Every CVE whose affected-product data names Anyscale Ray, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2023-48022 — CVSS 9.8 (critical): Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is…
CVE-2023-48023 — CVSS 9.1 (critical): Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated…
CVE-2026-41486 — CVSS 8.8 (high): Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types…
CVE-2026-57516 — CVSS 8.8 (high): Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code…
CVE-2026-32981 — CVSS 7.5 (high): A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2.8.1. Due to improper…
CVE-2026-27482 — CVSS 5.9 (medium): Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover…