ollama

Top products

The 15 most recently published vulnerabilities affecting ollama.

• CVE-2026-7482Ollama heap out-of-bounds read in GGUF tensor parsing leaks server process memory to unauthenticated remote attackers9.1May 4, 2026
• CVE-2026-42249Remote Code Execution in Ollama via Update Mechanism9.8Apr 29, 2026
• CVE-2026-42248Missing Signature Verification for Updates in Ollama9.8Apr 29, 2026
• CVE-2026-7020Ollama Tensor Model Transfer transfer.go digestToPath path traversal3.7Apr 26, 2026
• CVE-2025-66960An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata7.5Jan 21, 2026
• CVE-2025-66959An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder7.5Jan 21, 2026
• CVE-2025-15514Ollama Multi-Modal Model Image Processing NULL Pointer Dereference7.5Jan 12, 2026
• CVE-2025-63389A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring au...9.8Dec 18, 2025
• CVE-2025-44779An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull.6.6Aug 7, 2025
• CVE-2025-51471Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a W...6.9Jul 22, 2025
• CVE-2025-1975Improper Validation of Array Index in ollama/ollama7.5May 16, 2025
• CVE-2024-8063Divide by Zero in ollama/ollama7.5Mar 20, 2025
• CVE-2025-0312NULL Pointer Dereference in ollama/ollama7.5Mar 20, 2025
• CVE-2024-12886Out-Of-Memory (OOM) Vulnerability in ollama/ollama7.5Mar 20, 2025
• CVE-2025-0317Divide By Zero in ollama/ollama7.5Mar 20, 2025