Browse all 7 CVE security advisories affecting ray-project. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Ray-project is an open-source framework for building distributed applications, commonly used in machine learning and data processing environments. Historically, it has been susceptible to remote code execution (RCE) vulnerabilities, cross-site scripting (XSS), and privilege escalation flaws, often stemming from improper input validation and insecure deserialization. The project has addressed multiple critical security issues, including a 2023 RCE vulnerability (CVE-2023-48022) that allowed attackers to execute arbitrary code through crafted serialized data. While no major public breaches have been reported, the consistent discovery of similar vulnerability classes suggests ongoing challenges in securing its distributed computing components.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41486 | Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization — rayCWE-94 | - | - | 2026-05-08 |
| CVE-2026-32981 | Ray Dashboard <= 2.8.0 Path Traversal Leading to Local File Disclosure — RayCWE-22 | 7.5 | High | 2026-03-17 |
| CVE-2026-27482 | Ray: Dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion) — rayCWE-396 | 5.9 | Medium | 2026-02-21 |
| CVE-2025-62593 | Ray is vulnerable to RCE via Safari & Firefox Browsers through DNS Rebinding Attack — rayCWE-94 | 9.6AI | CriticalAI | 2025-11-26 |
| CVE-2023-6020 | Ray Static File Local File Include — ray-project/rayCWE-862 | 7.5 | - | 2023-11-16 |
| CVE-2023-6019 | Ray Command Injection in cpu_profile Parameter — ray-project/rayCWE-78 | 9.8 | Critical | 2023-11-16 |
| CVE-2023-6021 | Ray Log File Local File Include — ray-project/rayCWE-29 | 7.5 | High | 2023-11-16 |
This page lists every published CVE security advisory associated with ray-project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.