Keras
This hub aggregates every CVE we track for Keras, a product in the ai ml space. Use it to gauge the current risk picture and drill into individual advisories.
10
CVEs tracked
3
Critical
6
High
0
In CISA KEV
Severity distribution
HIGH6CRITICAL3MEDIUM1
Monthly trend
0
0
0
0
0
0
1
0
1
0
0
0
0
1
2
1
1
0
1
1
0
0
0
0
2024-072026-06
Latest CVEs
The 10 most recently published vulnerabilities affecting Keras.
- CVE-2026-1669Arbitrary File Read in Keras via HDF5 External Datasets7.5
- CVE-2026-0897Denial of Service in Keras via Excessive Memory Allocation in HDF5 Metadata7.5
- CVE-2025-12638Path Traversal Vulnerability in keras-team/keras via Tar Archive Extraction in keras.utils.get_file()8.0
- CVE-2025-49655Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a Torch...9.8
- CVE-2025-9905Arbitary Code execution in Keras load_model()7.3
- CVE-2025-9906Arbitrary Code execution in Keras Safe Mode7.3
- CVE-2025-8747Keras safe_mode bypass allows arbitrary code execution when loading a malicious model.7.8
- CVE-2025-1550Arbitrary Code Execution via Crafted Keras Config for Model Loading9.8
- CVE-2024-55459An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.6.5
- CVE-2024-3660Arbitrary code injection vulnerability in Keras framework < 2.139.8
Product normalization is registry-driven with AI assist and human review. How it works