Bounties
Partners
Community
Info
keras-team / keras
Project repository
Deep Learning for humans
Submit a report
FIRST INTERACTION
WITHIN
N/A DAYS
REVIEW
WITHIN
24 DAYS
FIX
WITHIN
94 DAYS
test
May 20th 2026
nihcod
•
self closed
RCE via marshal.loads in func_load when loading untrusted Keras models
May 22nd 2026
galanzi2580-wq
•
self closed
Export-time Allocation Denial of Service via Malicious input_signature in Keras
May 22nd 2026
galanzi2580-wq
•
self closed
Unauthenticated RCE and Path Traversal in Keras Model Deserialization
May 8th 2026
c4rbn
•
self closed
Incomplete Fix CVE-2026-1669 - Arbitrary File Read via HDF5 VDS External Links K...
Apr 18th 2026
9to5ai
•
self closed
Incomplete Fix CVE-2026-1669 - Arbitrary File Read via HDF5 VDS External Links K...
Apr 17th 2026
9to5ai
•
self closed
Incomplete Fix CVE-2026-1669 - Arbitrary File Read via HDF5 VDS External Links K...
Apr 17th 2026
9to5ai
•
self closed
Incomplete Fix CVE-2026-1669 - Arbitrary File Read via HDF5 VDS External Links K...
Apr 17th 2026
9to5ai
•
self closed
Incomplete Fix CVE-2026-1669 - Arbitrary File Read via HDF5 Virtual Datasets Ext...
Apr 17th 2026
9to5ai
•
self closed
Incomplete Fix CVE-2026-1669 - Arbitrary File Read via HDF5 VDS External Links K...
Apr 17th 2026
9to5ai
•
self closed
test
Apr 15th 2026
sark4
•
self closed
Arbitrary Code Execution via Insecure Deserialization of Lambda Layers in load_m...
Apr 11th 2026
finddabugs
•
duplicate
High
Keras tar extraction allows write outside current extraction directory(Tar-Slip)
Mar 26th 2026
asim-qazi
•
duplicate
High
Bypass of filter_safe_tarinfos via empty-name tar member in extract_open_archive
Mar 26th 2026
psdat123
•
duplicate
High
Arbitrary Code Execution via marshal.loads() in python_utils.py — CWE-94 Bytecod...
Apr 6th 2026
theoddesseyp-ai
•
not applicable
Arbitrary Code Execution via torch.load(weights_only=False) in TorchModuleWrappe...
Mar 16th 2026
theoddesseyp-ai
•
spam
Server-Side Request Forgery (SSRF) in RemoteMonitor Callback via Unvalidated URL...
Mar 16th 2026
elucidator-hky
•
self closed
Path traversal safety check bypass in is_path_in_dir() due to unsafe startswith(...
Mar 16th 2026
elucidator-hky
•
self closed
Pickle deserialization hardcodes safe_mode=False in __reduce__, bypassing safe m...
Mar 18th 2026
odysseypro25-project
•
self closed
Unsafe Deserialization via Lambda layer in Keras model loading
Apr 11th 2026
etwithin
•
duplicate
High
Unsafe Deserialization via torch.load(weights_only=False) in TorchModuleWrapper
Feb 24th 2026
nakosec
•
duplicate
High
Path traversal via startswith() prefix confusion in is_path_in_dir (bypass of CV...
May 22nd 2026
optimus-fulcria
•
pending
RCE via eval() in keras-hub RWKVTokenizer Bypasses Keras safe_mode
May 18th 2026
morecitricacid-coder
•
pending
RCE via eval() in keras-hub RWKVTokenizer Bypasses Keras safe_mode
May 18th 2026
morecitricacid-coder
•
pending
Security Filter Bypass in get_file: filter_safe_zipinfos validates CWD instead o...
May 16th 2026
catalyzer9867
•
duplicate
Medium
Remote Code Execution (RCE) via Insecure Lambda Layer Deserialization in Keras
Feb 18th 2026
sebas5207418
•
spam
[CRITICAL] Remote Code Execution via Insecure Deserialization (CWE-502) in Keras...
Feb 8th 2026
akhmittra
•
duplicate
High
Zip Slip path traversal in keras.utils.get_file(..., extract=True) archive extra...
May 3rd 2026
theagentknownasren-gif
•
None
None
Remote Denial of Service via Unbounded Tensor Allocation in .keras Models
Mar 27th 2026
hyperps1
•
informative
High
Unsafe np.load(allow_pickle=True) in Dataset Loaders leads to Remote Code Execut...
Feb 8th 2026
mia-718ai
•
duplicate
High
Keras get_file() Server-Side Request Forgery via Unvalidated Origin Parameter
May 2nd 2026
mia-718ai
•
pending
Arbitrary Code Execution via Malicious Lambda Layer in Keras .keras Model Deseri...
Feb 1st 2026
amadhan882
•
duplicate
High
Path Traversal on Windows via Backslashes in Operation/Layer Names
Apr 28th 2026
spamblue890-oss
•
pending
Infinite Loop Denial of Service via Circular Dependencies in Functional Model De...
Apr 28th 2026
spamblue890-oss
•
pending
TFSMLayer bypasses `safe_mode=True`, allowing attacker-controlled code execution...
Apr 13th 2026
0xmanan
•
High
•
$900
High
•
$900
•
CVE-2026-1462
CVE-2026-1462
Arbitrary Code Execution via TorchModuleWrapper during Model Load
Feb 24th 2026
ajithkelangath
•
duplicate
Critical
Uncontrolled Resource Consumption via Zip Bomb in keras.utils.get_file
Apr 3rd 2026
yasinseyhun
•
pending
Remote code execution by exploiting a vulnerable GitHub workflow
Dec 23rd 2025
seljak00vac
•
self closed
Insecure Deserialization via Custom Object Injection in Keras Model Loading
Dec 18th 2025
1bdool492
•
duplicate
High
Multiple Denial-of-Service Vulnerabilities in keras.src.backend.tensorflow.image...
Mar 25th 2026
hyperps1
•
pending
Critical Denial-of-Service via Malicious .keras Model (HDF5 Shape Bomb Causes Pe...
Feb 28th 2026
hyperps
•
pending
Runtime Code Execution via Keras Lambda Layers Bypassing Safe Mode Protection
Apr 6th 2026
hyperps
•
duplicate
Critical
Code Injection via Keras Lambda Layer Leading to RCE
Apr 6th 2026
hyperps1
•
duplicate
Critical
Insecure Deserialization (RCE) via joblib Loader in python\_utils.func\_load
Apr 6th 2026
advisory1-lab
•
informative
High
Code Execution via Lambda Layer Deserialization When safe_mode=False
Oct 1st 2025
perfecxion-ai
•
self closed
Critical rce
Apr 6th 2026
shemshallah
•
spam
Path Traversal via load_img in keras
Dec 9th 2025
neineit
•
pending
Path Traversal vulnerability in keras using tar extract
Nov 28th 2025
ready-research
•
High
•
$750
High
•
$750
•
CVE-2025-12638
CVE-2025-12638
Unsafe Deserialization in Keras `load_model()` and `deserialize_keras_object()`...
Dec 18th 2025
msr123dsjsja-l
•
duplicate
High
Inference Backdoor in Keras via .h5 Model with Triggered Output Manipulation
Oct 31st 2025
b33l238u8
•
pending
TAR Slip via Path Traversal in Archive Extraction
Aug 12th 2025
kerkroups
•
pending
Deserialization of Untrusted Data
Jun 25th 2025
ceballosm
•
pending
Show more...
CRITICAL
$1500
HIGH
$750
MEDIUM
$125
LOW
$20
