repository icon
ollama / ollama Project repository

Get up and running with Llama 3.2, Mistral, Gemma 2, and other large language models.

Submit a report

FIRST INTERACTION

WITHIN4 DAYS

REVIEW

WITHIN4 DAYS

FIX

WITHINN/A DAYS

Unauthenticated API Exposure via Insecure Default Binding (0.0.0.0) Leading to R...
nxew
self closed
test - extra text (debug)
kpanuragh
self closed
test - description-only readme (debug)
kpanuragh
self closed
test - ignore (debug)
kpanuragh
self closed
test submission - please ignore
kpanuragh
self closed
Ollama: Unauthenticated SSRF via registry Bearer realm redirect
ssjcorpsec
self closed
Heap Out-of-Bounds Read in GGUF Model Loader - CVE-2026-7482
clawdbartell-wq
duplicate
None
Ollama /api/create Info type confusion crashes daemon
sravan27
duplicate
None
Test
wowlegend
self closed
Unauthenticated Denial of Service via Unbounded Allocation in GGUF Parser (/api/...
linziyuu
self closed
Denial of Service via Unbounded Memory Allocation in GGUF String Parsing
surrealgrain
self closed
Unauthenticated /api/create goroutine panic DoS via unchecked Info type assertio...
mirr2
duplicate
High
SSRF via unvalidated Content-Location header in chunksums endpoint (client2 regi...
cerq99
duplicate
Medium
SSRF via Arbitrary Registry Host in Model Pull Allows Internal Network Access
l69d
duplicate
High
Blind SSRF via Content-Location Header in Registry Pull (chunksums flow)
syaixlabs
duplicate
Medium
Ollama macOS Auto-Updater Zip Slip in verifyDownload() (CWE-22)
theluckystrike
duplicate
High
macOS updater ZIP slip allows arbitrary file write outside /Applications/Ollama....
s1ko
duplicate
High
SSRF via /api/pull with user-controlled registry host and insecure flag
jd-admrl-ai
duplicate
High
Unauthenticated SSRF-to-secret-exfil chain in /api/pull via attacker-controlled...
mirr2
self closed
Unauthenticated SSRF in /api/pull via attacker-controlled registry host
01data-ai
duplicate
High
SSRF via Unauthenticated /api/pull Endpoint — Attacker-Controlled URL in Model N...
sermikr0
duplicate
High
Unbounded Tensor Dimensions Allocation Causes OOM Crash
elromevedelelyon
duplicate
None
Non-Blind SSRF via Deprecated `insecure` Parameter in /api/pull — Full Response...
chw81
duplicate
High
No authentication on destructive API endpoints when bound to 0.0.0.0 allows unau...
snakeyworm
duplicate
Critical
DNS rebinding bypass via .internal/.local TLD in allowedHostsMiddleware allows u...
snakeyworm
duplicate
Critical
Path traversal via unvalidated digest in transfer download path enables arbitrar...
snakeyworm
self closed
Path traversal via unvalidated digest in transfer download path enables arbitrar...
snakeyworm
self closed
Path traversal via unvalidated digest in transfer download path enables arbitrar...
snakeyworm
self closed
Path traversal via unvalidated digest in transfer download path enables arbitrar...
snakeyworm
self closed
Multiple OOM/Panic DoS in GGUF Parser via Unbounded Memory Allocations
skillwager
duplicate
High
`POST /api/create` allows unauthenticated panic-based denial of service via `inf...
m0nd0r
duplicate
Medium
Multiple OOM/Panic DoS in GGUF Parser via Unbounded Allocations (gguf.go)
skillwager
duplicate
Medium
No authentication on destructive API endpoints when bound to 0.0.0.0 allows unau...
wormysnake
duplicate
Critical
DNS rebinding bypass via .internal/.local TLD in allowedHostsMiddleware allows u...
wormysnake
duplicate
Critical
Improper Input Validation on Safetensor leading to Remote DoS
river-li
self closed
GGUF Parser OOM via Unbounded String Allocation
river-li
duplicate
High
huntr: ollama/ollama