Ollama Vulnerabilities

pip LLM Inference

AI Threat Alert tracks 27 known vulnerabilities in Ollama, 6 rated critical — an AI/ML llm inference in the pip ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
84
Risk Score
27
Total CVEs
6
Critical
pip
Ecosystem
Jun 26, 2026
Last CVE
11%
Patch Rate
18d
Avg Time to Patch
175,009 stars 16,751 forks 3,505 issues 1,559 dependents Last push Jun 28, 2026
View on GitHub

Known Vulnerabilities (27 total, page 1 of 2)

Severity CVE ID Summary CVSS Published
HIGH CVE-2026-5757 Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence. 7.5 Jun 26, 2026 CRITICAL CVE-2026-46339 9router: unauthenticated RCE exposes LLM API keys 10.0 May 19, 2026 MEDIUM CVE-2026-43979 local-deep-research: HTML injection enables SSRF via WeasyPrint 5.0 May 11, 2026 CRITICAL CVE-2026-44007 vm2: sandbox escape via nesting:true enables RCE 9.1 May 7, 2026 CRITICAL CVE-2026-7482 Ollama: heap OOB read leaks API keys and chat data 9.1 May 4, 2026 CRITICAL CVE-2026-42249 Ollama: path traversal + unsigned update = silent RCE 9.8 Apr 29, 2026 CRITICAL CVE-2026-42248 Ollama: silent auto-update bypasses signature check on Windows 9.8 Apr 29, 2026 LOW CVE-2026-7020 Ollama: path traversal in tensor model transfer handler 3.7 Apr 26, 2026 HIGH CVE-2025-66960 ollama: Input Validation flaw enables exploitation 7.5 Jan 21, 2026 HIGH CVE-2025-66959 ollama: Input Validation flaw enables exploitation 7.5 Jan 21, 2026 HIGH CVE-2025-15514 ollama: security flaw enables exploitation 7.5 Jan 12, 2026 CRITICAL CVE-2025-63389 ollama: Missing Auth allows unauthenticated access 9.8 Dec 18, 2025 MEDIUM CVE-2025-44779 Ollama: arbitrary file deletion via /api/pull 6.6 Aug 7, 2025 MEDIUM CVE-2025-51471 Ollama: auth token hijack via crafted WWW-Authenticate 6.9 Jul 22, 2025 UNKNOWN CVE-2025-1975 Ollama: DoS via malicious manifest in /api/pull -- May 16, 2025 HIGH CVE-2025-0317 Ollama: DoS via malicious GGUF model file upload 7.5 Mar 20, 2025 HIGH CVE-2025-0315 Ollama: GGUF model upload causes memory exhaustion DoS 7.5 Mar 20, 2025 HIGH CVE-2025-0312 Ollama: null pointer DoS via malicious GGUF model upload 7.5 Mar 20, 2025 HIGH CVE-2024-8063 ollama: divide-by-zero DoS via crafted GGUF model import 7.5 Mar 20, 2025 HIGH CVE-2024-12055 Ollama: DoS via malicious gguf model file upload 7.5 Mar 20, 2025 HIGH CVE-2024-39722 Ollama: path traversal exposes server filesystem 7.5 Oct 31, 2024 HIGH CVE-2024-39721 Ollama: DoS via /dev/random causes goroutine exhaustion 7.5 Oct 31, 2024 HIGH CVE-2024-39720 Ollama: OOB read in GGUF parser enables remote DoS 8.2 Oct 31, 2024 HIGH CVE-2024-39719 Ollama: file existence oracle via api/create errors 7.5 Oct 31, 2024 HIGH CVE-2024-45436 Ollama: ZIP path traversal exposes host filesystem 7.5 Aug 29, 2024

Showing 1–25 of 27

Frequently asked questions

What is Ollama?

Ollama is an AI/ML llm inference tracked by AI Threat Alert for security vulnerabilities in the pip ecosystem.

How many known vulnerabilities does Ollama have?

Ollama has 27 known CVEs, 6 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is Ollama distributed in?

Ollama is distributed via the pip ecosystem and categorized as llm inference.

Where does the Ollama vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of Ollama?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor Ollama in your stack

Get instant alerts when new vulnerabilities affect Ollama. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring