MEDIUM 6.5 PyPI
GHSA-3xr8-qfvj-9p9j · CVE-2024-4888 Arbitrary file deletion in litellm
Modified: 11/4/2024
package
PyPI / litellm
pkg:pypi/litellm
CRITICAL 9.8 PyPI
GHSA-46cm-pfwv-cgf8 · CVE-2024-2952 LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint
Modified: 4/11/2024
CRITICAL PyPI
GHSA-4xpc-pv4p-pm3w · CVE-2026-49468 LiteLLM: Authentication Bypass via Host Header Injection
Modified: 6/16/2026
HIGH 8.8 PyPI
GHSA-53gh-p8jc-7rg8 · CVE-2024-6825 LiteLLM Vulnerable to Remote Code Execution (RCE)
Modified: 10/16/2025
HIGH PyPI
GHSA-53mr-6c8q-9789 · CVE-2026-35029 LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint
Modified: 5/6/2026
CRITICAL PyPI
GHSA-5mg7-485q-xm76 Two LiteLLM versions published containing credential harvesting malware
Modified: 3/27/2026
HIGH PyPI
GHSA-69x8-hrgq-fjj8 LiteLLM: Password hash exposure and pass-the-hash authentication bypass
Modified: 4/17/2026
HIGH 7.2 PyPI
GHSA-7ggm-4rjg-594w · CVE-2024-4264 litellm passes untrusted data to `eval` function without sanitization
Modified: 5/20/2024
HIGH 7.5 PyPI
GHSA-879v-fggm-vxw2 · CVE-2025-0330 LiteLLM Has a Leakage of Langfuse API Keys
Modified: 3/20/2025
MEDIUM 4.9 PyPI
GHSA-8j42-pcfm-3467 · CVE-2024-4890 SQL injection in litellm
Modified: 6/6/2024
HIGH 7.5 PyPI
GHSA-fh2c-86xm-pm2x · CVE-2024-8984 LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request
Modified: 10/15/2025
HIGH 8.1 PyPI
GHSA-fjcf-3j3r-78rp · CVE-2025-0628 LiteLLM Has an Improper Authorization Vulnerability
Modified: 10/16/2025
HIGH 7.5 PyPI
GHSA-g26j-5385-hhw3 · CVE-2024-6587 LiteLLM Server-Side Request Forgery (SSRF) vulnerability
Modified: 9/13/2024
HIGH 7.5 PyPI
GHSA-g5pg-73fc-hjwq · CVE-2024-9606 LiteLLM Reveals Portion of API Key via a Logging File
Modified: 3/20/2025
CRITICAL 9.8 PyPI
GHSA-gppg-gqw8-wh9g · CVE-2024-5751 litellm vulnerable to remote code execution based on using eval unsafely
Modified: 6/28/2024
HIGH 7.5 PyPI
GHSA-gw2q-qw9j-rgv7 · CVE-2024-10188 LiteLLM Vulnerable to Denial of Service (DoS)
Modified: 3/20/2025
MEDIUM 6.4 PyPI
GHSA-h6m6-jj8v-94jj · CVE-2024-5225 SQL injection in litellm
Modified: 6/6/2024
CRITICAL PyPI
GHSA-jjhc-v7c2-5hh6 · CVE-2026-35030 LiteLLM: Authentication bypass via OIDC userinfo cache key collision
Modified: 4/8/2026
MEDIUM 5.3 PyPI
GHSA-qqcv-vg9f-5rr3 · CVE-2024-5710 litellm vulnerable to improper access control in team management
Modified: 10/15/2025
CRITICAL 9.8 PyPI
GHSA-r75f-5x8p-qvmc · CVE-2026-42208 LiteLLM has SQL Injection in Proxy API key verification
Modified: 5/12/2026
HIGH 8.8 PyPI
GHSA-v4p8-mg3p-g94g · CVE-2026-42271 LiteLLM: Authenticated command execution via MCP stdio test endpoints
Modified: 6/9/2026
HIGH 8.8 PyPI
GHSA-wxxx-gvqv-xp7p · CVE-2026-40217 LiteLLM has a sandbox escape in custom-code guardrail
Modified: 5/11/2026
HIGH PyPI
GHSA-xqmj-j6mv-4862 · CVE-2026-42203 LiteLLM: Server-Side Template Injection in /prompts/test endpoint
Modified: 5/12/2026
— PyPI
MAL-2026-2144 · PYSEC-2026-2 Malicious code in litellm (PyPI)
Modified: 3/26/2026
— PyPI
PYSEC-2026-2 · MAL-2026-2144 Two litellm versions published containing credential harvesting malware
Modified: 3/25/2026