51 matches found
CVE-2026-47102
LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...
Exploit for SQL Injection in Litellm
Threat Intelligence Brief - CVE-2026-42208: BerriAI LiteLLM SQ...
CVE-2026-41168 vulnerabilities
Vulnerabilities for packages: nemo, open-webui, litellm...
0xpwn (>=0.1.0 <=0.1.1), a-mem (>=0.1.0 <=0.2.6) +2369 more potentially affected by CVE-2026-42208 via litellm (>=1.81.16 <=1.83.4)
litellm PYPI version =1.81.16, =0.1.0, =0.1.0, =0.3.0, =0.1.3, =0.0.4, =0.1.0, =0.0.1a0, =0.2.2, =0.2.1, =0.2.0, =0.6.1 - acatome-mcp =0.2.1 - acceldata-aio-tracer =0.1.0.dev1 and more Source cves: CVE-2026-42208 Source advisory: OSV:GHSA-R75F-5X8P-QVMC...
0xpwn (>=0.1.0 <=0.1.1), a-mem (>=0.1.0 <=0.2.6) +2369 more potentially affected by CVE-2026-42208 via litellm (>=1.81.16 <=1.83.4)
litellm PYPI version =1.81.16, =0.1.0, =0.1.0, =0.3.0, =0.1.3, =0.0.4, =0.1.0, =0.0.1a0, =0.2.2, =0.2.1, =0.2.0, =0.6.1 - acatome-mcp =0.2.1 - acceldata-aio-tracer =0.1.0.dev1 and more Source cves: CVE-2026-42208 Source advisory: SNYK:PYTHON-LITELLM-16300164...
0xpwn (>=0.1.0 <=0.1.1), a-mem (>=0.1.0 <=0.2.6) +2376 more potentially affected by CVE-2026-42203 via litellm (>=1.80.5 <=1.83.4)
litellm PYPI version =1.80.5, =0.1.0, =0.1.0, =0.3.0, =0.1.3, =0.0.4, =0.1.0, =0.0.1a0, =0.2.2, =0.2.1, =0.2.0, =0.6.1 - acatome-mcp =0.2.1 - acceldata-aio-tracer =0.1.0.dev1 and more Source cves: CVE-2026-42203 Source advisory: OSV:GHSA-XQMJ-J6MV-4862...
01os (=0.0.14), 0xpwn (>=0.1.0 <=0.1.1) +2658 more potentially affected by CVE-2026-42271 via litellm (>=1.74.3 <=1.83.4)
litellm PYPI version =1.74.3, =0.1.0, =0.1.0, =0.3.0, =0.1.3, =0.0.4, =0.1.0, =0.0.1a0, =0.3.5, =0.2.2, =0.2.1, =0.2.0, =0.6.1 - acatome-mcp =0.2.1 and more Source cves: CVE-2026-42271 Source advisory: SNYK:PYTHON-LITELLM-16119122...
01os (>=0.0.1 <=0.0.14), 0xpwn (>=0.1.0 <=0.1.1) +2833 more potentially affected by CVE-2026-40217 via litellm (>=1.0.0 <=1.83.8)
litellm PYPI version =1.0.0, =0.0.1, =0.1.0, =0.1.0, =0.3.0, =0.1.3, =0.0.4, =0.1.0, =0.0.1a0, =0.3.5, =0.2.2, =0.2.1, =0.2.0, =0.6.1 - acatome-mcp =0.2.1 and more Source cves: CVE-2026-40217 Source advisory: SNYK:PYTHON-LITELLM-16049285...
01os (>=0.0.1 <=0.0.14), 0xpwn (=0.1.1) +774 more potentially affected by CVE-2026-35030 via litellm (>=0.11.1 <=1.82.6)
litellm PYPI version =0.11.1, =0.0.1, =0.0.1a0, =0.3.5, =0.7.3, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.4.0, =0.2.1, =0.2.1.10102025 - agent-memory-server =0.15.0 and more Source cves: CVE-2026-35030 Source advisory: OSV:GHSA-JJHC-V7C2-5HH6...
0xpwn (=0.1.1), a2a-acl (=0.0.14) +168 more potentially affected by CVE-2026-35030 via litellm (>=1.80.9 <=1.82.6)
litellm PYPI version =1.80.9, =0.0.1a0, =0.7.3, =0.1.46, =0.4.0, =0.0.1, =0.1.14.13, =0.5.2, =0.1.0, =2.0.0, =2.0.1 and more Source cves: CVE-2026-35030 Source advisory: SNYK:PYTHON-LITELLM-15907831...
01os (>=0.0.1 <=0.0.14), 0xpwn (=0.1.1) +753 more potentially affected by CVE-2026-35029 via litellm (>=1.0.0 <=1.82.6)
litellm PYPI version =1.0.0, =0.0.1, =0.0.1a0, =0.3.5, =0.7.3, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.4.0, =0.2.1, =0.2.1.10102025 - agent-memory-server =0.15.0 and more Source cves: CVE-2026-35029 Source advisory: SNYK:PYTHON-LITELLM-15907616...
01os (>=0.0.1 <=0.0.14), 0xpwn (=0.1.1) +774 more potentially affected by CVE-2026-35029 via litellm (>=0.11.1 <=1.82.6)
litellm PYPI version =0.11.1, =0.0.1, =0.0.1a0, =0.3.5, =0.7.3, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.4.0, =0.2.1, =0.2.1.10102025 - agent-memory-server =0.15.0 and more Source cves: CVE-2026-35029 Source advisory: OSV:GHSA-53MR-6C8Q-9789...
01os (>=0.0.1 <=0.0.14), a2a-acl (=0.0.14) +660 more potentially affected by unknown CVE via litellm (>=1.0.0 <=1.82.3)
litellm PYPI version =1.0.0, =0.0.1, =0.0.1a0, =0.3.5, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.1.0, =0.1.1 - agent-toolkit =0.1.9 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-LITELLM-15870298...
01os (>=0.0.1 <=0.0.14), 0xpwn (=0.1.1) +753 more potentially affected by unknown CVE via litellm (>=1.0.0 <=1.82.6)
litellm PYPI version =1.0.0, =0.0.1, =0.0.1a0, =0.3.5, =0.7.3, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.4.0, =0.2.1, =0.2.1.10102025 - agent-memory-server =0.15.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-2144...
01os (>=0.0.1 <=0.0.14), 0xpwn (>=0.1.0 <=0.1.1) +2852 more potentially affected by unknown CVE via litellm (>=0.11.1 <=1.85.0.dev2)
litellm PYPI version =0.11.1, =0.0.1, =0.1.0, =0.1.0, =0.3.0, =0.1.3, =0.0.4, =0.1.0, =0.0.1a0, =0.3.5, =0.2.2, =0.2.1, =0.2.0, =0.6.1 - acatome-mcp =0.2.1 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-LITELLM-15762713...
01os (>=0.0.1 <=0.0.14), aaf (>=0.3.5 <=0.3.9) +604 more potentially affected by unknown CVE via litellm (>=1.0.0 <=1.80.11)
litellm PYPI version =1.0.0, =0.0.1, =0.3.5, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.1.0, =0.14.1a0, =0.4.1, =0.5.3 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-LITELLM-15170825...
01os (>=0.0.1 <=0.0.14), advanced-research (>=0.1.0 <=0.2.2) +419 more potentially affected by unknown CVE via litellm (>=1.0.0 <=1.77.5)
litellm PYPI version =1.0.0, =0.0.1, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.14.1a0, =0.1.0, =0.0.5, =0.3.1, =1.1.2, =1.4.3, =0.0.1, =0.1.0, =0.7.0 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-LITELLM-13803705...
01os (>=0.0.1 <=0.0.14), advanced-research (>=0.1.0 <=0.2.2) +419 more potentially affected by unknown CVE via litellm (>=1.0.0 <=1.77.5)
litellm PYPI version =1.0.0, =0.0.1, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.14.1a0, =0.1.0, =0.0.5, =0.3.1, =1.1.2, =1.4.3, =0.0.1, =0.1.0, =0.7.0 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-LITELLM-13803635...
LiteLLM 信息泄露漏洞
LiteLLM is an open source application from Berri AI. All LLM APIs can be called using the OpenAI format. LiteLLM suffers from an information disclosure vulnerability that stems from exposing sensitive information when handling the health endpoint APIKEY parameter, which could lead to credential...
EUVD-2025-6882
Malicious code in bioql PyPI...