416 matches found
Remote Code Execution (RCE)
litellm is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of the 'postcallrules' configuration, allowing an attacker to specify a system method as a callback, leading to arbitrary command execution...
LiteLLM Resource Management Error Vulnerability
LiteLLM is a Berri AI open source application. All LLM APIs can be called using the OpenAI format. LiteLLM has a resource management error vulnerability that stems from an insecure parsing of user input in ast.literaleval, which can be exploited by an attacker to cause a denial of service...
Denial Of Service (DoS)
litellm is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of multipart boundaries, allowing an attacker to append characters in HTTP requests, leading to excessive resource consumption and service unavailability...
Improper API Key Masking
LiteLLM is vulnerable to improper API key masking. The vulnerability is due to insufficient key redaction in the file litellmlogging.py, allowing an attacker to extract most of the API key and potentially gain unauthorized access to related systems or services...
CVE-2024-10188
A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service DoS by exploiting the use of ast.literaleval to parse user input. This function is not safe and is prone to DoS attacks, which can crash the litellm Python server...
CVE-2024-9606
In berriai/litellm before version 1.44.12, the litellm/litellmcoreutils/litellmlogging.py file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs, exposing a significant amount ...
CVE-2024-6825
BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the 'postcallrules' configuration, where a callback function can be added. The provided value is split at the final '.' mark, with the last part considered the function...
CVE-2024-8984
A Denial of Service DoS vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource...
01os (>=0.0.1 <=0.0.13), aeiva (>=0.8.1 <=0.8.2.6) +198 more potentially affected by CVE-2025-0330 via litellm (>=1.0.0 <=1.65.4.post1)
litellm PYPI version =1.0.0, =0.0.1, =0.8.1, =0.14.1a0, =0.1.0, =0.0.5, =1.1.2, =0.0.4, =0.2.0, =0.1.1, =0.5.0, =0.1.0, =1.0.3, =0.2.10, =0.29.0, =0.59.1, =0.62.9 and more Source cves: CVE-2025-0330 Source advisory: SNYK:PYTHON-LITELLM-9511161...
Exposure of Sensitive Information Through Metadata
Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata due to an issue in proxyserver.py. An attacker can obtain sensitive information, including API keys, by triggering error...
01os (>=0.0.1 <=0.0.13), aeiva (>=0.8.1 <=0.8.2.6) +171 more potentially affected by CVE-2025-0628 via litellm (>=1.0.0 <=1.60.8)
litellm PYPI version =1.0.0, =0.0.1, =0.8.1, =0.14.1a0, =0.1.0, =0.0.5, =1.1.2, =0.0.4, =0.1.1, =0.5.0, =0.1.0, =1.0.3, =0.2.10, =0.29.0, =0.59.1, =0.1.5, =1.1.1 and more Source cves: CVE-2025-0628 Source advisory: SNYK:PYTHON-LITELLM-9511164...
01os (>=0.0.1 <=0.0.13), aeiva (>=0.8.1 <=0.8.2.6) +194 more potentially affected by CVE-2025-0628 via litellm (>=0.1.400 <=1.60.8)
litellm PYPI version =0.1.400, =0.0.1, =0.8.1, =0.14.1a0, =0.1.0, =0.0.5, =1.1.2, =0.0.4, =0.1.1, =0.5.0, =0.1.0, =1.0.3, =0.2.0, =0.29.0, =0.59.1, =0.1.5, =1.1.1 and more Source cves: CVE-2025-0628 Source advisory: OSV:GHSA-FJCF-3J3R-78RP...
01os (>=0.0.1 <=0.0.13), agenta (>=0.14.1a0 <=0.14.7a1) +140 more potentially affected by CVE-2025-0330 via litellm (>=0.1.400 <=1.52.1)
litellm PYPI version =0.1.400, =0.0.1, =0.14.1a0, =0.0.5, =1.1.2, =0.0.4, =0.5.0, =1.0.3, =0.2.0, =0.29.0, =0.59.1, =0.1.5, =6.0.0, =6.0.1 - aios-core =0.1.0 and more Source cves: CVE-2025-0330 Source advisory: OSV:GHSA-879V-FGGM-VXW2...
LiteLLM Has an Improper Authorization Vulnerability
An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...
LiteLLM Has a Leakage of Langfuse API Keys
In berriai/litellm version v1.52.1, an issue in proxyserver.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfusesecret and langfusepublickey, which can provide full access to the Langfuse...
01os (>=0.0.1 <=0.0.13), agenta (>=0.14.1a0 <=0.14.7a1) +101 more potentially affected by CVE-2024-9606 via litellm (>=0.1.400 <=1.43.9)
litellm PYPI version =0.1.400, =0.0.1, =0.14.1a0, =0.0.5, =0.0.4, =1.0.3, =0.2.0, =0.29.0, =0.1.5, =0.1.0, =0.1.0, =0.0.1, =0.1.10 - bbook-maker =0.5.1 and more Source cves: CVE-2024-9606 Source advisory: OSV:GHSA-G5PG-73FC-HJWQ...
GHSA-G5PG-73FC-HJWQ LiteLLM Reveals Portion of API Key via a Logging File
In berriai/litellm before version 1.44.12, the litellm/litellmcoreutils/litellmlogging.py file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs, exposing a significant amount ...
LiteLLM Reveals Portion of API Key via a Logging File
In berriai/litellm before version 1.44.12, the litellm/litellmcoreutils/litellmlogging.py file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs, exposing a significant amount ...
01os (>=0.0.1 <=0.0.13), aeiva (>=0.8.1 <=0.8.2.6) +167 more potentially affected by CVE-2024-8984 via litellm (>=0.1.400 <=1.56.10)
litellm PYPI version =0.1.400, =0.0.1, =0.8.1, =0.14.1a0, =0.0.5, =1.1.2, =0.0.4, =0.1.1, =0.5.0, =1.0.3, =0.2.0, =0.29.0, =0.59.1, =0.1.5, =1.1.1 - aigrok =0.2.1 - aijson-ml =0.1.1 and more Source cves: CVE-2024-8984 Source advisory: OSV:GHSA-FH2C-86XM-PM2X...
GHSA-FH2C-86XM-PM2X LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request
A Denial of Service DoS vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource...