CRITICAL9.8CVE-2026-42208⚠ KEVLiteLLM has SQL Injection in Proxy API key verification >= 1.81.16, < 1.83.7
HIGH8.8CVE-2026-42271⚠ KEVLiteLLM: Authenticated command execution via MCP stdio test endpoints >= 1.74.2, < 1.83.7
CRITICAL9.8litellm vulnerable to remote code execution based on using eval unsafely
from 0, < 1.40.16
CRITICAL9.8LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint
from 0, < 1.34.42
HIGH8.8LiteLLM has a sandbox escape in custom-code guardrail
>= 1.81.8, < 1.83.10
HIGH8.8LiteLLM Vulnerable to Remote Code Execution (RCE)
>= 1.40.3.dev2, <= 1.40.12
HIGH8.1LiteLLM Has an Improper Authorization Vulnerability
from 0, < 1.61.15
HIGH7.5LiteLLM Has a Leakage of Langfuse API Keys
from 0, <= 1.52.1
HIGH7.5LiteLLM Reveals Portion of API Key via a Logging File
from 0, < 1.44.12
HIGH7.5LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request
from 0, < 1.56.2
HIGH7.5LiteLLM Vulnerable to Denial of Service (DoS)
from 0, < 1.53.1.dev1
HIGH7.5LiteLLM Server-Side Request Forgery (SSRF) vulnerability
from 0, < 1.44.8
HIGH7.2litellm passes untrusted data to `eval` function without sanitization
from 0, <= 1.28.11
MEDIUM6.5Arbitrary file deletion in litellm
from 0, < 1.35.36
MEDIUM6.4SQL injection in litellm
from 0, < 1.40.0
MEDIUM5.3litellm vulnerable to improper access control in team management
from 0, < 1.40.15
MEDIUM4.9SQL injection in litellm
from 0, <= 1.27.14
—LiteLLM: Server-Side Template Injection in /prompts/test endpoint
>= 1.80.5, < 1.83.7
—LiteLLM: Authentication bypass via OIDC userinfo cache key collision
from 0, < 1.83.0
—LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint
from 0, < 1.83.0