Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/732385?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/732385?format=api", "purl": "pkg:pypi/keras@1.0.8", "type": "pypi", "namespace": "", "name": "keras", "version": "1.0.8", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.13.2", "latest_non_vulnerable_version": "3.13.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49319?format=api", "vulnerability_id": "VCID-1wr2-9bym-kke5", "summary": "Keras Directory Traversal Vulnerability\nKeras's `keras.utils.get_file()` function is vulnerable to directory traversal attacks despite implementing `filter_safe_paths()`. The vulnerability exists because `extract_archive()` uses Python's `tarfile.extractall()` method without the security-critical `filter=\"data\"` parameter. A PATH_MAX symlink resolution bug occurs before path filtering, allowing malicious tar archives to bypass security checks and write files outside the intended extraction directory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12060.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12060.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12060", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28083", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28132", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12060" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12060", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12060" }, { "reference_url": "https://github.com/keras-team/keras", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keras-team/keras" }, { "reference_url": "https://github.com/keras-team/keras/commit/47fcb397ee4caffd5a75efd1fa3067559594e951", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keras-team/keras/commit/47fcb397ee4caffd5a75efd1fa3067559594e951" }, { "reference_url": "https://github.com/keras-team/keras/pull/21760", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-01T03:55:52Z/" } ], "url": "https://github.com/keras-team/keras/pull/21760" }, { "reference_url": "https://huntr.com/bounties/f94f5beb-54d8-4e6a-8bac-86d9aee103f4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.com/bounties/f94f5beb-54d8-4e6a-8bac-86d9aee103f4" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407443", "reference_id": "2407443", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407443" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12060", "reference_id": "CVE-2025-12060", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12060" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12638", "reference_id": "CVE-2025-12638", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12638" }, { "reference_url": "https://github.com/advisories/GHSA-hjqc-jx6g-rwp9", "reference_id": "GHSA-hjqc-jx6g-rwp9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hjqc-jx6g-rwp9" }, { "reference_url": "https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9", "reference_id": "GHSA-hjqc-jx6g-rwp9", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-01T03:55:52Z/" } ], "url": "https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22759", "reference_id": "RHSA-2025:22759", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22759" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23531", "reference_id": "RHSA-2025:23531", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23531" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5807", "reference_id": "RHSA-2026:5807", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5807" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/47087?format=api", "purl": "pkg:pypi/keras@3.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1xj9-1kng-8ua4" }, { "vulnerability": "VCID-aw3f-8xuy-d3gw" }, { "vulnerability": "VCID-ptyp-n4df-aqf1" }, { "vulnerability": "VCID-zsjb-zbnj-z3d8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.12.0" } ], "aliases": [ "CVE-2025-12060", "GHSA-hjqc-jx6g-rwp9" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1wr2-9bym-kke5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47487?format=api", "vulnerability_id": "VCID-3sjs-86sn-fbe2", "summary": "Keras code injection vulnerability\nA arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.59211", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.59207", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3660" }, { "reference_url": "https://github.com/keras-team/keras", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keras-team/keras" }, { "reference_url": "https://github.com/keras-team/keras/compare/r2.12...r2.13", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keras-team/keras/compare/r2.12...r2.13" }, { "reference_url": "https://kb.cert.org/vuls/id/253266", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-29T19:29:38Z/" } ], "url": "https://kb.cert.org/vuls/id/253266" }, { "reference_url": "https://www.kb.cert.org/vuls/id/253266", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-29T19:29:38Z/" } ], "url": "https://www.kb.cert.org/vuls/id/253266" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3660", "reference_id": "CVE-2024-3660", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3660" }, { "reference_url": "https://github.com/advisories/GHSA-x4wf-678h-2pmq", "reference_id": "GHSA-x4wf-678h-2pmq", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x4wf-678h-2pmq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69795?format=api", "purl": "pkg:pypi/keras@2.13.1rc0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1wr2-9bym-kke5" }, { "vulnerability": "VCID-4mb7-t1tm-eqf8" }, { "vulnerability": "VCID-4tbn-aaek-rkb9" }, { "vulnerability": "VCID-64yr-ww4w-ckdr" }, { "vulnerability": "VCID-aw3f-8xuy-d3gw" }, { "vulnerability": "VCID-c11z-ye25-k7eh" }, { "vulnerability": "VCID-h5tb-645a-3fdv" }, { "vulnerability": "VCID-x454-t8qh-k7g1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/keras@2.13.1rc0" } ], "aliases": [ "CVE-2024-3660", "GHSA-x4wf-678h-2pmq" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3sjs-86sn-fbe2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49274?format=api", "vulnerability_id": "VCID-4mb7-t1tm-eqf8", "summary": "Duplicate Advisory: Keras keras.utils.get_file API is vulnerable to a path traversal attack\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-hjqc-jx6g-rwp9. This link is maintained to preserve external references.\n\n### Original Description\nKeras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.get_file() function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall() method without the security-critical filter='data' parameter. Although Keras attempts to filter unsafe paths using filter_safe_paths(), this filtering occurs before extraction, and a PATH_MAX symlink resolution bug triggers during extraction. This bug causes symlink resolution to fail due to path length limits, resulting in a security bypass that allows files to be written outside the intended extraction directory. This can lead to arbitrary file writes outside the cache directory, enabling potential system compromise or malicious code execution. The vulnerability affects Keras installations that process tar archives with get_file() and does not affect versions where this extraction method is secured with the appropriate filter parameter.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12638.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12638.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12638", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09339", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.0932", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12638" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12638", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12638" }, { "reference_url": "https://github.com/keras-team/keras", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keras-team/keras" }, { "reference_url": "https://github.com/keras-team/keras/commit/47fcb397ee4caffd5a75efd1fa3067559594e951", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keras-team/keras/commit/47fcb397ee4caffd5a75efd1fa3067559594e951" }, { "reference_url": "https://huntr.com/bounties/f94f5beb-54d8-4e6a-8bac-86d9aee103f4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-28T15:07:39Z/" } ], "url": "https://huntr.com/bounties/f94f5beb-54d8-4e6a-8bac-86d9aee103f4" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417711", "reference_id": "2417711", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417711" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12638", "reference_id": "CVE-2025-12638", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12638" }, { "reference_url": "https://github.com/advisories/GHSA-9g7v-8wxv-mwxp", "reference_id": "GHSA-9g7v-8wxv-mwxp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9g7v-8wxv-mwxp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23531", "reference_id": "RHSA-2025:23531", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23531" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3713", "reference_id": "RHSA-2026:3713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3713" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4271", "reference_id": "RHSA-2026:4271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5807", "reference_id": "RHSA-2026:5807", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5807" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/47087?format=api", "purl": "pkg:pypi/keras@3.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1xj9-1kng-8ua4" }, { "vulnerability": "VCID-aw3f-8xuy-d3gw" }, { "vulnerability": "VCID-ptyp-n4df-aqf1" }, { "vulnerability": "VCID-zsjb-zbnj-z3d8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.12.0" } ], "aliases": [ "CVE-2025-12638", "GHSA-9g7v-8wxv-mwxp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4mb7-t1tm-eqf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56790?format=api", "vulnerability_id": "VCID-4tbn-aaek-rkb9", "summary": "Duplicate Advisory: Keras arbitrary code execution vulnerability\n# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-48g7-3x6r-xfhp. This link is maintained to preserve external references.\n\n# Original Description\n\nThe Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, to be loaded and executed during model loading.", "references": [ { "reference_url": "https://github.com/keras-team/keras", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keras-team/keras" }, { "reference_url": "https://github.com/keras-team/keras/commit/e67ac8ffd0c883bec68eb65bb52340c7f9d3a903", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keras-team/keras/commit/e67ac8ffd0c883bec68eb65bb52340c7f9d3a903" }, { "reference_url": "https://github.com/keras-team/keras/pull/20751", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keras-team/keras/pull/20751" }, { "reference_url": "https://github.com/keras-team/keras/releases/tag/v3.9.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keras-team/keras/releases/tag/v3.9.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1550", "reference_id": "CVE-2025-1550", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1550" }, { "reference_url": "https://github.com/advisories/GHSA-5478-v2w6-c6q7", "reference_id": "GHSA-5478-v2w6-c6q7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5478-v2w6-c6q7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46353?format=api", "purl": "pkg:pypi/keras@3.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1wr2-9bym-kke5" }, { "vulnerability": "VCID-1xj9-1kng-8ua4" }, { "vulnerability": "VCID-4mb7-t1tm-eqf8" }, { "vulnerability": "VCID-64yr-ww4w-ckdr" }, { "vulnerability": "VCID-aw3f-8xuy-d3gw" }, { "vulnerability": "VCID-c11z-ye25-k7eh" }, { "vulnerability": "VCID-cmug-fp72-8qc4" }, { "vulnerability": "VCID-d61w-bj6k-9kc9" }, { "vulnerability": "VCID-dy5p-938j-d7fr" }, { "vulnerability": "VCID-h5tb-645a-3fdv" }, { "vulnerability": "VCID-ptyp-n4df-aqf1" }, { "vulnerability": "VCID-rgqk-3hht-h3dc" }, { "vulnerability": "VCID-zsjb-zbnj-z3d8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.9.0" } ], "aliases": [ "GHSA-5478-v2w6-c6q7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4tbn-aaek-rkb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37114?format=api", "vulnerability_id": "VCID-64yr-ww4w-ckdr", "summary": "The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True.\n\nOne can create a specially crafted .keras model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed. This is achieved by crafting a special config.json (a file within the .keras archive) that will invoke keras.config.enable_unsafe_deserialization() to disable safe mode. Once safe mode is disable, one can use the Lambda layer feature of keras, which allows arbitrary Python code in the form of pickled code. Both can appear in the same archive. Simply the keras.config.enable_unsafe_deserialization() needs to appear first in the archive and the Lambda with arbitrary code needs to be second.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9906.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9906.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9906", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21156", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21169", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9906" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9906", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9906" }, { "reference_url": "https://github.com/keras-team/keras", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keras-team/keras" }, { "reference_url": "https://github.com/keras-team/keras/commit/713172ab56b864e59e2aa79b1a51b0e728bba858", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keras-team/keras/commit/713172ab56b864e59e2aa79b1a51b0e728bba858" }, { "reference_url": "https://github.com/keras-team/keras/pull/21429", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:A" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-20T03:55:42Z/" } ], "url": "https://github.com/keras-team/keras/pull/21429" }, { "reference_url": "https://github.com/keras-team/keras/releases/tag/v3.11.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keras-team/keras/releases/tag/v3.11.0" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/keras/PYSEC-2025-76.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/keras/PYSEC-2025-76.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396644", "reference_id": "2396644", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396644" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9906", "reference_id": "CVE-2025-9906", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9906" }, { "reference_url": "https://osv.dev/vulnerability/CVE-2025-9906", "reference_id": "CVE-2025-9906", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://osv.dev/vulnerability/CVE-2025-9906" }, { "reference_url": "https://github.com/advisories/GHSA-36fq-jgmw-4r9c", "reference_id": "GHSA-36fq-jgmw-4r9c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-36fq-jgmw-4r9c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23531", "reference_id": "RHSA-2025:23531", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23531" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/46357?format=api", "purl": "pkg:pypi/keras@3.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1wr2-9bym-kke5" }, { "vulnerability": "VCID-1xj9-1kng-8ua4" }, { "vulnerability": "VCID-4mb7-t1tm-eqf8" }, { "vulnerability": "VCID-aw3f-8xuy-d3gw" }, { "vulnerability": "VCID-c11z-ye25-k7eh" }, { "vulnerability": "VCID-cmug-fp72-8qc4" }, { "vulnerability": "VCID-dy5p-938j-d7fr" }, { "vulnerability": "VCID-h5tb-645a-3fdv" }, { "vulnerability": "VCID-ptyp-n4df-aqf1" }, { "vulnerability": "VCID-zj76-dr8t-47d2" }, { "vulnerability": "VCID-zsjb-zbnj-z3d8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.11.0" } ], "aliases": [ "CVE-2025-9906", "GHSA-36fq-jgmw-4r9c", "PYSEC-2025-76" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-64yr-ww4w-ckdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62851?format=api", "vulnerability_id": "VCID-aw3f-8xuy-d3gw", "summary": "keras: Keras: Arbitrary Code Execution Vulnerability Bypassing Safe Mode", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1462.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1462.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1462", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21703", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21716", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1462" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1462", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1462" }, { "reference_url": "https://github.com/keras-team/keras", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keras-team/keras" }, { "reference_url": "https://github.com/keras-team/keras/commit/b6773d3decaef1b05d8e794458e148cb362f163f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-13T18:53:01Z/" } ], "url": "https://github.com/keras-team/keras/commit/b6773d3decaef1b05d8e794458e148cb362f163f" }, { "reference_url": "https://github.com/keras-team/keras/pull/22035", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keras-team/keras/pull/22035" }, { "reference_url": "https://huntr.com/bounties/7e78d6f1-6977-4300-b595-e81bdbda331c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-13T18:53:01Z/" } ], "url": "https://huntr.com/bounties/7e78d6f1-6977-4300-b595-e81bdbda331c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1462", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1462" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457856", "reference_id": "2457856", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457856" }, { "reference_url": "https://github.com/advisories/GHSA-4f3f-g24h-fr8m", "reference_id": "GHSA-4f3f-g24h-fr8m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4f3f-g24h-fr8m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74109?format=api", "purl": "pkg:pypi/keras@3.13.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.13.2" } ], "aliases": [ "CVE-2026-1462", "GHSA-4f3f-g24h-fr8m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aw3f-8xuy-d3gw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48306?format=api", "vulnerability_id": "VCID-c11z-ye25-k7eh", "summary": "Duplicate Advisory: Keras keras.utils.get_file API is vulnerable to a path traversal attack\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-hjqc-jx6g-rwp9. This link is maintained to preserve external references.\n\n### Original Description\nThe keras.utils.get_file API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter=\"data\" feature. A remote attacker can craft a malicious tar archive containing special symlinks, which, when extracted, allows them to write arbitrary files to any location on the filesystem outside of the intended destination folder. This vulnerability is linked to the underlying Python tarfile weakness, identified as CVE-2025-4517. Note that upgrading Python to one of the versions that fix CVE-2025-4517 (e.g. Python 3.13.4) is not enough. One additionally needs to upgrade Keras to a version with the fix (Keras 3.12).", "references": [ { "reference_url": "https://github.com/keras-team/keras", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keras-team/keras" }, { "reference_url": "https://github.com/keras-team/keras/commit/47fcb397ee4caffd5a75efd1fa3067559594e951", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keras-team/keras/commit/47fcb397ee4caffd5a75efd1fa3067559594e951" }, { "reference_url": "https://github.com/keras-team/keras/pull/21760", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keras-team/keras/pull/21760" }, { "reference_url": "https://huntr.com/bounties/f94f5beb-54d8-4e6a-8bac-86d9aee103f4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.com/bounties/f94f5beb-54d8-4e6a-8bac-86d9aee103f4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12060", "reference_id": "CVE-2025-12060", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12060" }, { "reference_url": "https://github.com/advisories/GHSA-28jp-44vh-q42h", "reference_id": "GHSA-28jp-44vh-q42h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-28jp-44vh-q42h" }, { "reference_url": "https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9", "reference_id": "GHSA-hjqc-jx6g-rwp9", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/47087?format=api", "purl": "pkg:pypi/keras@3.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1xj9-1kng-8ua4" }, { "vulnerability": "VCID-aw3f-8xuy-d3gw" }, { "vulnerability": "VCID-ptyp-n4df-aqf1" }, { "vulnerability": "VCID-zsjb-zbnj-z3d8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.12.0" } ], "aliases": [ "GHSA-28jp-44vh-q42h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c11z-ye25-k7eh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48199?format=api", "vulnerability_id": "VCID-h5tb-645a-3fdv", "summary": "Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery\nThe Keras.Model.load_model method, including when executed with the intended security mitigation safe_mode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery (SSRF).\n\n\nThis vulnerability stems from the way the StringLookup layer is handled during model loading from a specially crafted .keras archive. The constructor for the StringLookup layer accepts a vocabulary argument that can specify a local file path or a remote file path.\n\n* Arbitrary Local File Read: An attacker can create a malicious .keras file that embeds a local path in the StringLookup layer's configuration. When the model is loaded, Keras will attempt to read the content of the specified local file and incorporate it into the model state (e.g., retrievable via get_vocabulary()), allowing an attacker to read arbitrary local files on the hosting system.\n\n\n* Server-Side Request Forgery (SSRF): Keras utilizes tf.io.gfile for file operations. Since tf.io.gfile supports remote filesystem handlers (such as GCS and HDFS) and HTTP/HTTPS protocols, the same mechanism can be leveraged to fetch content from arbitrary network endpoints on the server's behalf, resulting in an SSRF condition.\n\n\nThe security issue is that the feature allowing external path loading was not properly restricted by the safe_mode=True flag, which was intended to prevent such unintended data access.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12058.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12058.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12058", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23493", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23509", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12058" }, { "reference_url": "https://github.com/keras-team/keras", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keras-team/keras" }, { "reference_url": "https://github.com/keras-team/keras/commit/61ac8c1e51862c471dee7b49029c356f55531487", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keras-team/keras/commit/61ac8c1e51862c471dee7b49029c356f55531487" }, { "reference_url": "https://github.com/keras-team/keras/pull/21751", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T14:07:04Z/" } ], "url": "https://github.com/keras-team/keras/pull/21751" }, { "reference_url": "https://www.cve.org/CVERecord?id=CVE-2025-12058", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cve.org/CVERecord?id=CVE-2025-12058" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407019", "reference_id": "2407019", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407019" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12058", "reference_id": "CVE-2025-12058", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12058" }, { "reference_url": "https://github.com/advisories/GHSA-mq84-hjqx-cwf2", "reference_id": "GHSA-mq84-hjqx-cwf2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mq84-hjqx-cwf2" }, { "reference_url": "https://github.com/keras-team/keras/security/advisories/GHSA-qg93-c7p6-gg7f", "reference_id": "GHSA-qg93-c7p6-gg7f", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T14:07:04Z/" } ], "url": "https://github.com/keras-team/keras/security/advisories/GHSA-qg93-c7p6-gg7f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/47087?format=api", "purl": "pkg:pypi/keras@3.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1xj9-1kng-8ua4" }, { "vulnerability": "VCID-aw3f-8xuy-d3gw" }, { "vulnerability": "VCID-ptyp-n4df-aqf1" }, { "vulnerability": "VCID-zsjb-zbnj-z3d8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.12.0" } ], "aliases": [ "CVE-2025-12058", "GHSA-mq84-hjqx-cwf2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h5tb-645a-3fdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36956?format=api", "vulnerability_id": "VCID-x454-t8qh-k7g1", "summary": "An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-55459.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-55459.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55459", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35201", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35186", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55459" }, { "reference_url": "https://github.com/keras-team/keras", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T17:32:15Z/" } ], "url": "https://github.com/keras-team/keras" }, { "reference_url": "https://github.com/keras-team/keras/blob/8f5592bcb61ff48c96560c8923e482db1076b54a/keras/src/utils/file_utils.py#L115", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keras-team/keras/blob/8f5592bcb61ff48c96560c8923e482db1076b54a/keras/src/utils/file_utils.py#L115" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/keras/PYSEC-2025-121.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/keras/PYSEC-2025-121.yaml" }, { "reference_url": "https://keras.io", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T17:32:15Z/" } ], "url": "https://keras.io" }, { "reference_url": "https://river-bicycle-f1e.notion.site/Arbitrary-File-Write-Vulnerability-in-get_file-function-11888e31952580179224e50892976d32", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T17:32:15Z/" } ], "url": "https://river-bicycle-f1e.notion.site/Arbitrary-File-Write-Vulnerability-in-get_file-function-11888e31952580179224e50892976d32" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336426", "reference_id": "2336426", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336426" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55459", "reference_id": "CVE-2024-55459", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55459" }, { "reference_url": "https://github.com/advisories/GHSA-cjgq-5qmw-rcj6", "reference_id": "GHSA-cjgq-5qmw-rcj6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cjgq-5qmw-rcj6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44632?format=api", "purl": "pkg:pypi/keras@3.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1wr2-9bym-kke5" }, { "vulnerability": "VCID-1xj9-1kng-8ua4" }, { "vulnerability": "VCID-4mb7-t1tm-eqf8" }, { "vulnerability": "VCID-4tbn-aaek-rkb9" }, { "vulnerability": "VCID-64yr-ww4w-ckdr" }, { "vulnerability": "VCID-aw3f-8xuy-d3gw" }, { "vulnerability": "VCID-c11z-ye25-k7eh" }, { "vulnerability": "VCID-cmug-fp72-8qc4" }, { "vulnerability": "VCID-d61w-bj6k-9kc9" }, { "vulnerability": "VCID-dy5p-938j-d7fr" }, { "vulnerability": "VCID-gu8d-jjtb-zuau" }, { "vulnerability": "VCID-h5tb-645a-3fdv" }, { "vulnerability": "VCID-ptyp-n4df-aqf1" }, { "vulnerability": "VCID-rgqk-3hht-h3dc" }, { "vulnerability": "VCID-zsjb-zbnj-z3d8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.8.0" } ], "aliases": [ "CVE-2024-55459", "GHSA-cjgq-5qmw-rcj6", "PYSEC-2025-121" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x454-t8qh-k7g1" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/keras@1.0.8" }