Keras (Python) – Support, CVEs & Health

GHSA-36fq-jgmw-4r9c CVSS_V3

Keras is vulnerable to Deserialization of Untrusted Data

Published: 2025-09-19 Fixed in: 3.11.0

GHSA-36rr-ww3j-vrjv CVSS_V4

The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.

Published: 2025-09-19 Fixed in: 3.11.3

GHSA-3m4q-jmj6-r34q CVSS_V3

Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading

Published: 2026-02-18 Fixed in: 3.13.2

GHSA-48g7-3x6r-xfhp CVSS_V4

Arbitrary Code Execution via Crafted Keras Config for Model Loading

Published: 2025-03-11 Fixed in: 3.9.0

GHSA-4f3f-g24h-fr8m CVSS_V3

Keras has an untrusted deserialization vulnerability

Published: 2026-04-13 Fixed in: 3.13.2

GHSA-c9rc-mg46-23w3 CVSS_V3

Keras vulnerable to CVE-2025-1550 bypass via reuse of internal functionality

Published: 2025-08-12 Fixed in: 3.11.0

GHSA-cjgq-5qmw-rcj6 CVSS_V4

keras Path Traversal vulnerability

Published: 2025-01-08 No fix available

GHSA-cvhh-q5g5-qprp CVSS_V3

Keras framework vulnerable to deserialization of untrusted data

Published: 2025-10-17 Fixed in: 3.11.3

GHSA-hjqc-jx6g-rwp9 CVSS_V3

Keras Directory Traversal Vulnerability

Published: 2025-12-02 Fixed in: 3.12.0

GHSA-mgx6-5cf9-rr43 CVSS_V4

Keras vulnerable to DoS via Malicious .keras Model (HDF5 Shape Bomb Causes Petabyte Allocation in KerasFileEditor)

Published: 2026-05-06 Fixed in: 3.12.1

Keras