AI Threat Alert

Ollama Vulnerabilities

pip LLM Inference
84
Risk Score
26
Total CVEs
6
Critical
pip
Ecosystem
May 19, 2026
Last CVE
12%
Patch Rate
0d
Avg Time to Patch
171,560 stars 16,151 forks 3,268 issues 1,469 dependents Last push May 15, 2026
View on GitHub

Known Vulnerabilities (26 total, page 1 of 2)

Severity CVE ID Summary CVSS Published
CRITICAL CVE-2026-46339 9router: unauthenticated RCE exposes LLM API keys 10.0 May 19, 2026 MEDIUM CVE-2026-43979 local-deep-research: HTML injection enables SSRF via WeasyPrint 5.0 May 11, 2026 CRITICAL CVE-2026-44007 vm2: sandbox escape via nesting:true enables RCE 9.1 May 7, 2026 CRITICAL CVE-2026-7482 Ollama: heap OOB read leaks API keys and chat data 9.1 May 4, 2026 CRITICAL CVE-2026-42249 Ollama: path traversal + unsigned update = silent RCE 9.8 Apr 29, 2026 CRITICAL CVE-2026-42248 Ollama: silent auto-update bypasses signature check on Windows 9.8 Apr 29, 2026 LOW CVE-2026-7020 Ollama: path traversal in tensor model transfer handler 3.7 Apr 26, 2026 HIGH CVE-2025-66960 ollama: Input Validation flaw enables exploitation 7.5 Jan 21, 2026 HIGH CVE-2025-66959 ollama: Input Validation flaw enables exploitation 7.5 Jan 21, 2026 HIGH CVE-2025-15514 ollama: security flaw enables exploitation 7.5 Jan 12, 2026 CRITICAL CVE-2025-63389 ollama: Missing Auth allows unauthenticated access 9.8 Dec 18, 2025 MEDIUM CVE-2025-44779 Ollama: arbitrary file deletion via /api/pull 6.6 Aug 7, 2025 MEDIUM CVE-2025-51471 Ollama: auth token hijack via crafted WWW-Authenticate 6.9 Jul 22, 2025 UNKNOWN CVE-2025-1975 Ollama: DoS via malicious manifest in /api/pull -- May 16, 2025 HIGH CVE-2025-0317 Ollama: DoS via malicious GGUF model file upload 7.5 Mar 20, 2025 HIGH CVE-2025-0315 Ollama: GGUF model upload causes memory exhaustion DoS 7.5 Mar 20, 2025 HIGH CVE-2025-0312 Ollama: null pointer DoS via malicious GGUF model upload 7.5 Mar 20, 2025 HIGH CVE-2024-8063 ollama: divide-by-zero DoS via crafted GGUF model import 7.5 Mar 20, 2025 HIGH CVE-2024-12055 Ollama: DoS via malicious gguf model file upload 7.5 Mar 20, 2025 HIGH CVE-2024-39722 Ollama: path traversal exposes server filesystem 7.5 Oct 31, 2024 HIGH CVE-2024-39721 Ollama: DoS via /dev/random causes goroutine exhaustion 7.5 Oct 31, 2024 HIGH CVE-2024-39720 Ollama: OOB read in GGUF parser enables remote DoS 8.2 Oct 31, 2024 HIGH CVE-2024-39719 Ollama: file existence oracle via api/create errors 7.5 Oct 31, 2024 HIGH CVE-2024-45436 Ollama: ZIP path traversal exposes host filesystem 7.5 Aug 29, 2024 HIGH CVE-2024-37032 Ollama: path traversal enables RCE via model blob API 8.8 May 31, 2024

Showing 1–25 of 26

Next →

Monitor Ollama in your stack

Get instant alerts when new vulnerabilities affect Ollama. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring