Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/keras@3.0.2

Type pypi

Namespace

Name keras

Version 3.0.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.13.2

Latest_non_vulnerable_version 3.13.2

Affected_by_vulnerabilities

url VCID-1xj9-1kng-8ua4

vulnerability_id VCID-1xj9-1kng-8ua4

summary Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0897.json

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0897.json

reference_url

https://github.com/keras-team/keras

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keras-team/keras

reference_url

https://github.com/keras-team/keras/commit/7360d4f0d764fbb1fa9c6408fe53da41974dd4f6

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keras-team/keras/commit/7360d4f0d764fbb1fa9c6408fe53da41974dd4f6

reference_url

https://github.com/keras-team/keras/commit/f704c887bf459b42769bfc8a9182f838009afddb

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keras-team/keras/commit/f704c887bf459b42769bfc8a9182f838009afddb

reference_url

https://github.com/keras-team/keras/pull/21880

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keras-team/keras/pull/21880

reference_url

https://github.com/keras-team/keras/pull/22081

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keras-team/keras/pull/22081

reference_url

https://github.com/keras-team/keras/security/advisories/GHSA-mgx6-5cf9-rr43

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keras-team/keras/security/advisories/GHSA-mgx6-5cf9-rr43

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2430027
reference_id	2430027
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2430027

reference_url	https://access.redhat.com/errata/RHSA-2026:3713
reference_id	RHSA-2026:3713
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3713

reference_url	https://access.redhat.com/errata/RHSA-2026:3782
reference_id	RHSA-2026:3782
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3782

reference_url	https://access.redhat.com/errata/RHSA-2026:4271
reference_id	RHSA-2026:4271
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4271

fixed_packages

url pkg:pypi/keras@3.12.1

purl pkg:pypi/keras@3.12.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.12.1

url pkg:pypi/keras@3.13.1

purl pkg:pypi/keras@3.13.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ptyp-n4df-aqf1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.13.1

url	pkg:pypi/keras@3.13.2
purl	pkg:pypi/keras@3.13.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.13.2

aliases CVE-2026-0897, GHSA-mgx6-5cf9-rr43, PYSEC-2026-73

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1xj9-1kng-8ua4

url VCID-dy5p-938j-d7fr

vulnerability_id VCID-dy5p-938j-d7fr

summary

The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True.

One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed.

This is achieved by crafting a special .h5 archive file that uses the Lambda layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the safe_mode=True option is not honored when reading .h5 archives.

Note that the .h5/.hdf5 format is a legacy format supported by Keras 3 for backwards compatibility.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9905.json

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9905.json

reference_url

https://github.com/keras-team/keras

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keras-team/keras

reference_url

https://github.com/keras-team/keras/pull/21602

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keras-team/keras/pull/21602

reference_url

https://github.com/keras-team/keras/security/advisories/GHSA-36rr-ww3j-vrjv

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keras-team/keras/security/advisories/GHSA-36rr-ww3j-vrjv

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2396645
reference_id	2396645
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2396645

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-9905

reference_id

CVE-2025-9905

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-9905

reference_url	https://github.com/advisories/GHSA-36rr-ww3j-vrjv
reference_id	GHSA-36rr-ww3j-vrjv
reference_type
scores
url	https://github.com/advisories/GHSA-36rr-ww3j-vrjv

reference_url	https://access.redhat.com/errata/RHSA-2025:22759
reference_id	RHSA-2025:22759
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22759

reference_url	https://access.redhat.com/errata/RHSA-2025:23531
reference_id	RHSA-2025:23531
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23531

fixed_packages

url pkg:pypi/keras@3.11.3

purl pkg:pypi/keras@3.11.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.11.3

aliases CVE-2025-9905, GHSA-36rr-ww3j-vrjv, PYSEC-2025-123

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dy5p-938j-d7fr

url VCID-gu8d-jjtb-zuau

vulnerability_id VCID-gu8d-jjtb-zuau

summary The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, to be loaded and executed during model loading.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1550.json

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1550.json

reference_url

https://github.com/keras-team/keras

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keras-team/keras

reference_url

https://github.com/keras-team/keras/commit/e67ac8ffd0c883bec68eb65bb52340c7f9d3a903

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keras-team/keras/commit/e67ac8ffd0c883bec68eb65bb52340c7f9d3a903

reference_url

https://github.com/keras-team/keras/pull/20751

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	7.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keras-team/keras/pull/20751

reference_url

https://github.com/keras-team/keras/releases/tag/v3.9.0

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keras-team/keras/releases/tag/v3.9.0

reference_url

https://towerofhanoi.it/writeups/cve-2025-1550/

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://towerofhanoi.it/writeups/cve-2025-1550/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2351304
reference_id	2351304
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2351304

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-1550

reference_id

CVE-2025-1550

reference_type

scores

value	7.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-1550

reference_url	https://github.com/advisories/GHSA-48g7-3x6r-xfhp
reference_id	GHSA-48g7-3x6r-xfhp
reference_type
scores
url	https://github.com/advisories/GHSA-48g7-3x6r-xfhp

reference_url

https://github.com/keras-team/keras/security/advisories/GHSA-48g7-3x6r-xfhp

reference_id

GHSA-48g7-3x6r-xfhp

reference_type

scores

value	7.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keras-team/keras/security/advisories/GHSA-48g7-3x6r-xfhp

fixed_packages

url pkg:pypi/keras@3.8.0

purl pkg:pypi/keras@3.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.8.0

url pkg:pypi/keras@3.9.0

purl pkg:pypi/keras@3.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.9.0

aliases CVE-2025-1550, GHSA-48g7-3x6r-xfhp, PYSEC-2025-122

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gu8d-jjtb-zuau

Fixing_vulnerabilities

Risk_score 4.4

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.0.2

Package Instance