| CVE-2026-42208 |
critical |
9.8 |
10.0 |
|
|
|
27d ago |
BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorized access to the proxy and the cr… |
| CVE-2026-42271 |
high |
8.8 |
8.8 |
|
|
|
27d ago |
LiteLLM: Authenticated command execution via MCP stdio test endpoints |
| CVE-2026-42203 |
high |
8.8 |
8.8 |
|
|
|
27d ago |
LiteLLM: Server-Side Template Injection in /prompts/test endpoint |
| CVE-2026-40217 |
high |
8.8 |
8.8 |
|
|
|
2mo ago |
LiteLLM has a sandbox escape in custom-code guardrail |
| CVE-2026-35029 |
high |
8.8 |
8.8 |
|
|
|
2mo ago |
LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint |
| CVE-2026-35030 |
unknown |
— |
— |
|
|
|
2mo ago |
LiteLLM: Authentication bypass via OIDC userinfo cache key collision |
| CVE-2025-0330 |
unknown |
— |
— |
|
|
|
1y ago |
LiteLLM Has a Leakage of Langfuse API Keys |
| CVE-2025-0628 |
unknown |
— |
— |
|
|
|
1y ago |
LiteLLM Has an Improper Authorization Vulnerability |
| CVE-2024-9606 |
unknown |
— |
— |
|
|
|
1y ago |
LiteLLM Reveals Portion of API Key via a Logging File |
| CVE-2024-8984 |
unknown |
— |
— |
|
|
|
1y ago |
LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request |
| CVE-2024-6825 |
unknown |
— |
— |
|
|
|
1y ago |
LiteLLM Vulnerable to Remote Code Execution (RCE) |
| CVE-2024-10188 |
unknown |
— |
— |
|
|
|
1y ago |
LiteLLM Vulnerable to Denial of Service (DoS) |
| CVE-2024-6587 |
unknown |
— |
— |
|
|
|
2y ago |
LiteLLM Server-Side Request Forgery (SSRF) vulnerability |
| CVE-2024-5751 |
unknown |
— |
— |
|
|
|
2y ago |
litellm vulnerable to remote code execution based on using eval unsafely |
| CVE-2024-5710 |
unknown |
— |
— |
|
|
|
2y ago |
litellm vulnerable to improper access control in team management |
| CVE-2024-5225 |
unknown |
— |
— |
|
|
|
2y ago |
SQL injection in litellm |
| CVE-2024-4890 |
unknown |
— |
— |
|
|
|
2y ago |
SQL injection in litellm |
| CVE-2024-4888 |
unknown |
— |
— |
|
|
|
2y ago |
Arbitrary file deletion in litellm |
| CVE-2024-4264 |
unknown |
— |
— |
|
|
|
2y ago |
litellm passes untrusted data to `eval` function without sanitization |
| CVE-2024-2952 |
unknown |
— |
— |
|
|
|
2y ago |
LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint |
