Ray 2.49.0 < 2.55.0 Remote Code Execution (CVE-2026-41486)

The version of Ray installed on the remote host is = 2.49.0 and prior to 2.55.0. It is, therefore, affected by a remote code execution vulnerability: - Ray Data registers custom Arrow extension types globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension types, i...

aana (>=0.2.1 <=0.2.4), abao-ai (=0.0.5) +1069 more potentially affected by CVE-2026-32981 via ray (>=0.5.0 <=2.8.0)

ray PYPI version =0.5.0, =0.2.1, =0.0.6, =0.0.1b1, =0.1.1, =0.2.0, =0.0.2, =0.1.1, =0.2.0, =0.0.1, =0.0.0, =0.2.11 and more Source cves: CVE-2026-32981 Source advisory: OSV:PYSEC-2026-130...

ablator (>=0.0.1b1 <=0.0.1b2), ablator-ken-test (=0.0.1b2) +190 more potentially affected by CVE-2026-27482 via ray (>=2.0.0 <=2.53.0)

ray PYPI version =2.0.0, =0.0.1b1, =0.2.5, =0.3.1, =0.2.2, =1.1.1, =0.1.0, =0.1.0, =0.1.1 - autogenesis =0.0.1 and more Source cves: CVE-2026-27482 Source advisory: SNYK:PYTHON-RAY-15325639...

ablator (>=0.0.1b1 <=0.0.1b2), ablator-ken-test (=0.0.1b2) +265 more potentially affected by CVE-2025-34351 via ray (>=0.5.0 <=2.51.2)

ray PYPI version =0.5.0, =0.0.1b1, =0.1.1, =0.0.3, =0.3.1, =0.1.16, =0.1.4, =0.2.1, =1.1.1, =0.1.3, =1.0.11 and more Source cves: CVE-2025-34351 Source advisory: OSV:GHSA-GX77-XGC2-4888...

Arbitrary Code Injection

Overview ray is an A system for parallel and distributed Python that unifies the ML ecosystem. Affected versions of this package are vulnerable to Arbitrary Code Injection via insufficient validation of the User-Agent header in browser requests. An attacker can execute arbitrary code on the host...

ablator (>=0.0.1b1 <=0.0.1b2), ablator-ken-test (=0.0.1b2) +171 more potentially affected by CVE-2025-62593 via ray (>=2.0.0 <=2.51.2)

ray PYPI version =2.0.0, =0.0.1b1, =0.2.5, =0.3.1, =0.2.2, =1.1.1, =0.5.3b20221011, =1.4.1b20251203 - autogluon-assistant =1.0.0 - autogluon-bench =0.2.0 and more Source cves: CVE-2025-62593 Source advisory: SNYK:PYTHON-RAY-14129882...

CVE-2025-62593 Ray is vulnerable to RCE via Safari & Firefox Browsers through DNS Rebinding Attack

Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense us...

ablator (>=0.0.1b1 <=0.0.1b2), ablator-ken-test (=0.0.1b2) +265 more potentially affected by CVE-2025-62593 via ray (>=0.5.0 <=2.51.2)

ray PYPI version =0.5.0, =0.0.1b1, =0.1.1, =0.0.3, =0.3.1, =0.1.16, =0.1.4, =0.2.1, =1.1.1, =0.1.3, =1.0.11 and more Source cves: CVE-2025-62593 Source advisory: OSV:GHSA-Q279-JHRF-CC6V...

EUVD-2008-2497

Malware in sbrugna...

EUVD-2011-3501

Malware in sbrugna...

EUVD-2025-6129

Malicious code in bioql PyPI...

CVE-2025-45332

vkoskiv c-ray 1.1 contains a Null Pointer Dereference NPD vulnerability in the parsemtllib function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes...

ray vulnerable to Insertion of Sensitive Information into Log File

Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could potentially leak the password. This is only...

GHSA-W4RH-FGX7-Q63M ray vulnerable to Insertion of Sensitive Information into Log File

Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could potentially leak the password. This is only...

ablator (>=0.0.1b1 <=0.0.1b2), ablator-ken-test (=0.0.1b2) +226 more potentially affected by CVE-2025-1979 via ray (>=0.5.0 <=2.42.1)

ray PYPI version =0.5.0, =0.0.1b1, =0.1.1, =0.0.3, =0.1.16, =0.1.4, =0.2.1, =1.1.1, =0.1.3, =1.0.11 - argos-trains =0.1.0 and more Source cves: CVE-2025-1979 Source advisory: OSV:PYSEC-2025-23...

ablator (>=0.0.1b1 <=0.0.1b2), ablator-ken-test (=0.0.1b2) +131 more potentially affected by CVE-2025-1979 via ray (>=2.0.0 <=2.42.1)

ray PYPI version =2.0.0, =0.0.1b1, =0.2.5, =0.2.2, =1.1.1, =0.5.3b20221011, =0.1.1b20230324, =0.4.2 and more Source cves: CVE-2025-1979 Source advisory: SNYK:PYTHON-RAY-8745212...

Insertion of Sensitive Information into Log File

Overview ray is an A system for parallel and distributed Python that unifies the ML ecosystem. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as ...

ablator (>=0.0.1b1 <=0.0.1b2), ablator-ken-test (=0.0.1b2) +255 more potentially affected by CVE-2023-48022 via ray (>=0.5.0 <=2.49.2)

ray PYPI version =0.5.0, =0.0.1b1, =0.1.1, =0.0.3, =0.3.1, =0.1.16, =0.1.4, =0.2.1, =1.1.1, =0.1.3, =1.0.11 and more Source cves: CVE-2023-48022 Source advisory: OSV:GHSA-6WGJ-66M2-XXP2...

aana (>=0.2.1 <=0.2.4), abao-ai (=0.0.5) +1069 more potentially affected by CVE-2023-48022 +4 more via ray (>=0.5.0 <=2.8.0)

ray PYPI version =0.5.0, =0.2.1, =0.0.6, =0.0.1b1, =0.1.1, =0.2.0, =0.0.2, =0.1.1, =0.2.0, =0.0.1, =0.0.0, =0.2.11 and more Source cves: CVE-2023-48022, CVE-2023-48023, CVE-2023-6019, CVE-2023-6020, CVE-2023-6021 Source advisory: OSV:GHSA-6CXR-8Q3M-JWRR...

aana (>=0.2.1 <=0.2.4), abao-ai (=0.0.5) +1069 more potentially affected by CVE-2023-48022 +4 more via ray (>=0.5.0 <=2.8.0)

ray PYPI version =0.5.0, =0.2.1, =0.0.6, =0.0.1b1, =0.1.1, =0.2.0, =0.0.2, =0.1.1, =0.2.0, =0.0.1, =0.0.0, =0.2.11 and more Source cves: CVE-2023-48022, CVE-2023-48023, CVE-2023-6019, CVE-2023-6020, CVE-2023-6021 Source advisory: OSV:GHSA-H3XG-WV58-5P43...