📦

ollama

Vendor: ollama

Actively Exploited 0 CISA KEV List

PoC / Exploits 7 Code Available

Total RCEs 0 Remote Access

Total CVEs 36 Total Indexed

Avg. EPSS 5.56% Exploit Prob.

Latest CVE CVE-2026-7482 May 04

Security Vulnerability Index

Page 3 / 4

7.5 CVSS

CVE-2024-45436

Exploit Found

extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.

EPSS: 2.58%

Severity: HIGH

Aug 29, 2024

8.8 CVSS

CVE-2024-37032

Exploit Found

Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring.

EPSS: 89.17%

Severity: HIGH

May 31, 2024

6.6 CVSS

CVE-2024-28224

Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion).

EPSS: 0.33%

Severity: MEDIUM

Apr 08, 2024

Displaying 3 of 36 Total Entries

1 2 3 4

Total 4 Sections