Package impact

PyPI / keras

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2026-0897	high	—	8.0				28d ago	Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (…
CVE-2025-1550	unknown	—	1.0				1y ago	The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the a…
CVE-2026-1462	unknown	—	—				2mo ago	A vulnerability in the `TFSMLayer` class of the `keras` package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of `.keras` models, even when `s…
CVE-2026-1669	unknown	—	—				4mo ago	Duplicate Advisory: Keras vulnerable to arbitrary file read in the model loading mechanism (HDF5 integration)
CVE-2025-12060	unknown	—	—				6mo ago	Keras Directory Traversal Vulnerability
CVE-2025-12058	unknown	—	—				7mo ago	Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery
CVE-2025-49655	unknown	—	—				8mo ago	Keras framework vulnerable to deserialization of untrusted data
CVE-2025-9905	unknown	—	—				9mo ago	The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Mod…
CVE-2025-9906	unknown	—	—				9mo ago	Keras is vulnerable to Deserialization of Untrusted Data
CVE-2025-8747	unknown	—	—				10mo ago	Keras vulnerable to CVE-2025-1550 bypass via reuse of internal functionality
CVE-2024-55459	unknown	—	—				1y ago	An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.
CVE-2024-3660	unknown	—	—				2y ago	Keras code injection vulnerability