Litellm
This hub aggregates every CVE we track for Litellm, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
20
CVEs tracked
4
Critical
13
High
2
In CISA KEV
Severity distribution
HIGH13CRITICAL4MEDIUM2LOW1
Monthly trend
0
1
0
0
0
0
0
6
0
0
0
1
0
0
1
0
0
0
0
0
1
5
1
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Litellm.
- CVE-2026-49468LiteLLM: Authentication Bypass via Host Header Injection9.8
- CVE-2026-47102LiteLLM < 1.83.10 Privilege Escalation via User Update8.8
- CVE-2026-47101LiteLLM < 1.83.14 Privilege Escalation via API Key Generation8.8
- CVE-2026-42208LiteLLM: SQL injection in Proxy API key verificationKEV9.8
- CVE-2026-42203LiteLLM: Server-Side Template Injection in /prompts/test endpoint8.8
- CVE-2026-42271LiteLLM: Authenticated command execution via MCP stdio test endpointsKEV8.8
- CVE-2026-40217LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI.8.8
- CVE-2025-11203LiteLLM Information health API_KEY Information Disclosure Vulnerability3.5
- CVE-2025-45809SQL Injection vulnerability in BerriAI LiteLLM before 1.81.0 allows attackers to execute arbitrary commands via the key parameter to the "/key/block" and "/key/unblock" API endpoints.5.4
- CVE-2024-6825Remote Code Execution in BerriAI/litellm8.8
- CVE-2024-10188Denial of Service in BerriAI/litellm7.5
- CVE-2025-0628Improper Authorization in BerriAI/litellm8.1
- CVE-2025-0330Exposure of Sensitive Information in berriai/litellm7.5
- CVE-2024-9606Improper Output Neutralization for Logs in berriai/litellm7.5
- CVE-2024-8984Denial of Service (DoS) in berriai/litellm7.5
Product normalization is registry-driven with AI assist and human review. How it works