HIGH 7.3 PyPI
GHSA-36fq-jgmw-4r9c · CVE-2025-9906, PYSEC-2025-76 Keras is vulnerable to Deserialization of Untrusted Data
Modified: 5/29/2026
package
PyPI / keras
pkg:pypi/keras
HIGH PyPI
GHSA-36rr-ww3j-vrjv · CVE-2025-9905, PYSEC-2025-123 The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.
Modified: 5/20/2026
HIGH 7.1 PyPI
GHSA-3m4q-jmj6-r34q · CVE-2026-1669 Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading
Modified: 2/22/2026
HIGH PyPI
GHSA-48g7-3x6r-xfhp · CVE-2025-1550, PYSEC-2025-122 Arbitrary Code Execution via Crafted Keras Config for Model Loading
Modified: 5/20/2026
HIGH 8.8 PyPI
GHSA-4f3f-g24h-fr8m · CVE-2026-1462 Keras has an untrusted deserialization vulnerability
Modified: 5/18/2026
HIGH 8.8 PyPI
GHSA-c9rc-mg46-23w3 · CVE-2025-8747, PYSEC-2025-75 Keras vulnerable to CVE-2025-1550 bypass via reuse of internal functionality
Modified: 5/29/2026
MEDIUM PyPI
GHSA-cjgq-5qmw-rcj6 · CVE-2024-55459, PYSEC-2025-121 keras Path Traversal vulnerability
Modified: 5/20/2026
CRITICAL 9.8 PyPI
GHSA-cvhh-q5g5-qprp · CVE-2025-49655 Keras framework vulnerable to deserialization of untrusted data
Modified: 10/17/2025
CRITICAL 9.8 PyPI
GHSA-hjqc-jx6g-rwp9 · CVE-2025-12060 Keras Directory Traversal Vulnerability
Modified: 12/2/2025
HIGH PyPI
GHSA-mgx6-5cf9-rr43 · CVE-2026-0897, PYSEC-2026-73 Keras vulnerable to DoS via Malicious .keras Model (HDF5 Shape Bomb Causes Petabyte Allocation in KerasFileEditor)
Modified: 5/20/2026
MEDIUM PyPI
GHSA-mq84-hjqx-cwf2 · CVE-2025-12058, GHSA-qg93-c7p6-gg7f Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery
Modified: 3/12/2026
CRITICAL 9.8 PyPI
GHSA-x4wf-678h-2pmq · CVE-2024-3660 Keras code injection vulnerability
Modified: 8/2/2024
MEDIUM 6.5 PyPI
PYSEC-2025-121 · CVE-2024-55459, GHSA-cjgq-5qmw-rcj6 Modified: 5/21/2026
CRITICAL 9.8 PyPI
PYSEC-2025-122 · CVE-2025-1550, GHSA-48g7-3x6r-xfhp Modified: 5/20/2026
HIGH 7.3 PyPI
PYSEC-2025-123 · CVE-2025-9905, GHSA-36rr-ww3j-vrjv Modified: 5/20/2026
HIGH 7.8 PyPI
PYSEC-2025-75 · CVE-2025-8747, GHSA-c9rc-mg46-23w3 Modified: 5/19/2026
HIGH 7.3 PyPI
PYSEC-2025-76 · CVE-2025-9906, GHSA-36fq-jgmw-4r9c Modified: 5/19/2026
HIGH 7.5 PyPI
PYSEC-2026-73 · CVE-2026-0897, GHSA-mgx6-5cf9-rr43 Modified: 5/20/2026