Is ollama safe to use?

ollama has 4 known vulnerabilities on the latest version (0.6.2). DepScope rates its health at 60/100 (moderate risk).

What is the latest version of ollama?

The latest version of ollama is 0.6.2, released 2026-04-29.

Yes. ollama has 4 known vulnerabilities. See depscope.dev/pkg/pypi/ollama for details.

No, ollama is actively maintained. Latest release: 0.6.2 (2026-04-29).

Popular alternatives to ollama in PyPI include: boto3, packaging, idna, certifi, urllib3.

pypiv0.6.2

The official Python client for Ollama.

License MITpermissive35 versions2 deps3,920,748 weekly dl

/ 100

Health

update required

[email protected] has vulnerabilities — update to latest

Health breakdown0 – 100

20/25

maintenance

17/20

popularity

11/25

security

12/15

maturity

0/15

community

0/15

popularity_floor

Vulnerabilities

2 high2 medium

Advisories (4)

Severity	ID	Summary	Fixed in
medium	CVE-2025-44779	An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull.	—
medium	CVE-2025-51471	Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint.	—
high	CVE-2025-66959	An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder	—
high	CVE-2025-66960	An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata	—

Quality signals

Publish security

API token

Dependencies (2)

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/pypi/ollama