📦 Litellm

This vulnerability allows remote code execution in BerriAI/litellm when an attacker sends a malicious payload to the /config/update endpoint. The vulnerability occurs when environment variables are im...

This vulnerability in berriai/litellm's proxy server leaks Langfuse API keys when team settings parsing fails, exposing sensitive credentials. Attackers gaining these keys can access the Langfuse proj...

This vulnerability in berriai/litellm's logging function only masks the first 5 characters of API keys, exposing nearly the entire secret key in application logs. Any system running affected versions ...

This vulnerability allows unauthenticated attackers to cause a Denial of Service (DoS) by sending specially crafted HTTP requests with appended characters in multipart boundaries, leading to excessive...

This vulnerability in BerriAI/litellm allows remote code execution by exploiting improper input validation in the 'post_call_rules' configuration. Attackers can inject system commands that execute whe...

This SSRF vulnerability in berriai/litellm allows attackers to redirect API requests to malicious servers, exposing OpenAI API keys. Any application using the vulnerable version of litellm with user-c...

An SQL injection vulnerability in the berriai/litellm repository allows attackers to execute arbitrary SQL commands via the /global/spend/logs endpoint by manipulating the api_key parameter. This affe...

A blind SQL injection vulnerability in berriai/litellm's '/team/update' endpoint allows attackers to inject malicious SQL through the 'user_id' parameter. This could lead to unauthorized access to sen...