AI Threat Alert
LiteLLM Vulnerabilities
pip LLM Inference 79
Risk Score
20
Total CVEs
4
Critical
pip
Ecosystem
May 8, 2026
Last CVE
55%
Patch Rate
42d
Avg Time to Patch
47,242 stars
8,109 forks
3,117 issues
4 dependents
Last push May 17, 2026
View on GitHub
OpenSSF Scorecard 6.1/10
Known Vulnerabilities (20 total, page 1 of 1)
Severity CVE ID Summary CVSS Published
HIGH CVE-2026-42271 LiteLLM: RCE via MCP test endpoint command injection 8.8 May 8, 2026 CRITICAL CVE-2026-42208 LiteLLM: SQL injection exposes LLM API credentials 9.8 May 8, 2026 HIGH CVE-2026-42203 LiteLLM: SSTI in prompt template endpoint enables RCE 8.8 May 8, 2026 HIGH GHSA-v4p8-mg3p-g94g litellm: RCE via MCP test endpoints privilege bypass -- Apr 25, 2026 HIGH GHSA-xqmj-j6mv-4862 LiteLLM: RCE via unsandboxed prompt template rendering -- Apr 24, 2026 CRITICAL GHSA-r75f-5x8p-qvmc litellm: SQLi exposes all managed LLM API credentials -- Apr 24, 2026 HIGH CVE-2026-40217 LiteLLM: RCE via bytecode rewriting in guardrails API 8.8 Apr 10, 2026 HIGH GHSA-69x8-hrgq-fjj8 LiteLLM: auth bypass chain enables full privilege escalation -- Apr 8, 2026 UNKNOWN CVE-2026-35029 LiteLLM: auth bypass allows RCE and full takeover -- Apr 3, 2026 CRITICAL CVE-2026-35030 LiteLLM: auth bypass via JWT cache key collision 9.1 Apr 3, 2026 CRITICAL GHSA-5mg7-485q-xm76 litellm: supply chain attack harvests AI API credentials -- Mar 25, 2026 HIGH CVE-2024-6825 LiteLLM: RCE via post_call_rules callback injection 8.8 Mar 20, 2025 HIGH CVE-2025-0330 LiteLLM: Langfuse API key leak via error handling 7.5 Mar 20, 2025 HIGH CVE-2025-0628 litellm: privilege escalation viewer→proxy admin via bad API key 8.1 Mar 20, 2025 HIGH CVE-2024-9606 LiteLLM: API key leakage in logs exposes credentials 7.5 Mar 20, 2025 HIGH CVE-2024-8984 litellm: unauthenticated DoS via multipart boundary parsing 7.5 Mar 20, 2025 MEDIUM CVE-2025-45809 LiteLLM: SQL injection in key management API 5.4 Jul 3, 2025 HIGH CVE-2024-10188 litellm: unauthenticated DoS crashes LLM proxy server 7.5 Mar 20, 2025 HIGH CVE-2024-6587 LiteLLM: SSRF leaks OpenAI API key to attacker 7.5 Sep 13, 2024 HIGH CVE-2024-4888 litellm: arbitrary file deletion via audio endpoint 8.1 Jun 6, 2024 Monitor LiteLLM in your stack
Get instant alerts when new vulnerabilities affect LiteLLM. CISO analysis, ATLAS technique mappings, and compliance reports included.
Start Monitoring