Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-4f3f-g24h-fr8m
  • PyPI/keras
 Keras has an untrusted deserialization vulnerability 4 days ago
  • Fix available
  • Severity - 8.8 (High)
GHSA-3m4q-jmj6-r34q
  • PyPI/keras
 Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading 18 Feb
  • Fix available
  • Severity - 7.1 (High)
GHSA-xfhx-r7ww-5995
  • PyPI/keras
 Google Keras Allocates Resources Without Limits or Throttling in the HDF5 weight loading component 15 Jan
  • Fix available
  • Severity - 7.1 (High)
GHSA-hjqc-jx6g-rwp9
  • PyPI/keras
 Keras Directory Traversal Vulnerability 02 Dec 2025
  • Fix available
  • Severity - 8.9 (High)
GHSA-mq84-hjqx-cwf2
  • PyPI/keras
 Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery 29 Oct 2025
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-cvhh-q5g5-qprp
  • PyPI/keras
 Keras framework vulnerable to deserialization of untrusted data 17 Oct 2025
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-36rr-ww3j-vrjv
  • PyPI/keras
 The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded. 19 Sep 2025
  • Fix available
  • Severity - 8.7 (High)
GHSA-36fq-jgmw-4r9c
  • PyPI/keras
 Keras is vulnerable to Deserialization of Untrusted Data 19 Sep 2025
  • Fix available
  • Severity - 8.7 (High)
GHSA-c9rc-mg46-23w3
  • PyPI/keras
 Keras vulnerable to CVE-2025-1550 bypass via reuse of internal functionality 12 Aug 2025
  • Fix available
  • Severity - 8.8 (High)
GHSA-48g7-3x6r-xfhp
  • PyPI/keras
 Arbitrary Code Execution via Crafted Keras Config for Model Loading 11 Mar 2025
  • Fix available
  • Severity - 7.3 (High)
GHSA-cjgq-5qmw-rcj6
  • PyPI/keras
 keras Path Traversal vulnerability 08 Jan 2025
  • No fix available
  • Severity - 5.5 (Medium)
MAL-2024-10649
  • PyPI/keras-preprocess
 Malicious code in keras-preprocess (PyPI) 06 Nov 2024
  • No fix available
GHSA-x4wf-678h-2pmq
  • PyPI/keras
 Keras code injection vulnerability 16 Apr 2024
  • Fix available
  • Severity - 9.3 (Critical)
MAL-2023-1383
  • PyPI/opencv-keras
 Malicious code in opencv-keras (PyPI) 20 May 2023
  • No fix available
MAL-2023-1373
  • PyPI/keras-arg
 Malicious code in keras-arg (PyPI) 20 May 2023
  • No fix available
MAL-2023-1374
  • PyPI/keras-beautifulsoup
 Malicious code in keras-beautifulsoup (PyPI) 20 May 2023
  • No fix available