297 matches found
Interger Overflow
executorch is vulnerable to integer overflow. The vulnerability is due to improper handling of integer calculations during model loading, which allows an attacker to cause smaller-than-expected memory allocations leading to potential code execution or other unintended effects...
EUVD-2025-21559
Malicious code in bioql PyPI...
EUVD-2025-21560
Malicious code in bioql PyPI...
EUVD-2025-24608
Malicious code in bioql PyPI...
EUVD-2025-21561
Malicious code in bioql PyPI...
EUVD-2025-13509
Malicious code in bioql PyPI...
EUVD-2024-53164
Malicious code in bioql PyPI...
EUVD-2024-53160
Malicious code in bioql PyPI...
EUVD-2024-53161
Malicious code in bioql PyPI...
EUVD-2024-52178
Malicious code in bioql PyPI...
EUVD-2025-21558
Malicious code in bioql PyPI...
EUVD-2025-23967
Malicious code in bioql PyPI...
EUVD-2025-30277
Malicious code in bioql PyPI...
Heap Buffer Overflow
executorch is vulnerable to Heap Buffer Overflow. The vulnerability is due to improper handling in the loading of ExecuTorch models, which allows an attacker to achieve code execution or cause other undesirable effects...
Integer Overflow
executorch is vulnerable to integer overflow. The vulnerability is due to improper handling in the loading of ExecuTorch models, which allows an attacker to place objects outside their allocated memory area leading to potential code execution or other undesirable effects...
Integer Overflow
executorch is vulnerable to integer overflow. The vulnerability is due to improper handling of model loading, which allows an attacker to trigger overlapping allocations leading to potential code execution or other undesirable effects...
Duplicate Advisory: The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-36rr-ww3j-vrjv. This link is maintained to preserve external references. Original Description The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One c...
CVE-2025-9905
The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...
PYSEC-2025-123
The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...
AZL-67505 CVE-2025-9905 affecting package keras for versions less than 3.3.3-4
The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...