Search for packages
| purl | pkg:pypi/keras@3.13.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1xj9-1kng-8ua4 | Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape. |
CVE-2026-0897
GHSA-mgx6-5cf9-rr43 PYSEC-2026-73 |
| VCID-aw3f-8xuy-d3gw | keras: Keras: Arbitrary Code Execution Vulnerability Bypassing Safe Mode |
CVE-2026-1462
GHSA-4f3f-g24h-fr8m |
| VCID-qv32-at39-27dw | Duplicate Advisory: Google Keras Allocates Resources Without Limits or Throttling in the HDF5 weight loading component This advisory has been withdrawn. |
GHSA-xfhx-r7ww-5995
|
| VCID-zsjb-zbnj-z3d8 | Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading TensorFlow / Keras continues to honor HDF5 “external storage” and `ExternalLink` features when loading weights. A malicious `.weights.h5` (or a `.keras` archive embedding such weights) can direct `load_weights()` to read from an arbitrary readable filesystem path. The bytes pulled from that path populate model tensors and become observable through inference or subsequent re-save operations. Keras “safe mode” only guards object deserialization and does not cover weight I/O, so this behaviour persists even with safe mode enabled. The issue is confirmed on the latest publicly released stack (`tensorflow 2.20.0`, `keras 3.11.3`, `h5py 3.15.1`, `numpy 2.3.4`). |
CVE-2026-1669
GHSA-3m4q-jmj6-r34q |