from 0
CRITICAL9.8CVE-2025-49655Keras framework vulnerable to deserialization of untrusted data from 0
from 0
HIGH8.8Keras has an untrusted deserialization vulnerability
from 0
HIGH8.1Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in `keras/src/utils/fil…
from 0
HIGH8.0Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.get_file() function when extracting tar archives.
from 0
HIGH7.5Duplicate Advisory: Google Keras Allocates Resources Without Limits or Throttling in the HDF5 weight loading component
from 0
HIGH7.3The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.
from 0
HIGH7.3Keras is vulnerable to Deserialization of Untrusted Data
from 0
HIGH7.1Duplicate Advisory: Keras vulnerable to arbitrary file read in the model loading mechanism (HDF5 integration)
from 0
MEDIUM6.5keras Path Traversal vulnerability
from 0
—Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery
from 0