Package impact

PyPI / litellm

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2026-42208	critical	9.8	10.0	20d ago	LiteLLM has SQL Injection in Proxy API key verification
CVE-2026-42271	high	8.8	8.8	20d ago	LiteLLM: Authenticated command execution via MCP stdio test endpoints
CVE-2026-42203	high	8.8	8.8	20d ago	LiteLLM: Server-Side Template Injection in /prompts/test endpoint
CVE-2026-40217	high	8.8	8.8	2mo ago	LiteLLM has a sandbox escape in custom-code guardrail
CVE-2026-35029	high	8.8	8.8	2mo ago	LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint
CVE-2026-35030	unknown	—	—	2mo ago	LiteLLM: Authentication bypass via OIDC userinfo cache key collision
CVE-2025-0330	unknown	—	—	1y ago	LiteLLM Has a Leakage of Langfuse API Keys
CVE-2025-0628	unknown	—	—	1y ago	LiteLLM Has an Improper Authorization Vulnerability
CVE-2024-9606	unknown	—	—	1y ago	LiteLLM Reveals Portion of API Key via a Logging File
CVE-2024-8984	unknown	—	—	1y ago	LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request
CVE-2024-6825	unknown	—	—	1y ago	LiteLLM Vulnerable to Remote Code Execution (RCE)
CVE-2024-10188	unknown	—	—	1y ago	LiteLLM Vulnerable to Denial of Service (DoS)
CVE-2024-6587	unknown	—	—	2y ago	LiteLLM Server-Side Request Forgery (SSRF) vulnerability
CVE-2024-5751	unknown	—	—	2y ago	litellm vulnerable to remote code execution based on using eval unsafely
CVE-2024-5710	unknown	—	—	2y ago	litellm vulnerable to improper access control in team management
CVE-2024-5225	unknown	—	—	2y ago	SQL injection in litellm
CVE-2024-4890	unknown	—	—	2y ago	SQL injection in litellm
CVE-2024-4888	unknown	—	—	2y ago	Arbitrary file deletion in litellm
CVE-2024-4264	unknown	—	—	2y ago	litellm passes untrusted data to `eval` function without sanitization
CVE-2024-2952	unknown	—	—	2y ago	LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint