Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged
Filter by:
With package: python312Packages.langchain-ollama

Found 1 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-5530
6.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 1 week, 1 day ago
Ollama Model Pull API download.go server-side request forgery

A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

Ollama
  • ==18.0
  • ==18.1

Matching in nixpkgs

pkgs.ollama-cuda

Get up and running with large language models locally, using CUDA for NVIDIA GPU acceleration

pkgs.ollama-rocm

Get up and running with large language models locally, using ROCm for AMD GPU acceleration

pkgs.ollama-vulkan

Get up and running with large language models locally, using Vulkan for generic GPU acceleration

pkgs.gnomeExtensions.ollama-indicator

An indicator that let you run models with Ollama.

  • nixos-unstable 8
    • nixpkgs-unstable 8
    • nixos-unstable-small 8
  • nixos-25.11 8
    • nixos-25.11-small 8
    • nixpkgs-25.11-darwin 8

Package maintainers