Browse all 4 CVE security advisories affecting Keras-team. AI-powered Chinese analysis, POCs, and references for each vulnerability.
The Keras-team develops an open-source neural network API widely used for machine learning applications. Historically, their software has been associated with remote code execution vulnerabilities, particularly in deserialization functions, and cross-site scripting issues through improper input sanitization. While no major security incidents have been widely documented, the project maintains four CVE records, primarily focusing on RCE flaws in data processing components. The team emphasizes security in their development lifecycle, with regular updates addressing identified vulnerabilities. Their codebase generally follows secure coding practices, though the complexity of machine learning frameworks continues to present potential attack surfaces for exploitation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-1462 | Safe Mode Bypass in keras-team/keras — keras-team/kerasCWE-502 | 7.5 | - | 2026-04-13 |
| CVE-2025-12638 | Path Traversal Vulnerability in keras-team/keras via Tar Archive Extraction in keras.utils.get_file() — keras-team/kerasCWE-22 | 9.1 | - | 2025-11-28 |
| CVE-2025-9905 | Arbitary Code execution in Keras load_model() — KerasCWE-913 | 7.8 | - | 2025-09-19 |
| CVE-2025-9906 | Arbitrary Code execution in Keras Safe Mode — KerasCWE-502 | 8.8 | - | 2025-09-19 |
This page lists every published CVE security advisory associated with Keras-team. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.