VIR Vulnerability Intelligence Relay

Package impact

golang Go / github.com/ollama/ollama

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-7482 critical 9.1 9.1 24d ago Ollama contains a heap out-of-bounds read vulnerability in the GGUF model loader golang
CVE-2026-7020 low 3.7 3.7 1mo ago Ollama is Vulnerable to Path Traversal susegolang
CVE-2025-63389 unknown 5mo ago Ollama has missing authentication enabling attackers to perform model management operations in github.com/ollama/ollama susegolang
CVE-2025-44779 unknown 10mo ago An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull. pythongolang
CVE-2025-51471 unknown 10mo ago Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW… pythongolang
CVE-2025-1975 unknown 1y ago A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improp… susepythongolang
CVE-2025-0315 unknown 1y ago Ollama Allocation of Resources Without Limits or Throttling vulnerability in github.com/ollama/ollama golang
CVE-2025-0312 unknown 1y ago Ollama Denial of Service (DoS) via Null Pointer Dereference in github.com/ollama/ollama golang
CVE-2025-0317 unknown 1y ago Ollama Divide By Zero vulnerability in github.com/ollama/ollama golang
CVE-2024-12886 unknown 1y ago Ollama Vulnerable to Denial of Service (DoS) via Crafted GZIP in github.com/ollama/ollama golang
CVE-2024-12055 unknown 1y ago Ollama Allows Out-of-Bounds Read in github.com/ollama/ollama golang
CVE-2024-8063 unknown 1y ago A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when importing GGUF models with a crafted type for `block_count` in the Modelfile. This can lead to a d… pythongolang
CVE-2024-39720 unknown 2y ago Ollama Out-of-bounds Read in github.com/ollama/ollama susegolang
CVE-2024-45436 unknown 2y ago Ollama can extract members of a ZIP archive outside of the parent directory in github.com/ollama/ollama golang
CVE-2024-37032 unknown 2y ago Ollama does not validate the format of the digest (sha256 with 64 hex digits) in github.com/ollama/ollama golang
CVE-2024-28224 unknown 2y ago Ollama DNS rebinding vulnerability in github.com/jmorganca/ollama golang