pkg:PyPI/litellm

所有已知漏洞

• CRITICAL9.8CVE-2026-42208⚠ KEVLiteLLM has SQL Injection in Proxy API key verification
  >= 1.81.16, < 1.83.7
• CRITICAL9.8CVE-2024-5751litellm vulnerable to remote code execution based on using eval unsafely
  from 0, < 1.40.16
• CRITICAL9.8CVE-2024-2952LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint
  from 0, < 1.34.42
• HIGH8.8CVE-2026-40217LiteLLM has a sandbox escape in custom-code guardrail
  >= 1.81.8, < 1.83.10
• HIGH8.8CVE-2026-42271LiteLLM: Authenticated command execution via MCP stdio test endpoints
  >= 1.74.2, < 1.83.7
• HIGH8.8CVE-2024-6825LiteLLM Vulnerable to Remote Code Execution (RCE)
  >= 1.40.3.dev2, <= 1.40.12
• HIGH8.1CVE-2025-0628LiteLLM Has an Improper Authorization Vulnerability
  from 0, < 1.61.15
• HIGH7.5CVE-2025-0330LiteLLM Has a Leakage of Langfuse API Keys
  from 0, <= 1.52.1
• HIGH7.5CVE-2024-9606LiteLLM Reveals Portion of API Key via a Logging File
  from 0, < 1.44.12
• HIGH7.5CVE-2024-8984LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request
  from 0, < 1.56.2
• HIGH7.5CVE-2024-10188LiteLLM Vulnerable to Denial of Service (DoS)
  from 0, < 1.53.1.dev1
• HIGH7.5CVE-2024-6587LiteLLM Server-Side Request Forgery (SSRF) vulnerability
  from 0, < 1.44.8
• HIGH7.2CVE-2024-4264litellm passes untrusted data to `eval` function without sanitization
  from 0, <= 1.28.11
• MEDIUM6.5CVE-2024-4888Arbitrary file deletion in litellm
  from 0, < 1.35.36
• MEDIUM6.4CVE-2024-5225SQL injection in litellm
  from 0, < 1.40.0
• MEDIUM5.3CVE-2024-5710litellm vulnerable to improper access control in team management
  from 0, < 1.40.15
• MEDIUM4.9CVE-2024-4890SQL injection in litellm
  from 0, <= 1.27.14
• —CVE-2026-42203LiteLLM: Server-Side Template Injection in /prompts/test endpoint
  >= 1.80.5, < 1.83.7
• —CVE-2026-35030LiteLLM: Authentication bypass via OIDC userinfo cache key collision
  from 0, < 1.83.0
• —CVE-2026-35029LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint
  from 0, < 1.83.0