{"url":"http://public2.vulnerablecode.io/api/packages/87060?format=json","purl":"pkg:pypi/keras@3.4.1","type":"pypi","namespace":"","name":"keras","version":"3.4.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.13.2","latest_non_vulnerable_version":"3.13.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112503?format=json","vulnerability_id":"VCID-1wpv-agrc-7ydb","summary":"The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True.\n\nOne can create a specially crafted .keras model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed. This is achieved by crafting a special config.json (a file within the .keras archive) that will invoke keras.config.enable_unsafe_deserialization() to disable safe mode. Once safe mode is disable, one can use the Lambda layer feature of keras, which allows arbitrary Python code in the form of pickled code. Both can appear in the same archive. Simply the keras.config.enable_unsafe_deserialization() needs to appear first in the archive and the Lambda with arbitrary code needs to be second.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9906.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9906.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9906","reference_id":"","reference_type":"","scores":[{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21104","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9906"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9906","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9906"},{"reference_url":"https://github.com/advisories/GHSA-36fq-jgmw-4r9c","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://github.com/advisories/GHSA-36fq-jgmw-4r9c"},{"reference_url":"https://github.com/keras-team/keras/commit/713172ab56b864e59e2aa79b1a51b0e728bba858","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/commit/713172ab56b864e59e2aa79b1a51b0e728bba858"},{"reference_url":"https://github.com/keras-team/keras/releases/tag/v3.11.0","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/releases/tag/v3.11.0"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keras/PYSEC-2025-76.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keras/PYSEC-2025-76.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-9906","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-9906"},{"reference_url":"https://osv.dev/vulnerability/CVE-2025-9906","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://osv.dev/vulnerability/CVE-2025-9906"},{"reference_url":"https://github.com/keras-team/keras/pull/21429","reference_id":"21429","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:A"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-20T03:55:42Z/"}],"url":"https://github.com/keras-team/keras/pull/21429"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2396644","reference_id":"2396644","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2396644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23531","reference_id":"RHSA-2025:23531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23531"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34609?format=json","purl":"pkg:pypi/keras@3.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2331-v9sq-4qb9"},{"vulnerability":"VCID-4q7c-unxm-5qaz"},{"vulnerability":"VCID-5e7p-apxm-27bf"},{"vulnerability":"VCID-91r7-3yk2-z7c7"},{"vulnerability":"VCID-auap-adx9-2qa5"},{"vulnerability":"VCID-fpk2-6qn4-auem"},{"vulnerability":"VCID-gns9-xy79-gbax"},{"vulnerability":"VCID-prjz-56nu-wyez"},{"vulnerability":"VCID-rg36-jn72-cyab"},{"vulnerability":"VCID-tun6-qts8-rfgs"},{"vulnerability":"VCID-w264-gysn-k7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.11.0"}],"aliases":["CVE-2025-9906","GHSA-36fq-jgmw-4r9c","PYSEC-2025-76"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1wpv-agrc-7ydb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96221?format=json","vulnerability_id":"VCID-2331-v9sq-4qb9","summary":"The keras.utils.get_file API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter=\"data\" feature. A remote attacker can craft a malicious tar archive containing special symlinks, which, when extracted, allows them to write arbitrary files to any location on the filesystem outside of the intended destination folder. This vulnerability is linked to the underlying Python tarfile weakness, identified as CVE-2025-4517. Note that upgrading Python to one of the versions that fix CVE-2025-4517 (e.g. Python 3.13.4) is not enough. One additionally needs to upgrade Keras to a version with the fix (Keras 3.12).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12060.json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12060.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12060","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28031","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12060"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12060","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12060"},{"reference_url":"https://github.com/keras-team/keras/commit/47fcb397ee4caffd5a75efd1fa3067559594e951","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/commit/47fcb397ee4caffd5a75efd1fa3067559594e951"},{"reference_url":"https://github.com/keras-team/keras/pull/21760","reference_id":"21760","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-01T03:55:52Z/"}],"url":"https://github.com/keras-team/keras/pull/21760"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2407443","reference_id":"2407443","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2407443"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12060","reference_id":"CVE-2025-12060","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12060"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12638","reference_id":"CVE-2025-12638","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12638"},{"reference_url":"https://github.com/advisories/GHSA-hjqc-jx6g-rwp9","reference_id":"GHSA-hjqc-jx6g-rwp9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hjqc-jx6g-rwp9"},{"reference_url":"https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9","reference_id":"GHSA-hjqc-jx6g-rwp9","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-01T03:55:52Z/"}],"url":"https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22759","reference_id":"RHSA-2025:22759","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22759"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23531","reference_id":"RHSA-2025:23531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23531"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5807","reference_id":"RHSA-2026:5807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5807"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34860?format=json","purl":"pkg:pypi/keras@3.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5e7p-apxm-27bf"},{"vulnerability":"VCID-rg36-jn72-cyab"},{"vulnerability":"VCID-tun6-qts8-rfgs"},{"vulnerability":"VCID-w264-gysn-k7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.12.0"}],"aliases":["CVE-2025-12060","GHSA-hjqc-jx6g-rwp9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2331-v9sq-4qb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95677?format=json","vulnerability_id":"VCID-4q7c-unxm-5qaz","summary":"The Keras.Model.load_model method, including when executed with the intended security mitigation safe_mode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery (SSRF).\n\n\nThis vulnerability stems from the way the StringLookup layer is handled during model loading from a specially crafted .keras archive. The constructor for the StringLookup layer accepts a vocabulary argument that can specify a local file path or a remote file path.\n\n  *  Arbitrary Local File Read: An attacker can create a malicious .keras file that embeds a local path in the StringLookup layer's configuration. When the model is loaded, Keras will attempt to read the content of the specified local file and incorporate it into the model state (e.g., retrievable via get_vocabulary()), allowing an attacker to read arbitrary local files on the hosting system.\n\n\n  *  Server-Side Request Forgery (SSRF): Keras utilizes tf.io.gfile for file operations. Since tf.io.gfile supports remote filesystem handlers (such as GCS and HDFS) and HTTP/HTTPS protocols, the same mechanism can be leveraged to fetch content from arbitrary network endpoints on the server's behalf, resulting in an SSRF condition.\n\n\nThe security issue is that the feature allowing external path loading was not properly restricted by the safe_mode=True flag, which was intended to prevent such unintended data access.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12058.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12058.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12058","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23438","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12058"},{"reference_url":"https://github.com/keras-team/keras/commit/61ac8c1e51862c471dee7b49029c356f55531487","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/commit/61ac8c1e51862c471dee7b49029c356f55531487"},{"reference_url":"https://www.cve.org/CVERecord?id=CVE-2025-12058","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cve.org/CVERecord?id=CVE-2025-12058"},{"reference_url":"https://github.com/keras-team/keras/pull/21751","reference_id":"21751","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T14:07:04Z/"}],"url":"https://github.com/keras-team/keras/pull/21751"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2407019","reference_id":"2407019","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2407019"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12058","reference_id":"CVE-2025-12058","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12058"},{"reference_url":"https://github.com/advisories/GHSA-mq84-hjqx-cwf2","reference_id":"GHSA-mq84-hjqx-cwf2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mq84-hjqx-cwf2"},{"reference_url":"https://github.com/keras-team/keras/security/advisories/GHSA-qg93-c7p6-gg7f","reference_id":"GHSA-qg93-c7p6-gg7f","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T14:07:04Z/"}],"url":"https://github.com/keras-team/keras/security/advisories/GHSA-qg93-c7p6-gg7f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34860?format=json","purl":"pkg:pypi/keras@3.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5e7p-apxm-27bf"},{"vulnerability":"VCID-rg36-jn72-cyab"},{"vulnerability":"VCID-tun6-qts8-rfgs"},{"vulnerability":"VCID-w264-gysn-k7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.12.0"}],"aliases":["CVE-2025-12058","GHSA-mq84-hjqx-cwf2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4q7c-unxm-5qaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81806?format=json","vulnerability_id":"VCID-5e7p-apxm-27bf","summary":"Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0897.json","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0897.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0897","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13655","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0897"},{"reference_url":"https://github.com/advisories/GHSA-mgx6-5cf9-rr43","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mgx6-5cf9-rr43"},{"reference_url":"https://github.com/keras-team/keras/commit/7360d4f0d764fbb1fa9c6408fe53da41974dd4f6","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/commit/7360d4f0d764fbb1fa9c6408fe53da41974dd4f6"},{"reference_url":"https://github.com/keras-team/keras/commit/f704c887bf459b42769bfc8a9182f838009afddb","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/commit/f704c887bf459b42769bfc8a9182f838009afddb"},{"reference_url":"https://github.com/keras-team/keras/pull/22081","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/pull/22081"},{"reference_url":"https://github.com/keras-team/keras/security/advisories/GHSA-mgx6-5cf9-rr43","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/security/advisories/GHSA-mgx6-5cf9-rr43"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keras/PYSEC-2026-73.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keras/PYSEC-2026-73.yaml"},{"reference_url":"https://github.com/keras-team/keras/pull/21880","reference_id":"21880","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T16:31:40Z/"}],"url":"https://github.com/keras-team/keras/pull/21880"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430027","reference_id":"2430027","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430027"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0897","reference_id":"CVE-2026-0897","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0897"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3713","reference_id":"RHSA-2026:3713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3782","reference_id":"RHSA-2026:3782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4271","reference_id":"RHSA-2026:4271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4271"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/37784?format=json","purl":"pkg:pypi/keras@3.12.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5e7p-apxm-27bf"},{"vulnerability":"VCID-rg36-jn72-cyab"},{"vulnerability":"VCID-tun6-qts8-rfgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.12.1"},{"url":"http://public2.vulnerablecode.io/api/packages/39098?format=json","purl":"pkg:pypi/keras@3.13.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5e7p-apxm-27bf"},{"vulnerability":"VCID-rg36-jn72-cyab"},{"vulnerability":"VCID-tun6-qts8-rfgs"},{"vulnerability":"VCID-w264-gysn-k7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.13.1"},{"url":"http://public2.vulnerablecode.io/api/packages/37781?format=json","purl":"pkg:pypi/keras@3.13.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.13.2"}],"aliases":["CVE-2026-0897","GHSA-mgx6-5cf9-rr43","PYSEC-2026-73"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5e7p-apxm-27bf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111704?format=json","vulnerability_id":"VCID-91r7-3yk2-z7c7","summary":"The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True.\n\nOne can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed.\n\nThis is achieved by crafting a special .h5 archive file that uses the Lambda layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the safe_mode=True option is not honored when reading .h5 archives.\n\nNote that the .h5/.hdf5 format is a legacy format supported by Keras 3 for backwards compatibility.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9905.json","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9905.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9905","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.007","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9905"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9905"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keras/PYSEC-2025-123.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keras/PYSEC-2025-123.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-9905","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-9905"},{"reference_url":"https://github.com/keras-team/keras/pull/21602","reference_id":"21602","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T11:47:46Z/"}],"url":"https://github.com/keras-team/keras/pull/21602"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2396645","reference_id":"2396645","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2396645"},{"reference_url":"https://github.com/advisories/GHSA-36rr-ww3j-vrjv","reference_id":"GHSA-36rr-ww3j-vrjv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-36rr-ww3j-vrjv"},{"reference_url":"https://github.com/keras-team/keras/security/advisories/GHSA-36rr-ww3j-vrjv","reference_id":"GHSA-36rr-ww3j-vrjv","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T11:47:46Z/"}],"url":"https://github.com/keras-team/keras/security/advisories/GHSA-36rr-ww3j-vrjv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22759","reference_id":"RHSA-2025:22759","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22759"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23531","reference_id":"RHSA-2025:23531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23531"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34611?format=json","purl":"pkg:pypi/keras@3.11.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2331-v9sq-4qb9"},{"vulnerability":"VCID-4q7c-unxm-5qaz"},{"vulnerability":"VCID-5e7p-apxm-27bf"},{"vulnerability":"VCID-fpk2-6qn4-auem"},{"vulnerability":"VCID-prjz-56nu-wyez"},{"vulnerability":"VCID-rg36-jn72-cyab"},{"vulnerability":"VCID-tun6-qts8-rfgs"},{"vulnerability":"VCID-w264-gysn-k7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.11.3"}],"aliases":["CVE-2025-9905","GHSA-36rr-ww3j-vrjv","PYSEC-2025-123"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-91r7-3yk2-z7c7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360547?format=json","vulnerability_id":"VCID-auap-adx9-2qa5","summary":"Duplicate Advisory: The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-36rr-ww3j-vrjv. This link is maintained to preserve external references.\n\n### Original Description\nThe Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True.\n\nOne can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed.\n\nThis is achieved by crafting a special .h5 archive file that uses the Lambda layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the safe_mode=True option is not honored when reading .h5 archives.\n\nNote that the .h5/.hdf5 format is a legacy format supported by Keras 3 for backwards compatibility.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-9905","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-9905"},{"reference_url":"https://github.com/keras-team/keras/security/advisories/GHSA-36rr-ww3j-vrjv","reference_id":"GHSA-36rr-ww3j-vrjv","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/security/advisories/GHSA-36rr-ww3j-vrjv"},{"reference_url":"https://github.com/advisories/GHSA-77wq-646f-jrm2","reference_id":"GHSA-77wq-646f-jrm2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-77wq-646f-jrm2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34611?format=json","purl":"pkg:pypi/keras@3.11.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2331-v9sq-4qb9"},{"vulnerability":"VCID-4q7c-unxm-5qaz"},{"vulnerability":"VCID-5e7p-apxm-27bf"},{"vulnerability":"VCID-fpk2-6qn4-auem"},{"vulnerability":"VCID-prjz-56nu-wyez"},{"vulnerability":"VCID-rg36-jn72-cyab"},{"vulnerability":"VCID-tun6-qts8-rfgs"},{"vulnerability":"VCID-w264-gysn-k7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.11.3"}],"aliases":["GHSA-77wq-646f-jrm2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-auap-adx9-2qa5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/115205?format=json","vulnerability_id":"VCID-ea9e-a83z-cfd5","summary":"The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, to be loaded and executed during model loading.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1550.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1550.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1550","reference_id":"","reference_type":"","scores":[{"value":"0.09875","scoring_system":"epss","scoring_elements":"0.93166","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1550"},{"reference_url":"https://github.com/advisories/GHSA-48g7-3x6r-xfhp","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/advisories/GHSA-48g7-3x6r-xfhp"},{"reference_url":"https://github.com/keras-team/keras/commit/e67ac8ffd0c883bec68eb65bb52340c7f9d3a903","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/commit/e67ac8ffd0c883bec68eb65bb52340c7f9d3a903"},{"reference_url":"https://github.com/keras-team/keras/releases/tag/v3.9.0","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/releases/tag/v3.9.0"},{"reference_url":"https://github.com/keras-team/keras/security/advisories/GHSA-48g7-3x6r-xfhp","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/security/advisories/GHSA-48g7-3x6r-xfhp"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keras/PYSEC-2025-122.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keras/PYSEC-2025-122.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1550","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1550"},{"reference_url":"https://towerofhanoi.it/writeups/cve-2025-1550","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://towerofhanoi.it/writeups/cve-2025-1550"},{"reference_url":"https://github.com/keras-team/keras/pull/20751","reference_id":"20751","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-24T15:28:37Z/"}],"url":"https://github.com/keras-team/keras/pull/20751"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2351304","reference_id":"2351304","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2351304"},{"reference_url":"https://towerofhanoi.it/writeups/cve-2025-1550/","reference_id":"cve-2025-1550","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-24T15:28:37Z/"}],"url":"https://towerofhanoi.it/writeups/cve-2025-1550/"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/remote/52359.py","reference_id":"CVE-2025-1550","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/remote/52359.py"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87064?format=json","purl":"pkg:pypi/keras@3.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1wpv-agrc-7ydb"},{"vulnerability":"VCID-2331-v9sq-4qb9"},{"vulnerability":"VCID-4q7c-unxm-5qaz"},{"vulnerability":"VCID-5e7p-apxm-27bf"},{"vulnerability":"VCID-91r7-3yk2-z7c7"},{"vulnerability":"VCID-auap-adx9-2qa5"},{"vulnerability":"VCID-ea9e-a83z-cfd5"},{"vulnerability":"VCID-fpk2-6qn4-auem"},{"vulnerability":"VCID-hnzb-7u2f-3ba5"},{"vulnerability":"VCID-mnwv-7qhv-p7dz"},{"vulnerability":"VCID-prjz-56nu-wyez"},{"vulnerability":"VCID-pv79-5h69-gqaz"},{"vulnerability":"VCID-rg36-jn72-cyab"},{"vulnerability":"VCID-tun6-qts8-rfgs"},{"vulnerability":"VCID-w264-gysn-k7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/89084?format=json","purl":"pkg:pypi/keras@3.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1wpv-agrc-7ydb"},{"vulnerability":"VCID-2331-v9sq-4qb9"},{"vulnerability":"VCID-4q7c-unxm-5qaz"},{"vulnerability":"VCID-5e7p-apxm-27bf"},{"vulnerability":"VCID-91r7-3yk2-z7c7"},{"vulnerability":"VCID-auap-adx9-2qa5"},{"vulnerability":"VCID-fpk2-6qn4-auem"},{"vulnerability":"VCID-mnwv-7qhv-p7dz"},{"vulnerability":"VCID-prjz-56nu-wyez"},{"vulnerability":"VCID-pv79-5h69-gqaz"},{"vulnerability":"VCID-rg36-jn72-cyab"},{"vulnerability":"VCID-tun6-qts8-rfgs"},{"vulnerability":"VCID-w264-gysn-k7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.9.0"}],"aliases":["CVE-2025-1550","GHSA-48g7-3x6r-xfhp","PYSEC-2025-122"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ea9e-a83z-cfd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96034?format=json","vulnerability_id":"VCID-fpk2-6qn4-auem","summary":"Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.get_file() function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall() method without the security-critical filter='data' parameter. Although Keras attempts to filter unsafe paths using filter_safe_paths(), this filtering occurs before extraction, and a PATH_MAX symlink resolution bug triggers during extraction. This bug causes symlink resolution to fail due to path length limits, resulting in a security bypass that allows files to be written outside the intended extraction directory. This can lead to arbitrary file writes outside the cache directory, enabling potential system compromise or malicious code execution. The vulnerability affects Keras installations that process tar archives with get_file() and does not affect versions where this extraction method is secured with the appropriate filter parameter.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12638.json","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12638.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12638","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09383","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12638"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12638","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12638"},{"reference_url":"https://github.com/keras-team/keras/commit/47fcb397ee4caffd5a75efd1fa3067559594e951","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/commit/47fcb397ee4caffd5a75efd1fa3067559594e951"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2417711","reference_id":"2417711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2417711"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12638","reference_id":"CVE-2025-12638","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12638"},{"reference_url":"https://huntr.com/bounties/f94f5beb-54d8-4e6a-8bac-86d9aee103f4","reference_id":"f94f5beb-54d8-4e6a-8bac-86d9aee103f4","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-28T15:07:39Z/"}],"url":"https://huntr.com/bounties/f94f5beb-54d8-4e6a-8bac-86d9aee103f4"},{"reference_url":"https://github.com/advisories/GHSA-9g7v-8wxv-mwxp","reference_id":"GHSA-9g7v-8wxv-mwxp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9g7v-8wxv-mwxp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23531","reference_id":"RHSA-2025:23531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23531"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3713","reference_id":"RHSA-2026:3713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4271","reference_id":"RHSA-2026:4271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5807","reference_id":"RHSA-2026:5807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5807"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34860?format=json","purl":"pkg:pypi/keras@3.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5e7p-apxm-27bf"},{"vulnerability":"VCID-rg36-jn72-cyab"},{"vulnerability":"VCID-tun6-qts8-rfgs"},{"vulnerability":"VCID-w264-gysn-k7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.12.0"}],"aliases":["CVE-2025-12638","GHSA-9g7v-8wxv-mwxp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fpk2-6qn4-auem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360683?format=json","vulnerability_id":"VCID-hnzb-7u2f-3ba5","summary":"Duplicate Advisory: Keras arbitrary code execution vulnerability\n# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-48g7-3x6r-xfhp. This link is maintained to preserve external references.\n\n# Original Description\n\nThe Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, to be loaded and executed during model loading.","references":[{"reference_url":"https://github.com/keras-team/keras/commit/e67ac8ffd0c883bec68eb65bb52340c7f9d3a903","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/commit/e67ac8ffd0c883bec68eb65bb52340c7f9d3a903"},{"reference_url":"https://github.com/keras-team/keras/releases/tag/v3.9.0","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/releases/tag/v3.9.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1550","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1550"},{"reference_url":"https://github.com/advisories/GHSA-5478-v2w6-c6q7","reference_id":"GHSA-5478-v2w6-c6q7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5478-v2w6-c6q7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89084?format=json","purl":"pkg:pypi/keras@3.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1wpv-agrc-7ydb"},{"vulnerability":"VCID-2331-v9sq-4qb9"},{"vulnerability":"VCID-4q7c-unxm-5qaz"},{"vulnerability":"VCID-5e7p-apxm-27bf"},{"vulnerability":"VCID-91r7-3yk2-z7c7"},{"vulnerability":"VCID-auap-adx9-2qa5"},{"vulnerability":"VCID-fpk2-6qn4-auem"},{"vulnerability":"VCID-mnwv-7qhv-p7dz"},{"vulnerability":"VCID-prjz-56nu-wyez"},{"vulnerability":"VCID-pv79-5h69-gqaz"},{"vulnerability":"VCID-rg36-jn72-cyab"},{"vulnerability":"VCID-tun6-qts8-rfgs"},{"vulnerability":"VCID-w264-gysn-k7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.9.0"}],"aliases":["GHSA-5478-v2w6-c6q7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hnzb-7u2f-3ba5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360642?format=json","vulnerability_id":"VCID-mnwv-7qhv-p7dz","summary":"Duplicate Advisory: Keras safe mode bypass vulnerability\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-c9rc-mg46-23w3. This link is maintained to preserve external references.\n\n### Original Description\nA safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive.","references":[{"reference_url":"https://github.com/keras-team/keras/commit/713172ab56b864e59e2aa79b1a51b0e728bba858","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:A"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/commit/713172ab56b864e59e2aa79b1a51b0e728bba858"},{"reference_url":"https://jfrog.com/blog/keras-safe_mode-bypass-vulnerability","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:A"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jfrog.com/blog/keras-safe_mode-bypass-vulnerability"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8747","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:A"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8747"},{"reference_url":"https://github.com/advisories/GHSA-pwq7-2gvj-vg9v","reference_id":"GHSA-pwq7-2gvj-vg9v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pwq7-2gvj-vg9v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34609?format=json","purl":"pkg:pypi/keras@3.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2331-v9sq-4qb9"},{"vulnerability":"VCID-4q7c-unxm-5qaz"},{"vulnerability":"VCID-5e7p-apxm-27bf"},{"vulnerability":"VCID-91r7-3yk2-z7c7"},{"vulnerability":"VCID-auap-adx9-2qa5"},{"vulnerability":"VCID-fpk2-6qn4-auem"},{"vulnerability":"VCID-gns9-xy79-gbax"},{"vulnerability":"VCID-prjz-56nu-wyez"},{"vulnerability":"VCID-rg36-jn72-cyab"},{"vulnerability":"VCID-tun6-qts8-rfgs"},{"vulnerability":"VCID-w264-gysn-k7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.11.0"}],"aliases":["GHSA-pwq7-2gvj-vg9v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mnwv-7qhv-p7dz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59542?format=json","vulnerability_id":"VCID-n61b-6n8p-dbgk","summary":"An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-55459.json","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-55459.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-55459","reference_id":"","reference_type":"","scores":[{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35194","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-55459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55459"},{"reference_url":"https://github.com/advisories/GHSA-cjgq-5qmw-rcj6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://github.com/advisories/GHSA-cjgq-5qmw-rcj6"},{"reference_url":"https://github.com/keras-team/keras/blob/8f5592bcb61ff48c96560c8923e482db1076b54a/keras/src/utils/file_utils.py#L115","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/blob/8f5592bcb61ff48c96560c8923e482db1076b54a/keras/src/utils/file_utils.py#L115"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keras/PYSEC-2025-121.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keras/PYSEC-2025-121.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-55459","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-55459"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2336426","reference_id":"2336426","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2336426"},{"reference_url":"https://river-bicycle-f1e.notion.site/Arbitrary-File-Write-Vulnerability-in-get_file-function-11888e31952580179224e50892976d32","reference_id":"Arbitrary-File-Write-Vulnerability-in-get_file-function-11888e31952580179224e50892976d32","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T17:32:15Z/"}],"url":"https://river-bicycle-f1e.notion.site/Arbitrary-File-Write-Vulnerability-in-get_file-function-11888e31952580179224e50892976d32"},{"reference_url":"https://github.com/keras-team/keras","reference_id":"keras","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T17:32:15Z/"}],"url":"https://github.com/keras-team/keras"},{"reference_url":"https://keras.io","reference_id":"keras.io","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T17:32:15Z/"}],"url":"https://keras.io"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87064?format=json","purl":"pkg:pypi/keras@3.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1wpv-agrc-7ydb"},{"vulnerability":"VCID-2331-v9sq-4qb9"},{"vulnerability":"VCID-4q7c-unxm-5qaz"},{"vulnerability":"VCID-5e7p-apxm-27bf"},{"vulnerability":"VCID-91r7-3yk2-z7c7"},{"vulnerability":"VCID-auap-adx9-2qa5"},{"vulnerability":"VCID-ea9e-a83z-cfd5"},{"vulnerability":"VCID-fpk2-6qn4-auem"},{"vulnerability":"VCID-hnzb-7u2f-3ba5"},{"vulnerability":"VCID-mnwv-7qhv-p7dz"},{"vulnerability":"VCID-prjz-56nu-wyez"},{"vulnerability":"VCID-pv79-5h69-gqaz"},{"vulnerability":"VCID-rg36-jn72-cyab"},{"vulnerability":"VCID-tun6-qts8-rfgs"},{"vulnerability":"VCID-w264-gysn-k7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.8.0"}],"aliases":["CVE-2024-55459","GHSA-cjgq-5qmw-rcj6","PYSEC-2025-121"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n61b-6n8p-dbgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212334?format=json","vulnerability_id":"VCID-prjz-56nu-wyez","summary":"Duplicate Advisory: Keras keras.utils.get_file API is vulnerable to a path traversal attack","references":[{"reference_url":"https://github.com/keras-team/keras/commit/47fcb397ee4caffd5a75efd1fa3067559594e951","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/commit/47fcb397ee4caffd5a75efd1fa3067559594e951"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12060","reference_id":"CVE-2025-12060","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12060"},{"reference_url":"https://github.com/advisories/GHSA-28jp-44vh-q42h","reference_id":"GHSA-28jp-44vh-q42h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-28jp-44vh-q42h"},{"reference_url":"https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9","reference_id":"GHSA-hjqc-jx6g-rwp9","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34860?format=json","purl":"pkg:pypi/keras@3.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5e7p-apxm-27bf"},{"vulnerability":"VCID-rg36-jn72-cyab"},{"vulnerability":"VCID-tun6-qts8-rfgs"},{"vulnerability":"VCID-w264-gysn-k7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.12.0"}],"aliases":["GHSA-28jp-44vh-q42h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-prjz-56nu-wyez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92344?format=json","vulnerability_id":"VCID-pv79-5h69-gqaz","summary":"A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8747","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08671","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8747"},{"reference_url":"https://github.com/advisories/GHSA-c9rc-mg46-23w3","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://github.com/advisories/GHSA-c9rc-mg46-23w3"},{"reference_url":"https://github.com/keras-team/keras/commit/713172ab56b864e59e2aa79b1a51b0e728bba858","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/commit/713172ab56b864e59e2aa79b1a51b0e728bba858"},{"reference_url":"https://github.com/keras-team/keras/security/advisories/GHSA-c9rc-mg46-23w3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/security/advisories/GHSA-c9rc-mg46-23w3"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keras/PYSEC-2025-75.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keras/PYSEC-2025-75.yaml"},{"reference_url":"https://jfrog.com/blog/keras-safe_mode-bypass-vulnerability","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jfrog.com/blog/keras-safe_mode-bypass-vulnerability"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8747","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8747"},{"reference_url":"https://github.com/keras-team/keras/pull/21429","reference_id":"21429","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:A"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-11T13:31:26Z/"}],"url":"https://github.com/keras-team/keras/pull/21429"},{"reference_url":"https://jfrog.com/blog/keras-safe_mode-bypass-vulnerability/","reference_id":"keras-safe_mode-bypass-vulnerability","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:A"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-11T13:31:26Z/"}],"url":"https://jfrog.com/blog/keras-safe_mode-bypass-vulnerability/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34609?format=json","purl":"pkg:pypi/keras@3.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2331-v9sq-4qb9"},{"vulnerability":"VCID-4q7c-unxm-5qaz"},{"vulnerability":"VCID-5e7p-apxm-27bf"},{"vulnerability":"VCID-91r7-3yk2-z7c7"},{"vulnerability":"VCID-auap-adx9-2qa5"},{"vulnerability":"VCID-fpk2-6qn4-auem"},{"vulnerability":"VCID-gns9-xy79-gbax"},{"vulnerability":"VCID-prjz-56nu-wyez"},{"vulnerability":"VCID-rg36-jn72-cyab"},{"vulnerability":"VCID-tun6-qts8-rfgs"},{"vulnerability":"VCID-w264-gysn-k7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.11.0"}],"aliases":["CVE-2025-8747","GHSA-c9rc-mg46-23w3","PYSEC-2025-75"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pv79-5h69-gqaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78924?format=json","vulnerability_id":"VCID-rg36-jn72-cyab","summary":"A vulnerability in the `TFSMLayer` class of the `keras` package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of `.keras` models, even when `safe_mode=True`. This bypasses the security guarantees of `safe_mode` and enables arbitrary attacker-controlled code execution during model inference under the victim's privileges. The issue arises due to the unconditional loading of external SavedModels, serialization of attacker-controlled file paths, and the lack of validation in the `from_config()` method.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1462.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1462.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1462","reference_id":"","reference_type":"","scores":[{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21652","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1462"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1462","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1462"},{"reference_url":"https://github.com/keras-team/keras/pull/22035","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/pull/22035"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1462","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1462"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457856","reference_id":"2457856","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457856"},{"reference_url":"https://huntr.com/bounties/7e78d6f1-6977-4300-b595-e81bdbda331c","reference_id":"7e78d6f1-6977-4300-b595-e81bdbda331c","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-13T18:53:01Z/"}],"url":"https://huntr.com/bounties/7e78d6f1-6977-4300-b595-e81bdbda331c"},{"reference_url":"https://github.com/keras-team/keras/commit/b6773d3decaef1b05d8e794458e148cb362f163f","reference_id":"b6773d3decaef1b05d8e794458e148cb362f163f","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-13T18:53:01Z/"}],"url":"https://github.com/keras-team/keras/commit/b6773d3decaef1b05d8e794458e148cb362f163f"},{"reference_url":"https://github.com/advisories/GHSA-4f3f-g24h-fr8m","reference_id":"GHSA-4f3f-g24h-fr8m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4f3f-g24h-fr8m"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24977","reference_id":"RHSA-2026:24977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24977"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/37781?format=json","purl":"pkg:pypi/keras@3.13.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.13.2"}],"aliases":["CVE-2026-1462","GHSA-4f3f-g24h-fr8m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rg36-jn72-cyab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212574?format=json","vulnerability_id":"VCID-tun6-qts8-rfgs","summary":"Duplicate Advisory: Keras vulnerable to arbitrary file read in the model loading mechanism (HDF5 integration)","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1669","reference_id":"CVE-2026-1669","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1669"},{"reference_url":"https://github.com/advisories/GHSA-gfmx-qqqh-f38q","reference_id":"GHSA-gfmx-qqqh-f38q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gfmx-qqqh-f38q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/37781?format=json","purl":"pkg:pypi/keras@3.13.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.13.2"}],"aliases":["GHSA-gfmx-qqqh-f38q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tun6-qts8-rfgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79126?format=json","vulnerability_id":"VCID-w264-gysn-k7dx","summary":"Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras model file utilizing HDF5 external dataset references.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1669.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1669.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1669","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02836","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1669"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1669","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1669"},{"reference_url":"https://github.com/keras-team/keras/commit/8a37f9dadd8e23fa4ee3f537eeb6413e75d12553","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/commit/8a37f9dadd8e23fa4ee3f537eeb6413e75d12553"},{"reference_url":"https://github.com/keras-team/keras/pull/22057","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/pull/22057"},{"reference_url":"https://github.com/keras-team/keras/releases/tag/v3.12.1","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/releases/tag/v3.12.1"},{"reference_url":"https://github.com/keras-team/keras/releases/tag/v3.13.2","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/releases/tag/v3.13.2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2439205","reference_id":"2439205","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2439205"},{"reference_url":"https://github.com/google/security-research/security/advisories","reference_id":"advisories","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-12T14:52:43Z/"}],"url":"https://github.com/google/security-research/security/advisories"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1669","reference_id":"CVE-2026-1669","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1669"},{"reference_url":"https://github.com/advisories/GHSA-3m4q-jmj6-r34q","reference_id":"GHSA-3m4q-jmj6-r34q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3m4q-jmj6-r34q"},{"reference_url":"https://github.com/keras-team/keras/security/advisories/GHSA-3m4q-jmj6-r34q","reference_id":"GHSA-3m4q-jmj6-r34q","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keras-team/keras/security/advisories/GHSA-3m4q-jmj6-r34q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/37784?format=json","purl":"pkg:pypi/keras@3.12.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5e7p-apxm-27bf"},{"vulnerability":"VCID-rg36-jn72-cyab"},{"vulnerability":"VCID-tun6-qts8-rfgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.12.1"},{"url":"http://public2.vulnerablecode.io/api/packages/37781?format=json","purl":"pkg:pypi/keras@3.13.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.13.2"}],"aliases":["CVE-2026-1669","GHSA-3m4q-jmj6-r34q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w264-gysn-k7dx"}],"fixing_vulnerabilities":[],"risk_score":"4.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/keras@3.4.1"}