Vulnerabilities > Litellm > Litellm > 1.42.7

DATE CVE VULNERABILITY TITLE RISK
2025-03-20 CVE-2024-9606 Improper Output Neutralization for Logs vulnerability in Litellm
In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerability where the API key masking code only masks the first 5 characters of the key.
network
low complexity
litellm CWE-117
7.5
7.5
2024-06-06 CVE-2024-4889 Unspecified vulnerability in Litellm
A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system.
network
low complexity
litellm
7.2
7.2