GHSA-36rr-ww3j-vrjv: The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.

GHSA-w5fx-fh39-j5rw: Codex has sandbox bypass due to bug in path configuration logic

GHSA-g4rr-88fc-26fj: Grafana-Zabbix ReDoS vulnerability

GHSA-36fq-jgmw-4r9c: Keras is vulnerable to Deserialization of Untrusted Data

GHSA-77wq-646f-jrm2: Duplicate Advisory: The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.

An issue in langchain allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.

**langchain vulnerable to arbitrary code execution**

High severity GitHub Reviewed Published Jul 6, 2023 to the GitHub Advisory Database • Updated Jul 6, 2023

Headline

GHSA-57fc-8q82-gfp3: langchain vulnerable to arbitrary code execution

ghsa: Latest News