LiteLLM (Python) – Support, CVEs & Health

GHSA-3xr8-qfvj-9p9j CVSS_V3

Arbitrary file deletion in litellm

Published: 2024-06-06 Fixed in: 1.35.36

GHSA-46cm-pfwv-cgf8 CVSS_V3

LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint

Published: 2024-04-10 Fixed in: 1.34.42

GHSA-53gh-p8jc-7rg8 CVSS_V3

LiteLLM Vulnerable to Remote Code Execution (RCE)

Published: 2025-03-20 No fix available

GHSA-53mr-6c8q-9789 CVSS_V4

LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint

Published: 2026-04-03 Fixed in: 1.83.0

GHSA-5mg7-485q-xm76 Unknown

Two LiteLLM versions published containing credential harvesting malware

Published: 2026-03-25 No fix available

GHSA-69x8-hrgq-fjj8 CVSS_V4

LiteLLM: Password hash exposure and pass-the-hash authentication bypass

Published: 2026-04-08 Fixed in: 1.83.0

GHSA-7ggm-4rjg-594w CVSS_V3

litellm passes untrusted data to `eval` function without sanitization

Published: 2024-05-18 No fix available

GHSA-879v-fggm-vxw2 CVSS_V3

LiteLLM Has a Leakage of Langfuse API Keys

Published: 2025-03-20 No fix available

GHSA-8j42-pcfm-3467 CVSS_V3

SQL injection in litellm

Published: 2024-06-06 No fix available

GHSA-fh2c-86xm-pm2x CVSS_V3

LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request

Published: 2025-03-20 Fixed in: 1.56.2

LiteLLM