Litellm
AI Threat Alert tracks 5 known AI/ML vulnerabilities affecting Litellm products — each enriched with CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis. Browse every Litellm CVE below, sorted by severity and recency.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2024-6587 | LiteLLM: SSRF leaks OpenAI API key to attacker | litellm | 7.5 |
| HIGH | CVE-2024-4888 | litellm: arbitrary file deletion via audio endpoint | litellm | 8.1 |
| MEDIUM | CVE-2025-45809 | LiteLLM: SQL injection in key management API | litellm | 5.4 |
| CRITICAL | CVE-2026-42208 | LiteLLM: SQL injection exposes LLM API credentials | litellm | 9.8 |
| HIGH | CVE-2026-42271 | LiteLLM: RCE via MCP test endpoint command injection | litellm | 8.8 |
Frequently asked questions
How many known vulnerabilities affect Litellm?
5 AI/ML CVEs affecting Litellm products are tracked, sourced from NVD and GitHub Advisory.
What Litellm products are affected?
The CVEs below map to the Litellm AI/ML packages and tools tracked by AI Threat Alert; open any CVE to see the affected components and versions.
Where does the Litellm vulnerability data come from?
Data is sourced from NVD and GitHub Advisory, then enriched with CVSS severity, EPSS exploit probability, and patch status for each CVE.
How can I monitor Litellm for new vulnerabilities?
AI Threat Alert tracks Litellm continuously; a Pro subscription adds breaking alerts when new CVEs affecting Litellm are published.
How do I assess Litellm's security exposure?
Each CVE below carries CVSS severity and exploitation signals, so you can review the highest-severity Litellm issues first and judge the exposure for your stack.