Version 3.8.0

keras

Multi-backend Keras

Install Instructions

pip install keras
Current Version Release Date January 07, 2025
Language Python
Package URL (purl) pkg:pip/keras@3.8.0

Find keras vulnerabilities in your supply chain.

Scan for Free

keras Vulnerabilities

Sort by
icon CVE (Latest)
  • icon CVE (Latest)
  • icon CVE (Oldest)
  • icon CVSS Score (Highest)
  • icon CVSS Score (Lowest)
CVE question mark icon CVSS Score question mark icon CWE(s) question mark icon EPSS Score question mark icon EPSS % question mark icon Impacted Versions
CVE-2024-3660 High 9.8 0.00043 0.11433
  • 2.0.0–2.12.0rc1
  • 1.0.0–1.2.2
  • 0.2.0–0.3.3
CVE-2024-55459 Medium 6.5 CWE-494, CWE-22 0.00045 0.17796
  • 3.0.0–3.7.0
  • 2.0.0–2.15.0rc1
  • 1.0.0–1.2.2
  • 0.2.0–0.3.3

keras Vulnerability Remediation Guidance

CVE Description Full list of Impacted Versions Fix
CVE-2024-55459 An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function. 2.10.0rc1, 2.11.0, 2.8.0rc1, 3.7.0, 3.6.0, 2.4.0, 3.2.1, 2.14.0 (Show all) Patch → 3.8.0
CVE-2024-3660 A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application. 2.10.0rc1, 2.11.0, 2.8.0rc1, 2.4.0, 2.12.0, 2.12.0rc0, 2.12.0rc1, 2.11.0rc3 (Show all) Patch → 3.8.0

Instantly see if these keras vulnerabilities affect your code.

Scan for Free

Dependencies

Packages using versions of keras affected by its vulnerabilities

Dependent Packages
absl-py
numpy
rich
namex
h5py
optree
ml-dtypes
packaging