VYPR
Vendor

Ollama

Products
1
CVEs
25
Across products
27
Status
Private

Products

1

Recent CVEs

25
View all 25 CVEs →
  • CVE-2026-42249CriApr 29, 2026
    risk 0.57cvss 9.8epss 0.01

    Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the application constructs local file paths using values derived from HTTP headers…

  • CVE-2026-42248CriApr 29, 2026
    risk 0.57cvss 9.8epss 0.00

    Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is…

  • CVE-2026-7482CriMay 4, 2026
    risk 0.52cvss 9.1epss 0.01

    Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go…

  • CVE-2024-12886HigMar 20, 2025
    risk 0.49cvss 7.5epss 0.01

    An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the `ollama` server crashing. The vulnerability is present in the…

  • CVE-2026-5530MedApr 5, 2026
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted…

  • CVE-2026-7020LowApr 26, 2026
    risk 0.17cvss 3.7epss 0.01

    A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be…

  • CVE-2024-39719Oct 31, 2024
    risk 0.04cvss epss 0.04

    An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file…

  • CVE-2024-37032May 31, 2024
    risk 0.03cvss epss 0.90

    Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring.

  • CVE-2025-66960Jan 21, 2026
    risk 0.00cvss epss 0.00

    An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata

  • CVE-2025-66959Jan 21, 2026
    risk 0.00cvss epss 0.05

    An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder

  • CVE-2025-15514Jan 12, 2026
    risk 0.00cvss epss 0.01

    Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded…

  • CVE-2025-63389Dec 18, 2025
    risk 0.00cvss epss 0.01

    A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management…

  • CVE-2025-44779Aug 7, 2025
    risk 0.00cvss epss 0.00

    An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull.

  • CVE-2025-51471Jul 22, 2025
    risk 0.00cvss epss 0.04

    Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint.

  • CVE-2025-1975May 16, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull…

  • CVE-2024-8063Mar 20, 2025
    risk 0.00cvss epss 0.01

    A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when importing GGUF models with a crafted type for `block_count` in the Modelfile. This can lead to a denial of service (DoS) condition when the server processes the model, causing it…

  • CVE-2025-0312Mar 20, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an unchecked null pointer dereference. This can lead to a Denial of Service (DoS)…

  • CVE-2025-0317Mar 20, 2025
    risk 0.00cvss epss 0.13

    A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to upload and create a customized GGUF model file on the Ollama server. This can lead to a division by zero error in the ggufPadding function, causing the server to crash and resulting in a Denial of…

  • CVE-2025-0315Mar 20, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in ollama/ollama <=0.3.14 allows a malicious user to create a customized GGUF model file, upload it to the Ollama server, and create it. This can cause the server to allocate unlimited memory, leading to a Denial of Service (DoS) attack.

  • CVE-2024-12055Mar 20, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in Ollama versions <=0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama server. When the server processes this malicious model, it crashes, leading to a Denial of Service (DoS) attack. The root cause of…