Vulnerabilities > Litellm > Litellm > 1.34.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-20 | CVE-2024-9606 | Improper Output Neutralization for Logs vulnerability in Litellm In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. | 7.5 |
| 2024-06-06 | CVE-2024-4888 | Unspecified vulnerability in Litellm BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the `/audio/transcriptions` endpoint. | 8.1 |
| 2024-06-06 | CVE-2024-5225 | Unspecified vulnerability in Litellm An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the `/global/spend/logs` endpoint. | 7.2 |
| 2024-06-06 | CVE-2024-4889 | Unspecified vulnerability in Litellm A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. | 7.2 |