ollama
PyPI6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting ollamapage 1 of 1
- CVE-2024-8063HIGHCVSS 7.5EG 7.52025-03-20
vulnerable: 0.0.0 ... 0.3.3 (17 versions)
A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when importing GGUF models with a crafted type for `block_count` in the Modelfile. This can lead to a denial of service (DoS) condition when th…
- CVE-2025-1975HIGHCVSS 7.5EG 7.52025-05-16
vulnerable: 0.0.0 ... 0.5.4 (32 versions)
A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when…
- CVE-2025-44779MEDIUMCVSS 6.6EG 6.62025-08-07
An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull.
- CVE-2025-51471MEDIUMCVSS 6.9EG 6.92025-07-22
Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /ap…
- CVE-2025-66959HIGHCVSS 7.5EG 7.52026-01-21
An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder
- CVE-2025-66960HIGHCVSS 7.5EG 7.52026-01-21
An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata
Check whether ollama is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for ollama CVEs against the assets you own.
Start Free Scan →