PyPi: Ray

CVE-2025-1979

Safety vulnerability ID: 76318

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 06, 2025 Updated at Mar 28, 2025

Scan your Python projects for vulnerabilities →

Advisory

Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could potentially leak the password.

Affected package

ray

Latest version: 2.44.1

Ray provides a simple, universal API for building distributed applications.

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/advisories/GHSA-w4rh-fgx7-q63m
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1979

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application