Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: python313Packages.tf-keras

Found 2 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-1669
created 2 months, 1 week ago
Arbitrary File Read in Keras via HDF5 External Datasets

Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras model file utilizing HDF5 external dataset references.

Affected products

Keras
  • <3.13.1

Matching in nixpkgs

pkgs.python313Packages.keras

Multi-backend implementation of the Keras API, with support for TensorFlow, JAX, and PyTorch

Package maintainers

Untriaged
Permalink CVE-2026-0897
created 3 months ago
Denial of Service in Keras via Excessive Memory Allocation in HDF5 Metadata

Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.

Affected products

Keras
  • =<3.13.0

Matching in nixpkgs

Package maintainers