CVE-2026-7482

< 0.17.1

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts a

9.1CRITICAL

CVE-2026-42249

>= 0.12.10 and <= 0.17.5

Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑

9.8CRITICAL

CVE-2026-42248

>= 0.12.10 and <= 0.17.5

Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platform

9.8CRITICAL

CVE-2026-7020

>= 0.20.0 and <= 0.20.2

A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer

3.7LOW

CVE-2025-66960

all versions

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1Str

7.5HIGH

CVE-2025-66959

all versions

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder

7.5HIGH

CVE-2025-15514

>= 0.11.6 and <= 0.13.5

Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image p

7.5HIGH

CVE-2025-63389

<= 0.12.3

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.

9.8CRITICAL

CVE-2025-44779

all versions

An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull.

6.6MEDIUM

CVE-2025-51471

all versions

Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication t

6.9MEDIUM

CVE-2025-1975

all versions

A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizi

7.5HIGH

CVE-2025-0317

<= 0.3.14

A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to upload and create a customized GGUF model file on th

7.5HIGH

CVE-2025-0315

<= 0.3.14

A vulnerability in ollama/ollama <=0.3.14 allows a malicious user to create a customized GGUF model file, upload it to the Ollama

7.5HIGH

CVE-2025-0312

<= 0.3.14

A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a customized GGUF model file that, when uploa

7.5HIGH

CVE-2024-8063

all versions

A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when importing GGUF models with a

7.5HIGH

CVE-2024-12055

<= 0.3.14

A vulnerability in Ollama versions <=0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to

7.5HIGH

CVE-2024-39722

< 0.1.46

An issue was discovered in Ollama before 0.1.46. It exposes which files exist on the server on which it is deployed via path trave

7.5HIGH

CVE-2024-39721

< 0.1.34

An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The

7.5HIGH

CVE-2024-39720

< 0.1.46

An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing

8.2HIGH

CVE-2024-39719

<= 0.3.14

An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel

7.5HIGH

CVE-2024-45436

< 0.1.47

extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.

7.5HIGH

CVE-2024-37032

< 0.1.34

Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus

8.8HIGH

CVE-2024-28224

< 0.1.29

Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting

6.6MEDIUM