Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-1xj9-1kng-8ua4

Summary Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.

Aliases

alias	CVE-2026-0897

alias	PYSEC-2026-73

Fixed_packages

url pkg:pypi/keras@3.13.1

purl pkg:pypi/keras@3.13.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ptyp-n4df-aqf1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.13.1

Affected_packages

url pkg:pypi/keras@3.0.0

purl pkg:pypi/keras@3.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-cmug-fp72-8qc4

vulnerability	VCID-dy5p-938j-d7fr

vulnerability	VCID-gu8d-jjtb-zuau

vulnerability	VCID-ptyp-n4df-aqf1

vulnerability	VCID-zsjb-zbnj-z3d8

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.0.0

url pkg:pypi/keras@3.0.1

purl pkg:pypi/keras@3.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

vulnerability	VCID-gu8d-jjtb-zuau

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.0.1

url pkg:pypi/keras@3.0.2

purl pkg:pypi/keras@3.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

vulnerability	VCID-gu8d-jjtb-zuau

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.0.2

url pkg:pypi/keras@3.0.3

purl pkg:pypi/keras@3.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

vulnerability	VCID-gu8d-jjtb-zuau

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.0.3

url pkg:pypi/keras@3.0.4

purl pkg:pypi/keras@3.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

vulnerability	VCID-gu8d-jjtb-zuau

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.0.4

url pkg:pypi/keras@3.0.5

purl pkg:pypi/keras@3.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

vulnerability	VCID-gu8d-jjtb-zuau

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.0.5

url pkg:pypi/keras@3.1.0

purl pkg:pypi/keras@3.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

vulnerability	VCID-gu8d-jjtb-zuau

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.1.0

url pkg:pypi/keras@3.1.1

purl pkg:pypi/keras@3.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

vulnerability	VCID-gu8d-jjtb-zuau

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.1.1

url pkg:pypi/keras@3.2.0

purl pkg:pypi/keras@3.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

vulnerability	VCID-gu8d-jjtb-zuau

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.2.0

url pkg:pypi/keras@3.2.1

purl pkg:pypi/keras@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

vulnerability	VCID-gu8d-jjtb-zuau

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.2.1

url pkg:pypi/keras@3.3.0

purl pkg:pypi/keras@3.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

vulnerability	VCID-gu8d-jjtb-zuau

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.3.0

url pkg:pypi/keras@3.3.1

purl pkg:pypi/keras@3.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

vulnerability	VCID-gu8d-jjtb-zuau

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.3.1

url pkg:pypi/keras@3.3.2

purl pkg:pypi/keras@3.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

vulnerability	VCID-gu8d-jjtb-zuau

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.3.2

url pkg:pypi/keras@3.3.3

purl pkg:pypi/keras@3.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

vulnerability	VCID-gu8d-jjtb-zuau

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.3.3

url pkg:pypi/keras@3.4.0

purl pkg:pypi/keras@3.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

vulnerability	VCID-gu8d-jjtb-zuau

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.4.0

url pkg:pypi/keras@3.4.1

purl pkg:pypi/keras@3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

vulnerability	VCID-gu8d-jjtb-zuau

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.4.1

url pkg:pypi/keras@3.5.0

purl pkg:pypi/keras@3.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

vulnerability	VCID-gu8d-jjtb-zuau

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.5.0

url pkg:pypi/keras@3.6.0

purl pkg:pypi/keras@3.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

vulnerability	VCID-gu8d-jjtb-zuau

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.6.0

url pkg:pypi/keras@3.7.0

purl pkg:pypi/keras@3.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

vulnerability	VCID-gu8d-jjtb-zuau

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.7.0

url pkg:pypi/keras@3.8.0

purl pkg:pypi/keras@3.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.8.0

url pkg:pypi/keras@3.9.0

purl pkg:pypi/keras@3.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.9.0

url pkg:pypi/keras@3.9.1

purl pkg:pypi/keras@3.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.9.1

url pkg:pypi/keras@3.9.2

purl pkg:pypi/keras@3.9.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.9.2

url pkg:pypi/keras@3.10.0

purl pkg:pypi/keras@3.10.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.10.0

url pkg:pypi/keras@3.11.0

purl pkg:pypi/keras@3.11.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

vulnerability	VCID-zj76-dr8t-47d2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.11.0

url pkg:pypi/keras@3.11.1

purl pkg:pypi/keras@3.11.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.11.1

url pkg:pypi/keras@3.11.2

purl pkg:pypi/keras@3.11.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-dy5p-938j-d7fr

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.11.2

url pkg:pypi/keras@3.11.3

purl pkg:pypi/keras@3.11.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.11.3

url pkg:pypi/keras@3.12.0

purl pkg:pypi/keras@3.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.12.0

url pkg:pypi/keras@3.12.1

purl pkg:pypi/keras@3.12.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.12.1

url pkg:pypi/keras@3.12.2

purl pkg:pypi/keras@3.12.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.12.2

url pkg:pypi/keras@3.13.0

purl pkg:pypi/keras@3.13.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xj9-1kng-8ua4

vulnerability	VCID-zsjb-zbnj-z3d8

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.13.0

References

reference_url

https://github.com/keras-team/keras/pull/21880

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://github.com/keras-team/keras/pull/21880

Weaknesses

Exploits

Severity_range_score 7.5 - 7.5

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1xj9-1kng-8ua4

Vulnerability Instance