litellm vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-49468Criticallitellm: LiteLLM: Authentication Bypass via Host Header InjectionCVE-2026-47102Highlitellm: LiteLLM allows a user to modify their own user_role via the /user/update endpointCVE-2026-47101Highlitellm: LiteLLM allows an authenticated internal_user to create API keys with access to routes that their…CVE-2026-40217Highlitellm: LiteLLM has a sandbox escape in custom-code guardrailCVE-2026-42271Highlitellm: LiteLLM: Authenticated command execution via MCP stdio test endpointsCVE-2026-42208Criticallitellm: LiteLLM has SQL Injection in Proxy API key verificationCVE-2026-42203Highlitellm: LiteLLM: Server-Side Template Injection in /prompts/test endpointGHSA-69X8-HRGQ-FJJ8Highlitellm: LiteLLM: Password hash exposure and pass-the-hash authentication bypassCVE-2026-35030Criticallitellm: LiteLLM: Authentication bypass via OIDC userinfo cache key collisionCVE-2026-35029Highlitellm: LiteLLM: Privilege escalation via unrestricted proxy configuration endpointGHSA-5MG7-485Q-XM76Criticallitellm: Two LiteLLM versions published containing credential harvesting malwareCVE-2025-0330Highlitellm: LiteLLM Has a Leakage of Langfuse API KeysCVE-2025-0628Highlitellm: LiteLLM Has an Improper Authorization VulnerabilityCVE-2024-9606Highlitellm: LiteLLM Reveals Portion of API Key via a Logging FileCVE-2024-8984Highlitellm: LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP RequestCVE-2024-6825Highlitellm: LiteLLM Vulnerable to Remote Code Execution (RCE)CVE-2024-10188Highlitellm: LiteLLM Vulnerable to Denial of Service (DoS)CVE-2024-6587Highlitellm: LiteLLM Server-Side Request Forgery (SSRF) vulnerabilityCVE-2024-5710Mediumlitellm: litellm vulnerable to improper access control in team managementCVE-2024-5751Criticallitellm: litellm vulnerable to remote code execution based on using eval unsafelyCVE-2024-5225Mediumlitellm: SQL injection in litellmCVE-2024-4890Mediumlitellm: SQL injection in litellmCVE-2024-4888Highlitellm: Arbitrary file deletion in litellmCVE-2024-4264Highlitellm: litellm passes untrusted data to `eval` function without sanitizationCVE-2024-2952Criticallitellm: LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint

Stop the waste.
Protect your environment with Kodem.