📦 Keras

CVE-2025-1550 is a critical remote code execution vulnerability in Keras where the Model.load_model function can execute arbitrary Python code even with safe_mode=True. Attackers can craft malicious ....

This CVE describes a critical arbitrary code injection vulnerability in TensorFlow's Keras framework that allows attackers to execute arbitrary code with the same permissions as the vulnerable applica...

This vulnerability allows remote attackers to read arbitrary local files on systems running vulnerable Keras versions by exploiting a flaw in the HDF5 model loading mechanism. Attackers can craft mali...

This vulnerability allows remote attackers to cause Denial of Service (DoS) by sending a specially crafted .keras archive with an extremely large dataset shape declaration. When Keras attempts to load...

CVE-2025-9906 is a critical vulnerability in Keras that allows arbitrary code execution when loading specially crafted .keras model files. Attackers can bypass safe_mode=True protection by embedding m...

A safe mode bypass vulnerability in Keras allows attackers to execute arbitrary code by tricking users into loading malicious .keras model archives. This affects all users of Keras versions 3.0.0 thro...

A vulnerability in Keras 3.7.0 allows attackers to write arbitrary files to a user's machine by exploiting the get_file function with a malicious tar archive. This affects any application using Keras ...