Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ollama — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting ollama. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Ollama serves as a platform for running and managing large language models locally, enabling developers to deploy AI models without cloud dependencies. Historically, the project has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with 11 CVEs documented to date. Security concerns often stem from improper input validation and insecure default configurations. While no major public security incidents have been widely reported, the accumulation of CVEs indicates ongoing challenges in secure development practices. Users should implement network segmentation and regular updates to mitigate risks associated with local model deployments.

Top products by ollama: ollama/ollama Ollama
CVE IDTitleCVSSSeverityPublished
CVE-2026-7482 Ollama heap out-of-bounds read in GGUF tensor parsing leaks server process memory to unauthenticated remote attackers — ollamaCWE-125 9.1 Critical2026-05-04
CVE-2026-42249 Remote Code Execution in Ollama via Update Mechanism — OllamaCWE-494 8.8AIHighAI2026-04-29
CVE-2026-42248 Missing Signature Verification for Updates in Ollama — OllamaCWE-494 8.4AIHighAI2026-04-29
CVE-2025-15514 Ollama Multi-Modal Model Image Processing NULL Pointer Dereference — OllamaCWE-395 7.5AIHighAI2026-01-12
CVE-2025-1975 Improper Validation of Array Index in ollama/ollama — ollama/ollamaCWE-129 7.5AIHighAI2025-05-16
CVE-2024-8063 Divide by Zero in ollama/ollama — ollama/ollamaCWE-369 7.5 -2025-03-20
CVE-2025-0312 NULL Pointer Dereference in ollama/ollama — ollama/ollamaCWE-476 6.5 -2025-03-20
CVE-2024-12886 Out-Of-Memory (OOM) Vulnerability in ollama/ollama — ollama/ollamaCWE-409 7.5 -2025-03-20
CVE-2025-0317 Divide By Zero in ollama/ollama — ollama/ollamaCWE-369 6.5 -2025-03-20
CVE-2025-0315 Allocation of Resources Without Limits or Throttling in ollama/ollama — ollama/ollamaCWE-770 6.5 -2025-03-20
CVE-2024-12055 DoS using malicious gguf model file in ollama/ollama — ollama/ollamaCWE-125 6.5 -2025-03-20

This page lists every published CVE security advisory associated with ollama. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.