 2023-11-16 Fixed in: 2.8.1

GHSA-6wgj-66m2-xxp2 CVSS_V3

Ray has arbitrary code execution via jobs submission API

Published: 2023-11-28 No fix available

GHSA-gx77-xgc2-4888 CVSS_V4

Ray's New Token Authentication is Disabled By Default

Published: 2025-11-27 No fix available

GHSA-h3xg-wv58-5p43 CVSS_V3

Ray OS Command Injection vulnerability

Published: 2023-11-16 Fixed in: 2.8.1

GHSA-mw35-8rx3-xf9r CVSS_V4

Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization

Published: 2026-04-24 Fixed in: 2.55.0

GHSA-q279-jhrf-cc6v CVSS_V4

Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack

Published: 2025-11-26 Fixed in: 2.52.0

GHSA-q5fh-2hc8-f6rq CVSS_V3

Ray dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)

Published: 2026-02-20 Fixed in: 2.54.0

GHSA-w4rh-fgx7-q63m CVSS_V3

ray vulnerable to Insertion of Sensitive Information into Log File

Published: 2025-03-06 Fixed in: 2.43.0

PYSEC-2025-23 Unknown

Published: 2025-03-06 Fixed in: 64a2e4010522d60b90c389634f24df77b603d85d

Ray