Bounties
Partners
Community
Info
ollama / ollama
Project repository
Get up and running with Llama 3.2, Mistral, Gemma 2, and other large language models.
Submit a report
FIRST INTERACTION
WITHIN
N/A DAYS
REVIEW
WITHIN
25 DAYS
FIX
WITHIN
90 DAYS
Multiple unauthorized APIs can cause DOS/impact users
May 31st 2025
nlrvana
•
pending
Ollama Remote Code Execution
May 28th 2025
h4mster1
•
pending
DoS using malicious gguf model file in ollama/ollama
Feb 25th 2025
mountain-8
•
duplicate
High
Missing size check of "n" in parseSafetensors Leads to DoS Vulnerability
May 18th 2025
danisjiang
•
duplicate
High
A malicious manifests can lead to DoS due to unchecked array bound access via ne...
May 16th 2025
ac0d3r
•
High
•
$750
High
•
$750
•
CVE-2025-1975
CVE-2025-1975
Ollama server can be crashed by a malicious gguf file
Feb 14th 2025
superoptimizer
•
duplicate
High
Missing Length Check in readGGUFString Leads to OOM and DoS Vulnerability
Feb 13th 2025
danisjiang
•
duplicate
High
GGUF Heap Overflow (slice bounds out of range) Exploit Causing DoS
Feb 11th 2025
soloplayer140
•
duplicate
High
The malicious gguf model can lead to DoS due to alloc negative size slice (integ...
Feb 8th 2025
pcy190
•
duplicate
High
The malicious gguf model can lead to DoS due to unchecked buffer access (truncat...
Feb 8th 2025
pcy190
•
duplicate
High
Out-of-range slice allocation leading to DoS
May 4th 2025
pventuzelo
•
pending
Index Out of Range Leading to DoS
May 4th 2025
pventuzelo
•
pending
Integer overflow leading to DoS
Feb 11th 2025
pventuzelo
•
duplicate
High
Out-of-Range Length Allocation Leading to DoS
May 1st 2025
pventuzelo
•
duplicate
High
DOS: Uncaught Exception due to null pointer dereference
Jan 26th 2025
michealkeines
•
duplicate
High
DOS: Path Traversal leading to Arbirtary Dir creation
Apr 26th 2025
michealkeines
•
pending
Denial of Service via cache mechanism
Apr 24th 2025
pventuzelo
•
pending
Information Disclosure via Error Message
Apr 22nd 2025
michealkeines
•
pending
Ollama server authentication flow is vulnerable to token stealing
Mar 24th 2025
pventuzelo
•
pending
SSRF via model pull
Mar 10th 2025
trganda
•
pending
Crash due to invalid UTF-8 characters during prompt tokenisation in Ollama/ollam...
Feb 20th 2025
junan1234
•
pending
NPE leading to DoS
Feb 5th 2025
0gur1
•
duplicate
High
A malicious gguf model can lead to DoS due to unchecked null pointer dereference...
Feb 4th 2025
lyutoon
•
High
•
$750
High
•
$750
•
CVE-2025-0312
CVE-2025-0312
A malicious gguf model can lead to DoS due to unchecked array bound access via n...
Feb 4th 2025
lyutoon
•
High
•
$750
High
•
$750
•
CVE-2025-0313
CVE-2025-0313
malicious gguf model can cause DoS by allocate unlimited memory via network acce...
Feb 4th 2025
lyutoon
•
High
•
$750
High
•
$750
•
CVE-2025-0315
CVE-2025-0315
malicious gguf model can be uploaded and created causing division by zero via ne...
Feb 4th 2025
lyutoon
•
High
•
$750
High
•
$750
•
CVE-2025-0317
CVE-2025-0317
DoS using malicious gguf model file
Feb 4th 2025
lyutoon
•
High
•
$750
High
•
$750
•
CVE-2024-12055
CVE-2024-12055
Ollama server is vulnerable to OOM DoS attacks when using `makeRequestWithRetry`...
Jan 29th 2025
pventuzelo
•
High
•
$750
High
•
$750
•
CVE-2024-12886
CVE-2024-12886
Insecure Deserialization of Untrusted JSON Data in Ollama API Allows Arbitrary C...
Dec 18th 2024
r4335
•
not applicable
NPE leading to DoS
Oct 12th 2024
0gur1
•
self closed
Unauthorized use of the Ollama API
Sep 20th 2024
aftersnows
•
self closed
The /api/copy route allows unlimited replication of model instances leading to i...
Sep 18th 2024
aftersnows
•
informative
Medium
Divide by zero leading to DoS
Nov 3rd 2024
0gur1
•
High
•
$750
High
•
$750
•
CVE-2024-8063
CVE-2024-8063
Remote code execution via zipslip
Oct 5th 2024
pyozzi-toss
•
Critical
•
$1500
Critical
•
$1500
•
CVE-2024-7773
CVE-2024-7773
CRITICAL
$1500
HIGH
$750
MEDIUM
$125
LOW
$20
