Github.Com Ollama Ollama vulnerabilities
16 known vulnerabilities affecting github.com/ollama_ollama.
Total CVEs
16
CISA KEV
0
Public exploits
2
Exploited in wild
2
Severity breakdown
CRITICAL1HIGH11MEDIUM3LOW1
Vulnerabilities
Page 1 of 1
CVE-2024-37032P1MEDIUMExploitedPoC≥ 0, < 0.1.342024-05-31
CVE-2024-37032 [MEDIUM] Ollama does not validate the format of the digest (sha256 with 64 hex digits)
Ollama does not validate the format of the digest (sha256 with 64 hex digits)
Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial `../` substring.
ghsaosv
CVE-2026-7482P1HIGHExploitedPoC≥ 0, < 0.17.12026-05-04
CVE-2026-7482 [HIGH] CWE-125 Ollama contains a heap out-of-bounds read vulnerability in the GGUF model loader
Ollama contains a heap out-of-bounds read vulnerability in the GGUF model loader
Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and server/quantization.go (Wri
ghsa
CVE-2025-63389P2CRITICAL≥ 0, ≤ 0.13.52025-12-18
CVE-2025-63389 [CRITICAL] CWE-284 Ollama Platform has missing authentication enabling attackers to perform model management operations
Ollama Platform has missing authentication enabling attackers to perform model management operations
A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized mo
ghsaosv
CVE-2025-0317P3HIGH≥ 0, ≤ 0.3.142025-03-20
CVE-2025-0317 [HIGH] CWE-369 Ollama Divide By Zero vulnerability
Ollama Divide By Zero vulnerability
A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to upload and create a customized GGUF model file on the Ollama server. This can lead to a division by zero error in the ggufPadding function, causing the server to crash and resulting in a Denial of Service (DoS) attack.
ghsaosv
CVE-2025-51471P3MEDIUM≥ 0, ≤ 0.9.62025-07-22
CVE-2025-51471 [MEDIUM] CWE-345 Ollama vulnerable to Cross-Domain Token Exposure
Ollama vulnerable to Cross-Domain Token Exposure
Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint.
ghsaosv
CVE-2024-39720P3HIGH≥ 0, < 0.1.462024-10-31
CVE-2024-39720 [HIGH] CWE-125 Ollama Out-of-bounds Read
Ollama Out-of-bounds Read
An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file, the attacker can crash the application through the CreateModel route, leading to a segmentation fault (signal SIGSEGV:
ghsaosv
CVE-2024-45436P3HIGH≥ 0, < 0.1.472024-08-29
CVE-2024-45436 [HIGH] CWE-22 Ollama can extract members of a ZIP archive outside of the parent directory
Ollama can extract members of a ZIP archive outside of the parent directory
`extractFromZipFile` in `model.go` in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.
ghsaosv
CVE-2024-12886P3HIGH≥ 0, ≤ 0.3.142025-03-20
CVE-2024-12886 [HIGH] CWE-400 Ollama Vulnerable to Denial of Service (DoS) via Crafted GZIP
Ollama Vulnerable to Denial of Service (DoS) via Crafted GZIP
An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the `ollama` server crashing. The vulnerability is present in the `makeRequestWithRetry` and `getAuthorizationToken` functions, which use `io.Read
ghsaosv
CVE-2024-12055P3HIGH≥ 0, ≤ 0.3.142025-03-20
CVE-2024-12055 [HIGH] CWE-125 Ollama Allows Out-of-Bounds Read
Ollama Allows Out-of-Bounds Read
A vulnerability in Ollama versions <=0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama server. When the server processes this malicious model, it crashes, leading to a Denial of Service (DoS) attack. The root cause of the issue is an out-of-bounds read in the gguf.go file.
ghsaosv
CVE-2025-1975P3HIGH≥ 0, ≤ 0.5.112025-05-16
CVE-2025-1975 [HIGH] CWE-129 Ollama Server Vulnerable to Denial of Service (DoS) Attack
Ollama Server Vulnerable to Denial of Service (DoS) Attack
A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash.
ghsaosv
CVE-2024-8063P3HIGH≥ 0, ≤ 0.3.32025-03-20
CVE-2024-8063 [HIGH] CWE-369 Ollama Divide by Zero Vulnerability
Ollama Divide by Zero Vulnerability
A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when importing GGUF models with a crafted type for `block_count` in the Modelfile. This can lead to a denial of service (DoS) condition when the server processes the model, causing it to crash.
ghsaosv
CVE-2025-0315P3HIGH≥ 0, ≤ 0.3.142025-03-20
CVE-2025-0315 [HIGH] CWE-770 Ollama Allocation of Resources Without Limits or Throttling vulnerability
Ollama Allocation of Resources Without Limits or Throttling vulnerability
A vulnerability in ollama/ollama <=0.3.14 allows a malicious user to create a customized GGUF model file, upload it to the Ollama server, and create it. This can cause the server to allocate unlimited memory, leading to a Denial of Service (DoS) attack.
ghsaosv
CVE-2025-0312P3HIGH≥ 0, ≤ 0.3.142025-03-20
CVE-2025-0312 [HIGH] CWE-476 Ollama Denial of Service (DoS) via Null Pointer Dereference
Ollama Denial of Service (DoS) via Null Pointer Dereference
A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an unchecked null pointer dereference. This can lead to a Denial of Service (DoS) attack via remote network.
ghsaosv
CVE-2025-44779P4MEDIUM≥ 0, < 0.1.342025-08-07
CVE-2025-44779 [MEDIUM] CWE-20 Ollama allows deletion of arbitrary files
Ollama allows deletion of arbitrary files
An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull.
ghsaosv
CVE-2024-28224P4HIGH≥ 0, < 0.1.292024-04-08
CVE-2024-28224 [HIGH] CWE-290 Ollama DNS rebinding vulnerability
Ollama DNS rebinding vulnerability
Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion).
ghsaosv
CVE-2026-7020P4LOW≥ 0, ≤ 0.20.22026-04-26
CVE-2026-7020 [LOW] CWE-22 Ollama is Vulnerable to Path Traversal
Ollama is Vulnerable to Path Traversal
A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is reported as difficult. T
ghsa