pkg:PyPI/litellm

20 total CVEsCRITICAL3HIGH10MEDIUM4

✅ Check your installed version

All known vulnerabilities

CRITICAL9.8CVE-2026-42208⚠ KEVLiteLLM has SQL Injection in Proxy API key verification
>= 1.81.16, < 1.83.7
CRITICAL9.8CVE-2024-5751litellm vulnerable to remote code execution based on using eval unsafely
from 0, < 1.40.16
CRITICAL9.8CVE-2024-2952LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint
from 0, < 1.34.42
HIGH8.8CVE-2026-40217LiteLLM has a sandbox escape in custom-code guardrail
>= 1.81.8, < 1.83.10
HIGH8.8CVE-2026-42271LiteLLM: Authenticated command execution via MCP stdio test endpoints
>= 1.74.2, < 1.83.7
HIGH8.8CVE-2024-6825LiteLLM Vulnerable to Remote Code Execution (RCE)
>= 1.40.3.dev2, <= 1.40.12
HIGH8.1CVE-2025-0628LiteLLM Has an Improper Authorization Vulnerability
from 0, < 1.61.15
HIGH7.5CVE-2025-0330LiteLLM Has a Leakage of Langfuse API Keys
from 0, <= 1.52.1
HIGH7.5CVE-2024-9606LiteLLM Reveals Portion of API Key via a Logging File
from 0, < 1.44.12
HIGH7.5CVE-2024-8984LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request
from 0, < 1.56.2
HIGH7.5CVE-2024-10188LiteLLM Vulnerable to Denial of Service (DoS)
from 0, < 1.53.1.dev1
HIGH7.5CVE-2024-6587LiteLLM Server-Side Request Forgery (SSRF) vulnerability
from 0, < 1.44.8
HIGH7.2CVE-2024-4264litellm passes untrusted data to `eval` function without sanitization
from 0, <= 1.28.11
MEDIUM6.5CVE-2024-4888Arbitrary file deletion in litellm
from 0, < 1.35.36
MEDIUM6.4CVE-2024-5225SQL injection in litellm
from 0, < 1.40.0
MEDIUM5.3CVE-2024-5710litellm vulnerable to improper access control in team management
from 0, < 1.40.15
MEDIUM4.9CVE-2024-4890SQL injection in litellm
from 0, <= 1.27.14
—CVE-2026-42203LiteLLM: Server-Side Template Injection in /prompts/test endpoint
>= 1.80.5, < 1.83.7
—CVE-2026-35030LiteLLM: Authentication bypass via OIDC userinfo cache key collision
from 0, < 1.83.0
—CVE-2026-35029LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint
from 0, < 1.83.0