Latest version: v2.39.0
| CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
|---|---|---|---|---|---|
| PVE-2023-63050 | 63050 |
Ray 2.9.0 upgrades grpc from 1.50.2 to 1.57.1 to include security pat… |
|
- | - |
| CVE-2023-6020 | 62649 |
Ray 2.8.1 includes a fix for CVE-2023-6020: LFI in Ray's /static/ dir… |
|
HIGH | 7.5 |
| CVE-2023-48023 | 62651 |
Ray 2.8.1 includes a fix for CVE-2023-48023: Anyscale Ray 2.6.3 and 2… |
|
CRITICAL | 9.1 |
| CVE-2023-6021 | 62650 |
Ray 2.8.1 includes a fix for CVE-2023-6021: LFI in Ray's log API endp… |
|
HIGH | 7.5 |
| CVE-2023-6019 | 62632 |
Ray 2.8.1 includes a fix for CVE-2023-6019: A command injection exist… |
|
CRITICAL | 9.8 |
| PVE-2024-70485 | 70485 |
Ray version 2.11.0 includes a fix for a race condition issue that occ… |
|
- | - |
| CVE-2021-45105 | 43437 |
Ray 1.9.2 updates its dependency 'log4j' to v2.17.0 to include a secu… |
|
MEDIUM | 5.9 |
| CVE-2021-44228 | 43413 |
Ray 1.9.1 updates its dependency 'log4j' to v2.16.0 to include securi… |
|
CRITICAL | 10.0 |
| CVE-2021-45046 | 43415 |
Ray 1.9.1 updates its dependency 'log4j' to v2.16.0 to include securi… |
|
CRITICAL | 9.0 |
| PVE-2021-42426 | 42426 |
Ray 1.8.0 fixes a race condition for the stats_fn when using multi-gp… |
|
HIDDEN | X.Y |
| CVE-2021-44832 | 44466 |
Ray 1.10.0 updates its dependency 'log4j' to v2.17.1 to include a sec… |
|
MEDIUM | 6.6 |
| CVE-2023-48022 | 65189 |
Ray allows a remote attacker to execute arbitrary code via the job su… |
|
CRITICAL | 9.8 |