micasa/osv-scanner.toml at main · cpcloud/micasa · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# Copyright 2026 Phillip Cloud
# Licensed under the Apache License, Version 2.0

# ollama server-side vulnerabilities: micasa is a client that makes HTTP
# requests to an Ollama server; it does not embed, host, or run the Ollama
# server, GGUF parser, or model-serving endpoints. These code paths are
# unreachable from micasa.

[[IgnoredVulns]]
id = "GO-2025-3548"
reason = "ollama server DoS via crafted GZIP; micasa is an HTTP client, not a server"

[[IgnoredVulns]]
id = "GO-2025-3557"
reason = "ollama server resource exhaustion; micasa is an HTTP client, not a server"

[[IgnoredVulns]]
id = "GO-2025-3558"
reason = "ollama server OOB read in GGUF parsing; micasa never parses GGUF files"

[[IgnoredVulns]]
id = "GO-2025-3559"
reason = "ollama server divide-by-zero in GGUF parsing; micasa never parses GGUF files"

[[IgnoredVulns]]
id = "GO-2025-3582"
reason = "ollama server nil-pointer DoS; micasa is an HTTP client, not a server"

[[IgnoredVulns]]
id = "GO-2025-3689"
reason = "ollama server divide-by-zero; micasa is an HTTP client, not a server"

[[IgnoredVulns]]
id = "GO-2025-3695"
reason = "ollama server DoS; micasa is an HTTP client, not a server"

[[IgnoredVulns]]
id = "GO-2025-3824"
reason = "ollama server cross-domain token exposure; micasa is an HTTP client, not a server"

[[IgnoredVulns]]
id = "GO-2025-4251"
reason = "ollama server missing auth; micasa is an HTTP client, not a server"