pkg:PyPI/keras

All known vulnerabilities

• CRITICAL9.8CVE-2025-12060Keras Directory Traversal Vulnerability
  from 0, < 3.12.0
• CRITICAL9.8CVE-2025-49655Keras framework vulnerable to deserialization of untrusted data
  >= 3.11.0, < 3.11.3
• CRITICAL9.8CVE-2025-1550Arbitrary Code Execution via Crafted Keras Config for Model Loading
  >= 3.0.0, < 3.8.0
• CRITICAL9.8Arbitrary Code Execution via Crafted Keras Config for Model Loading
  >= 3.0.0, < 3.9.0
• CRITICAL9.8Keras code injection vulnerability
  from 0, < 2.13.1rc0
• HIGH8.8Keras has an untrusted deserialization vulnerability
  from 0, < 3.13.2
• HIGH8.8Keras vulnerable to CVE-2025-1550 bypass via reuse of internal functionality
  >= 3.0.0, < 3.11.0
• HIGH8.8Keras vulnerable to CVE-2025-1550 bypass via reuse of internal functionality
• HIGH7.5Duplicate Advisory: Google Keras Allocates Resources Without Limits or Throttling in the HDF5 weight loading component
  >= 3.0.0, < 3.13.1
• HIGH7.5Duplicate Advisory: Google Keras Allocates Resources Without Limits or Throttling in the HDF5 weight loading component
  >= 3.0.0, < 3.12.1
• HIGH7.5Duplicate Advisory: Google Keras Allocates Resources Without Limits or Throttling in the HDF5 weight loading component
  >= 3.0.0, < 3.12.1
• HIGH7.3The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.
  >= 3.0.0, < 3.11.3
• HIGH7.3The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.
  >= 3.0.0, < 3.11.3
• HIGH7.3Keras is vulnerable to Deserialization of Untrusted Data
• HIGH7.3Keras is vulnerable to Deserialization of Untrusted Data
  from 0, < 3.11.0
• HIGH7.1Duplicate Advisory: Keras vulnerable to arbitrary file read in the model loading mechanism (HDF5 integration)
  >= 3.13.0, < 3.13.2
• HIGH7.1Duplicate Advisory: Keras vulnerable to arbitrary file read in the model loading mechanism (HDF5 integration)
  >= 3.0.0, <= 3.13.1
• MEDIUM6.5keras Path Traversal vulnerability
  from 0, <= 3.7.0
• MEDIUM6.5keras Path Traversal vulnerability
  from 0, <= 3.7.0
• —Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery
  from 0, < 3.12.0