GHSA-36rr-ww3j-vrjv: The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.

GHSA-w5fx-fh39-j5rw: Codex has sandbox bypass due to bug in path configuration logic

GHSA-g4rr-88fc-26fj: Grafana-Zabbix ReDoS vulnerability

GHSA-77wq-646f-jrm2: Duplicate Advisory: The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded.

GHSA-36fq-jgmw-4r9c: Keras is vulnerable to Deserialization of Untrusted Data

with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system.

**mlflow Command Injection vulnerability**

Critical severity GitHub Reviewed Published Dec 19, 2023 to the GitHub Advisory Database • Updated Dec 19, 2023

Headline

GHSA-hvc6-42vf-jhf8: mlflow Command Injection vulnerability

ghsa: Latest News