Vulnerabilities > Litellm
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-13 | CVE-2024-6587 | Server-Side Request Forgery (SSRF) vulnerability in Litellm 1.38.10 A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. | 7.5 |
| 2024-06-27 | CVE-2024-5710 | Unspecified vulnerability in Litellm 1.34.34 berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. | 6.5 |
| 2024-06-27 | CVE-2024-5751 | Code Injection vulnerability in Litellm 1.35.8 BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. | 9.8 |
| 2024-06-06 | CVE-2024-4888 | Missing Authorization vulnerability in Litellm BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the `/audio/transcriptions` endpoint. | 8.1 |
| 2024-06-06 | CVE-2024-4890 | SQL Injection vulnerability in Litellm 1.27.14 A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. | 4.9 |
| 2024-06-06 | CVE-2024-5225 | SQL Injection vulnerability in Litellm An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the `/global/spend/logs` endpoint. | 7.2 |
| 2024-06-06 | CVE-2024-4889 | Code Injection vulnerability in Litellm A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. | 7.2 |