repository icon
ollama / ollama Project repository

Get up and running with Llama 3.2, Mistral, Gemma 2, and other large language models.

Submit a report

FIRST INTERACTION

WITHIN5 DAYS

REVIEW

WITHIN5 DAYS

FIX

WITHINN/A DAYS

SSRF via unvalidated Content-Location header in chunksums endpoint (client2 regi...
cerq99
duplicate
Medium
SSRF via Arbitrary Registry Host in Model Pull Allows Internal Network Access
l69d
duplicate
High
Blind SSRF via Content-Location Header in Registry Pull (chunksums flow)
syaixlabs-tech
duplicate
Medium
Ollama macOS Auto-Updater Zip Slip in verifyDownload() (CWE-22)
theluckystrike
duplicate
High
macOS updater ZIP slip allows arbitrary file write outside /Applications/Ollama....
s1ko
duplicate
High
SSRF via /api/pull with user-controlled registry host and insecure flag
jd-admrl-ai
duplicate
High
Unauthenticated SSRF-to-secret-exfil chain in /api/pull via attacker-controlled...
mirr2
self closed
Unauthenticated SSRF in /api/pull via attacker-controlled registry host
01data-ai
duplicate
High
SSRF via Unauthenticated /api/pull Endpoint — Attacker-Controlled URL in Model N...
sermikr0
duplicate
High
Unbounded Tensor Dimensions Allocation Causes OOM Crash
elromevedelelyon
duplicate
None
Non-Blind SSRF via Deprecated `insecure` Parameter in /api/pull — Full Response...
chw81
duplicate
High
No authentication on destructive API endpoints when bound to 0.0.0.0 allows unau...
snakeyworm
duplicate
Critical
DNS rebinding bypass via .internal/.local TLD in allowedHostsMiddleware allows u...
snakeyworm
duplicate
Critical
Path traversal via unvalidated digest in transfer download path enables arbitrar...
snakeyworm
self closed
Path traversal via unvalidated digest in transfer download path enables arbitrar...
snakeyworm
self closed
Path traversal via unvalidated digest in transfer download path enables arbitrar...
snakeyworm
self closed
Path traversal via unvalidated digest in transfer download path enables arbitrar...
snakeyworm
self closed
Multiple OOM/Panic DoS in GGUF Parser via Unbounded Memory Allocations
skillwager
duplicate
High
Multiple OOM/Panic DoS in GGUF Parser via Unbounded Allocations (gguf.go)
skillwager
duplicate
Medium
No authentication on destructive API endpoints when bound to 0.0.0.0 allows unau...
wormysnake
duplicate
Critical
DNS rebinding bypass via .internal/.local TLD in allowedHostsMiddleware allows u...
wormysnake
duplicate
Critical
Improper Input Validation on Safetensor leading to Remote DoS
river-li
self closed
GGUF Parser OOM via Unbounded String Allocation
river-li
duplicate
High
Unbounded memory allocation in GGUF parser crashes server via crafted model file
ayushparkara
duplicate
High
SSRF via /api/pull with user-controlled registry host — no IP validation
lihfdgjr
duplicate
Medium
Malformed WWW-Authenticate header causes unhandled panic (DoS) in /api/pull and...
flamki
duplicate
High
Improper GGUF File Validation Leads to Persistent DoS
jaquelinedops
duplicate
Critical
Remote DoS via String Length Overflow in Go GGUF Parser
flex0geek
duplicate
High
Remote DoS via Array Count Overflow in Go GGUF Parser
flex0geek
duplicate
High
Remote DoS via SIGFPE in GGUF C Parser (Division by Zero)
flex0geek
duplicate
High
Remote DoS via Unrecovered Goroutine Panic in `/api/create`
flex0geek
duplicate
High
DNS Rebinding Attack via Overly Permissive .local/.internal TLD Allowlist in all...
rohanmulay1
duplicate
High
DoS via integer overflow in readGGUFString (GGUF parser)
radikhoroshev
duplicate
High
Unvalidated Allocation Size in GGUF Parser Causes OOM Denial of Service
nhomyk
duplicate
High
Denial of Service via Unbounded Memory Allocation in GGUF String Parsing
twsky100
duplicate
High
DNS Rebinding Bypass of Host Validation Allows Cross-Origin API Access
twsky100
duplicate
High
DNS Rebinding bypasses allowedHostsMiddleware via .local/.internal TLD wildcard
eistee82
duplicate
High