Bounties
Partners
Community
Info
keras-team / keras
Project repository
Deep Learning for humans
Submit a report
FIRST INTERACTION
WITHIN
N/A DAYS
REVIEW
WITHIN
58 DAYS
FIX
WITHIN
97 DAYS
Incomplete Fix CVE-2026-1669 - Arbitrary File Read via HDF5 VDS External Links K...
Apr 18th 2026
9to5ai
•
self closed
Incomplete Fix CVE-2026-1669 - Arbitrary File Read via HDF5 VDS External Links K...
Apr 17th 2026
9to5ai
•
self closed
Incomplete Fix CVE-2026-1669 - Arbitrary File Read via HDF5 VDS External Links K...
Apr 17th 2026
9to5ai
•
self closed
Incomplete Fix CVE-2026-1669 - Arbitrary File Read via HDF5 VDS External Links K...
Apr 17th 2026
9to5ai
•
self closed
Incomplete Fix CVE-2026-1669 - Arbitrary File Read via HDF5 Virtual Datasets Ext...
Apr 17th 2026
9to5ai
•
self closed
Incomplete Fix CVE-2026-1669 - Arbitrary File Read via HDF5 VDS External Links K...
Apr 17th 2026
9to5ai
•
self closed
test
Apr 15th 2026
sark4
•
self closed
Arbitrary Code Execution via Insecure Deserialization of Lambda Layers in load_m...
Apr 11th 2026
finddabugs
•
duplicate
High
Keras tar extraction allows write outside current extraction directory(Tar-Slip)
Mar 26th 2026
asim-qazi
•
duplicate
High
Bypass of filter_safe_tarinfos via empty-name tar member in extract_open_archive
Mar 26th 2026
psdat123
•
duplicate
High
Arbitrary Code Execution via marshal.loads() in python_utils.py — CWE-94 Bytecod...
Apr 6th 2026
theoddesseyp-ai
•
not applicable
Arbitrary Code Execution via torch.load(weights_only=False) in TorchModuleWrappe...
Mar 16th 2026
theoddesseyp-ai
•
spam
Server-Side Request Forgery (SSRF) in RemoteMonitor Callback via Unvalidated URL...
Mar 16th 2026
elucidator-hky
•
self closed
Path traversal safety check bypass in is_path_in_dir() due to unsafe startswith(...
Mar 16th 2026
elucidator-hky
•
self closed
Pickle deserialization hardcodes safe_mode=False in __reduce__, bypassing safe m...
Mar 18th 2026
odysseypro25-project
•
self closed
Unsafe Deserialization via Lambda layer in Keras model loading
Apr 11th 2026
etwithin
•
duplicate
High
Unsafe Deserialization via torch.load(weights_only=False) in TorchModuleWrapper
Feb 24th 2026
nakosec
•
duplicate
High
Remote Code Execution (RCE) via Insecure Lambda Layer Deserialization in Keras
Feb 18th 2026
sebas5207418
•
spam
[CRITICAL] Remote Code Execution via Insecure Deserialization (CWE-502) in Keras...
Feb 8th 2026
akhmittra
•
duplicate
High
Remote Denial of Service via Unbounded Tensor Allocation in .keras Models
Mar 27th 2026
hyperps1
•
informative
High
Unsafe np.load(allow_pickle=True) in Dataset Loaders leads to Remote Code Execut...
Feb 8th 2026
mia-718ai
•
duplicate
High
Arbitrary Code Execution via Malicious Lambda Layer in Keras .keras Model Deseri...
Feb 1st 2026
amadhan882
•
duplicate
High
TFSMLayer bypasses `safe_mode=True`, allowing attacker-controlled code execution...
Apr 13th 2026
0xmanan
•
High
•
$900
High
•
$900
•
CVE-2026-1462
CVE-2026-1462
Arbitrary Code Execution via TorchModuleWrapper during Model Load
Feb 24th 2026
ajithkelangath
•
duplicate
Critical
Uncontrolled Resource Consumption via Zip Bomb in keras.utils.get_file
Apr 3rd 2026
yasinseyhun
•
pending
Remote code execution by exploiting a vulnerable GitHub workflow
Dec 23rd 2025
seljak00vac
•
self closed
Insecure Deserialization via Custom Object Injection in Keras Model Loading
Dec 18th 2025
1bdool492
•
duplicate
High
Multiple Denial-of-Service Vulnerabilities in keras.src.backend.tensorflow.image...
Mar 25th 2026
hyperps1
•
pending
Critical Denial-of-Service via Malicious .keras Model (HDF5 Shape Bomb Causes Pe...
Feb 28th 2026
hyperps
•
pending
Runtime Code Execution via Keras Lambda Layers Bypassing Safe Mode Protection
Apr 6th 2026
hyperps
•
duplicate
Critical
Code Injection via Keras Lambda Layer Leading to RCE
Apr 6th 2026
hyperps1
•
duplicate
Critical
Insecure Deserialization (RCE) via joblib Loader in python\_utils.func\_load
Apr 6th 2026
advisory1-lab
•
informative
High
Code Execution via Lambda Layer Deserialization When safe_mode=False
Oct 1st 2025
perfecxion-ai
•
self closed
Critical rce
Apr 6th 2026
shemshallah
•
spam
Path Traversal via load_img in keras
Dec 9th 2025
neineit
•
pending
Path Traversal vulnerability in keras using tar extract
Nov 28th 2025
ready-research
•
High
•
$750
High
•
$750
•
CVE-2025-12638
CVE-2025-12638
Unsafe Deserialization in Keras `load_model()` and `deserialize_keras_object()`...
Dec 18th 2025
msr123dsjsja-l
•
duplicate
High
Inference Backdoor in Keras via .h5 Model with Triggered Output Manipulation
Oct 31st 2025
b33l238u8
•
pending
TAR Slip via Path Traversal in Archive Extraction
Aug 12th 2025
kerkroups
•
pending
Deserialization of Untrusted Data
Jun 25th 2025
ceballosm
•
pending
Keras model load RCE in keras_native
May 7th 2025
azraelxuemo
•
pending
Arbitrary File Write Via "keras.utils.get_file" API
Apr 30th 2024
ngockhanhc311
•
informative
Critical
Malicious Keras Model Leads to RCE
Feb 15th 2024
legoclones
•
informative
Critical
Use of a Broken or Risky Cryptographic Algorithm
Feb 2nd 2024
hob1t
•
spam
Insecure Temporary File
Sep 13th 2023
nhienit2010
•
informative
High
Insecure Temporary File
Apr 12th 2024
nhienit2010
•
self closed
Inefficient Regular Expression Complexity
Mar 31st 2023
eduflowz
•
spam
Arbitrary Code Execution Vulnerability in Pillow's ImageMath Module (CVE-2022-22...
Mar 10th 2023
saintsconnor
•
spam
Multiple insecure temporary files
Jan 28th 2026
blueudp
•
not applicable
Code Injection
Jan 10th 2021
arjunshibu
•
pending
CRITICAL
$1500
HIGH
$750
MEDIUM
$125
LOW
$20
