ollama CVE Vulnerabilities & Metrics

Focus on ollama vulnerabilities and metrics.

Last updated: 16 Apr 2025, 22:25 UTC

About ollama Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with ollama. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total ollama CVEs: 5
Earliest CVE date: 20 Mar 2025, 10:15 UTC
Latest CVE date: 20 Mar 2025, 10:15 UTC

Latest CVE reference: CVE-2025-0317

Rolling Stats

30-day Count (Rolling): 5
365-day Count (Rolling): 5

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical ollama CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	5
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS ollama CVEs

These are the five CVEs with the highest CVSS scores for ollama, sorted by severity first and recency.

CVE-2025-0317 ollama Published on 20 Mar 2025, 10:15 UTC (CVSS: 0)
A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to upload and create a customized GGUF model file on the Ollama server. This can lead to a division by zero error in the ggufPadding function, causing the server to crash and resulting in a Denial of Service (DoS) attack.
CVE-2025-0315 ollama Published on 20 Mar 2025, 10:15 UTC (CVSS: 0)
A vulnerability in ollama/ollama <=0.3.14 allows a malicious user to create a customized GGUF model file, upload it to the Ollama server, and create it. This can cause the server to allocate unlimited memory, leading to a Denial of Service (DoS) attack.
CVE-2025-0313 ollama Published on 20 Mar 2025, 10:15 UTC (CVSS: 0)
A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a GGUF model that can cause a denial of service (DoS) attack. The vulnerability is due to improper validation of array index bounds in the GGUF model handling code, which can be exploited via a remote network.
CVE-2025-0312 ollama Published on 20 Mar 2025, 10:15 UTC (CVSS: 0)
A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an unchecked null pointer dereference. This can lead to a Denial of Service (DoS) attack via remote network.
CVE-2024-7773 ollama Published on 20 Mar 2025, 10:15 UTC (CVSS: 0)
A vulnerability in ollama/ollama version 0.1.37 allows for remote code execution (RCE) due to improper input validation in the handling of zip files. The vulnerability, known as ZipSlip, occurs in the parseFromZipFile function in server/model.go. The code does not check for directory traversal sequences (../) in file names within the zip archive, allowing an attacker to write arbitrary files to...

All CVEs for ollama

CVE-2025-0317 ollama vulnerability CVSS: 0 20 Mar 2025, 10:15 UTC

A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to upload and create a customized GGUF model file on the Ollama server. This can lead to a division by zero error in the ggufPadding function, causing the server to crash and resulting in a Denial of Service (DoS) attack.

CVE-2025-0315 ollama vulnerability CVSS: 0 20 Mar 2025, 10:15 UTC

A vulnerability in ollama/ollama <=0.3.14 allows a malicious user to create a customized GGUF model file, upload it to the Ollama server, and create it. This can cause the server to allocate unlimited memory, leading to a Denial of Service (DoS) attack.

CVE-2025-0313 ollama vulnerability CVSS: 0 20 Mar 2025, 10:15 UTC

A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a GGUF model that can cause a denial of service (DoS) attack. The vulnerability is due to improper validation of array index bounds in the GGUF model handling code, which can be exploited via a remote network.

CVE-2025-0312 ollama vulnerability CVSS: 0 20 Mar 2025, 10:15 UTC

A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an unchecked null pointer dereference. This can lead to a Denial of Service (DoS) attack via remote network.

CVE-2024-7773 ollama vulnerability CVSS: 0 20 Mar 2025, 10:15 UTC

A vulnerability in ollama/ollama version 0.1.37 allows for remote code execution (RCE) due to improper input validation in the handling of zip files. The vulnerability, known as ZipSlip, occurs in the parseFromZipFile function in server/model.go. The code does not check for directory traversal sequences (../) in file names within the zip archive, allowing an attacker to write arbitrary files to the file system. This can be exploited to create files such as /etc/ld.so.preload and a malicious shared library, leading to RCE.