GHSA-9Q7V-8MR7-G23P OpenClaw: SSRF via Unguarded `fetch()` in Marketplace Plugin Download and Ollama Model Discovery

Summary SSRF via Unguarded fetch in Marketplace Plugin Download and Ollama Model Discovery Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Keep the shipped marketplace archive-fetch SSRF, but narrow out the Ollama half because it is operator-configured and...

OpenClaw: SSRF via Unguarded `fetch()` in Marketplace Plugin Download and Ollama Model Discovery

Summary SSRF via Unguarded fetch in Marketplace Plugin Download and Ollama Model Discovery Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Keep the shipped marketplace archive-fetch SSRF, but narrow out the Ollama half because it is operator-configured and...

CVE-2025-15514 Ollama Multi-Modal Model Image Processing NULL Pointer Dereference

Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded data represents valid...

CVE-2025-51471

A domain validation flaw has been discovered in Ollama. In instances where a user attempts to download a model, but where the server responds with an http 401 error code, Ollama follows the WWW-Authenticate header's realm URL without validating if it belongs to the same domain as the original...