Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/keras@3.12.2

Type pypi

Namespace

Name keras

Version 3.12.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-1xj9-1kng-8ua4

vulnerability_id VCID-1xj9-1kng-8ua4

summary Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.

references

reference_url

https://github.com/keras-team/keras/pull/21880

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://github.com/keras-team/keras/pull/21880

fixed_packages

url pkg:pypi/keras@3.13.1

purl pkg:pypi/keras@3.13.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ptyp-n4df-aqf1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.13.1

aliases CVE-2026-0897, PYSEC-2026-73

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1xj9-1kng-8ua4

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.12.2

Package Instance