AI Threat Alert
Ollama
19 AI/ML vulnerabilities tracked for Ollama.
19
Total CVEs
1
Pages
Page 1 of 1
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2024-28224 | Ollama: DNS rebinding exposes LLM API to remote access | ollama | 6.6 |
| HIGH | CVE-2024-37032 | Ollama: path traversal enables RCE via model blob API | ollama | 8.8 |
| HIGH | CVE-2024-45436 | Ollama: ZIP path traversal exposes host filesystem | ollama | 7.5 |
| HIGH | CVE-2024-39719 | Ollama: file existence oracle via api/create errors | ollama | 7.5 |
| HIGH | CVE-2024-39720 | Ollama: OOB read in GGUF parser enables remote DoS | ollama | 8.2 |
| HIGH | CVE-2024-39721 | Ollama: DoS via /dev/random causes goroutine exhaustion | ollama | 7.5 |
| HIGH | CVE-2024-39722 | Ollama: path traversal exposes server filesystem | ollama | 7.5 |
| HIGH | CVE-2024-12055 | Ollama: DoS via malicious gguf model file upload | ollama | 7.5 |
| HIGH | CVE-2024-8063 | ollama: divide-by-zero DoS via crafted GGUF model import | ollama | 7.5 |
| HIGH | CVE-2025-0312 | Ollama: null pointer DoS via malicious GGUF model upload | ollama | 7.5 |
| HIGH | CVE-2025-0315 | Ollama: GGUF model upload causes memory exhaustion DoS | ollama | 7.5 |
| HIGH | CVE-2025-0317 | Ollama: DoS via malicious GGUF model file upload | ollama | 7.5 |
| UNKNOWN | CVE-2025-1975 | Ollama: DoS via malicious manifest in /api/pull | ollama | - |
| MEDIUM | CVE-2025-51471 | Ollama: auth token hijack via crafted WWW-Authenticate | ollama | 6.9 |
| MEDIUM | CVE-2025-44779 | Ollama: arbitrary file deletion via /api/pull | ollama | 6.6 |
| CRITICAL | CVE-2025-63389 | ollama: Missing Auth allows unauthenticated access | ollama | 9.8 |
| HIGH | CVE-2025-15514 | ollama: security flaw enables exploitation | ollama | 7.5 |
| HIGH | CVE-2025-66959 | ollama: Input Validation flaw enables exploitation | ollama | 7.5 |
| HIGH | CVE-2025-66960 | ollama: Input Validation flaw enables exploitation | ollama | 7.5 |