Lucene search
K

24 matches found

CVE
CVE
added 6 days ago19 views

CVE-2026-57516

Ray prior to 2.56.0 is affected via the WebDataset reader flaw in which _default_decoder() deserializes tar entries using pickle.loads for .pkl/.pickle and torch.load for .pt/.pth, enabling remote code execution inside Ray remote workers when processing a malicious tar archive. Affected component...

8.8CVSS6.6AI score0.00483EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-516 Ray Missing Authorization vulnerability

LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers response can be found here:...

9.3CVSS7AI score0.81512EPSS
Exploits22References7
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.7 views

Ray 2.49.0 < 2.55.0 Remote Code Execution (CVE-2026-41486)

The version of Ray installed on the remote host is = 2.49.0 and prior to 2.55.0. It is, therefore, affected by a remote code execution vulnerability: - Ray Data registers custom Arrow extension types globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension types, i...

8.9CVSS6.4AI score0.00473EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/03/17 9:31 p.m.7 views

aana (>=0.2.1 <=0.2.4), abao-ai (=0.0.5) +1094 more potentially affected by CVE-2026-32981 via ray (>=0.5.0 <=2.8.0)

ray PYPI version =0.5.0, =0.2.1, =0.0.6, =0.0.1b1, =0.1.1, =0.2.0, =0.0.2, =0.1.1, =0.2.0, =0.0.1, =0.0.0, =0.2.11 and more Source cves: CVE-2026-32981 Source advisory: OSV:GHSA-J3MH-QMJJ-XP83...

8.7CVSS7.2AI score0.00929EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/17 8:16 p.m.10 views

aana (>=0.2.1 <=0.2.4), abao-ai (=0.0.5) +1094 more potentially affected by CVE-2026-32981 via ray (>=0.5.0 <=2.8.0)

ray PYPI version =0.5.0, =0.2.1, =0.0.6, =0.0.1b1, =0.1.1, =0.2.0, =0.0.2, =0.1.1, =0.2.0, =0.0.1, =0.0.0, =0.2.11 and more Source cves: CVE-2026-32981 Source advisory: OSV:PYSEC-2026-130...

8.7CVSS7.2AI score0.00929EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/20 9:15 p.m.8 views

ablator (>=0.0.1b1 <=0.0.1b2), ablator-ken-test (=0.0.1b2) +190 more potentially affected by CVE-2026-27482 via ray (>=2.0.0 <=2.53.0)

ray PYPI version =2.0.0, =0.0.1b1, =0.2.5, =0.3.1, =0.2.2, =1.1.1, =0.1.0, =0.1.0, =0.1.1 - autogenesis =0.0.1 and more Source cves: CVE-2026-27482 Source advisory: SNYK:PYTHON-RAY-15325639...

6.5CVSS5.7AI score0.00256EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/11/27 3:30 a.m.6 views

ablator (>=0.0.1b1 <=0.0.1b2), ablator-ken-test (=0.0.1b2) +264 more potentially affected by CVE-2025-34351 via ray (>=0.5.0 <=2.51.2)

ray PYPI version =0.5.0, =0.0.1b1, =0.1.1, =0.0.3, =0.3.1, =0.1.16, =0.1.4, =0.2.1, =1.1.1, =0.1.3, =1.0.11 and more Source cves: CVE-2025-34351 Source advisory: OSV:GHSA-GX77-XGC2-4888...

5.7AI score0.00474EPSS
Exploits5
vulnersOsv
vulnersOsv
added 2025/11/26 10:44 p.m.11 views

ablator (>=0.0.1b1 <=0.0.1b2), ablator-ken-test (=0.0.1b2) +171 more potentially affected by CVE-2025-62593 via ray (>=2.0.0 <=2.51.2)

ray PYPI version =2.0.0, =0.0.1b1, =0.2.5, =0.3.1, =0.2.2, =1.1.1, =0.5.3b20221011, =1.4.1b20251203 - autogluon-assistant =1.0.0 - autogluon-bench =0.2.0 and more Source cves: CVE-2025-62593 Source advisory: SNYK:PYTHON-RAY-14129882...

9.4CVSS6.6AI score0.00338EPSS
Exploits0
Snyk
Snyk
added 2025/11/26 10:44 p.m.4 views

Arbitrary Code Injection

Overview ray is an A system for parallel and distributed Python that unifies the ML ecosystem. Affected versions of this package are vulnerable to Arbitrary Code Injection via insufficient validation of the User-Agent header in browser requests. An attacker can execute arbitrary code on the host...

9.6CVSS7.9AI score0.00338EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/26 10:28 p.m.13 views

CVE-2025-62593 Ray is vulnerable to RCE via Safari & Firefox Browsers through DNS Rebinding Attack

Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense us...

9.4CVSS0.00338EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/11/26 7:35 p.m.6 views

ablator (>=0.0.1b1 <=0.0.1b2), ablator-ken-test (=0.0.1b2) +264 more potentially affected by CVE-2025-62593 via ray (>=0.5.0 <=2.51.2)

ray PYPI version =0.5.0, =0.0.1b1, =0.1.1, =0.0.3, =0.3.1, =0.1.16, =0.1.4, =0.2.1, =1.1.1, =0.1.3, =1.0.11 and more Source cves: CVE-2025-62593 Source advisory: OSV:GHSA-Q279-JHRF-CC6V...

9.4CVSS6.6AI score0.00338EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2011-3501

Malware in sbrugna...

6.8CVSS6.4AI score0.02098EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-2497

Malware in sbrugna...

7.5CVSS6.4AI score0.01359EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2025-6129

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00179EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/06/27 12:16 a.m.8 views

CVE-2025-45332

vkoskiv c-ray 1.1 contains a Null Pointer Dereference NPD vulnerability in the parsemtllib function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes...

7.5CVSS6.5AI score0.00324EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/03/06 6:30 a.m.24 views

ray vulnerable to Insertion of Sensitive Information into Log File

Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could potentially leak the password. This is only...

6.4CVSS7.2AI score0.00179EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/03/06 6:30 a.m.20 views

GHSA-W4RH-FGX7-Q63M ray vulnerable to Insertion of Sensitive Information into Log File

Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could potentially leak the password. This is only...

6.4CVSS7.2AI score0.00179EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2025/03/06 5:15 a.m.8 views

ablator (>=0.0.1b1 <=0.0.1b2), ablator-ken-test (=0.0.1b2) +226 more potentially affected by CVE-2025-1979 via ray (>=0.5.0 <=2.42.1)

ray PYPI version =0.5.0, =0.0.1b1, =0.1.1, =0.0.3, =0.1.16, =0.1.4, =0.2.1, =1.1.1, =0.1.3, =1.0.11 - argos-trains =0.1.0 and more Source cves: CVE-2025-1979 Source advisory: OSV:PYSEC-2025-23...

6.4CVSS6.5AI score0.00179EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/02/11 4:10 a.m.7 views

ablator (>=0.0.1b1 <=0.0.1b2), ablator-ken-test (=0.0.1b2) +132 more potentially affected by CVE-2025-1979 via ray (>=2.0.0 <=2.42.1)

ray PYPI version =2.0.0, =0.0.1b1, =0.2.5, =0.2.2, =1.1.1, =0.5.3b20221011, =0.1.1b20230324, =0.4.2 and more Source cves: CVE-2025-1979 Source advisory: SNYK:PYTHON-RAY-8745212...

6.4CVSS6.5AI score0.00179EPSS
Exploits0
Snyk
Snyk
added 2025/02/11 4:10 a.m.5 views

Insertion of Sensitive Information into Log File

Overview ray is an A system for parallel and distributed Python that unifies the ML ecosystem. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as ...

6.4CVSS6.9AI score0.00179EPSS
Exploits0References2
Rows per page
Query Builder