ollama
Patched Data & ML
from
mirror.gcr.io/ollama/ollama
Pull Reference
ghcr.io/verity-org/ollama/ollama
docker pull ghcr.io/verity-org/ollama/ollama
Available Versions
0.24.0
latest
27 CVEs fixed
22 remaining
0.23.4 27 CVEs fixed
22 remaining
0.23.3 27 CVEs fixed
22 remaining
Copa-Patched Image
Patched in-place from the upstream image using Copa . OS-level vulnerabilities are fixed without rebuilding \u2014 same layers, same behavior, fewer CVEs.
Supply Chain
Full compliance details
Signed
SLSA L3
SBOM
Rekor
Verify this artifact
Cosign signature
cosign verify \ --certificate-identity-regexp "https://github.com/verity-org/verity/.github/workflows/" \ --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \ ghcr.io/verity-org/ollama/ollama:0.24.0
Build provenance
gh attestation verify \ oci://ghcr.io/verity-org/ollama/ollama:0.24.0 \ --owner verity-org
Vulnerability Scan
Found 49 vulnerabilit ies in the original image. 27 fixed by Copa. 22 remaining after patching.
12HIGH29MEDIUM8LOW
Awaiting upstream fix
No fix is available yet for these vulnerabilities.
| ID | Package | Installed | Fixed | Severity |
|---|---|---|---|---|
| CVE-2026-27456 | bsdutils | 1:2.39.3-9ubuntu6.5 | MEDIUM | |
| CVE-2026-27456 | libblkid1 | 2.39.3-9ubuntu6.5 | MEDIUM | |
| CVE-2026-4046 | libc-bin | 2.39-0ubuntu8.7 | MEDIUM | |
| CVE-2026-4437 | libc-bin | 2.39-0ubuntu8.7 | MEDIUM | |
| CVE-2026-4438 | libc-bin | 2.39-0ubuntu8.7 | MEDIUM | |
| CVE-2026-4046 | libc6 | 2.39-0ubuntu8.7 | MEDIUM | |
| CVE-2026-4437 | libc6 | 2.39-0ubuntu8.7 | MEDIUM | |
| CVE-2026-4438 | libc6 | 2.39-0ubuntu8.7 | MEDIUM | |
| CVE-2025-66382 | libexpat1 | 2.6.1-2ubuntu0.4 | MEDIUM | |
| CVE-2026-27456 | libmount1 | 2.39.3-9ubuntu6.5 | MEDIUM | |
| CVE-2026-27456 | libsmartcols1 | 2.39.3-9ubuntu6.5 | MEDIUM | |
| CVE-2026-27456 | libuuid1 | 2.39.3-9ubuntu6.5 | MEDIUM | |
| CVE-2026-27456 | mount | 2.39.3-9ubuntu6.5 | MEDIUM | |
| CVE-2025-45582 | tar | 1.35+dfsg-3build1 | MEDIUM | |
| CVE-2026-5704 | tar | 1.35+dfsg-3build1 | MEDIUM | |
| CVE-2026-27456 | util-linux | 2.39.3-9ubuntu6.5 | MEDIUM | |
| CVE-2025-1352 | libelf1t64 | 0.190-1.1ubuntu0.1 | LOW | |
| CVE-2025-1376 | libelf1t64 | 0.190-1.1ubuntu0.1 | LOW | |
| CVE-2024-2236 | libgcrypt20 | 1.10.3-2build1 | LOW | |
| CVE-2025-5222 | libicu74 | 74.2-1ubuntu3.1 | LOW | |
| CVE-2024-56433 | login | 1:4.13+dfsg1-4ubuntu3.2 | LOW | |
| CVE-2024-56433 | passwd | 1:4.13+dfsg1-4ubuntu3.2 | LOW |
Source
Copa (in-place patch)
Platforms
linux/amd64, linux/arm64
Registry
ghcr.io/verity-org
Upstream
mirror.gcr.io/ollama/ollama
Version
0.24.0