Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/680221?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/680221?format=api", "purl": "pkg:pypi/litellm@0.1.639", "type": "pypi", "namespace": "", "name": "litellm", "version": "0.1.639", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.61.15", "latest_non_vulnerable_version": "1.83.10", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/277354?format=api", "vulnerability_id": "VCID-1bck-72ae-wfcm", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9606", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43339", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9606" }, { "reference_url": "https://github.com/BerriAI/litellm", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm" }, { "reference_url": "https://github.com/berriai/litellm/commit/9094071c4782183e84f10630e2450be3db55509a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/berriai/litellm/commit/9094071c4782183e84f10630e2450be3db55509a" }, { "reference_url": "https://huntr.com/bounties/4a03796f-a8d4-4293-84ef-d3959456223a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.com/bounties/4a03796f-a8d4-4293-84ef-d3959456223a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9606", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9606" }, { "reference_url": "https://github.com/advisories/GHSA-g5pg-73fc-hjwq", "reference_id": "GHSA-g5pg-73fc-hjwq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g5pg-73fc-hjwq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195108?format=api", "purl": "pkg:pypi/litellm@1.44.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fvh1-8bnc-hqcz" }, { "vulnerability": "VCID-md8m-rdpu-dbe4" }, { "vulnerability": "VCID-pmft-nzj7-n3ee" }, { "vulnerability": "VCID-r97y-74wy-8fbb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/litellm@1.44.12" } ], "aliases": [ "CVE-2024-9606", "GHSA-g5pg-73fc-hjwq" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1bck-72ae-wfcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/273778?format=api", "vulnerability_id": "VCID-a5y6-f7xv-43gk", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5710", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24054", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5710" }, { "reference_url": "https://github.com/berriai/litellm", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/berriai/litellm" }, { "reference_url": "https://github.com/BerriAI/litellm/blob/224148d6133ee50801cb129cbd21ccc213992e25/litellm/proxy/auth/user_api_key_auth.py#L1020", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm/blob/224148d6133ee50801cb129cbd21ccc213992e25/litellm/proxy/auth/user_api_key_auth.py#L1020" }, { "reference_url": "https://github.com/BerriAI/litellm/commit/da3ae00bd68f451ed8ddf0bc0a9fd34bde5554d6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm/commit/da3ae00bd68f451ed8ddf0bc0a9fd34bde5554d6" }, { "reference_url": "https://huntr.com/bounties/70897f59-a966-4d93-b71e-745e3da91970", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-27T19:53:47Z/" } ], "url": "https://huntr.com/bounties/70897f59-a966-4d93-b71e-745e3da91970" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5710", "reference_id": "CVE-2024-5710", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5710" }, { "reference_url": "https://github.com/advisories/GHSA-qqcv-vg9f-5rr3", "reference_id": "GHSA-qqcv-vg9f-5rr3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qqcv-vg9f-5rr3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81860?format=api", "purl": "pkg:pypi/litellm@1.40.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bck-72ae-wfcm" }, { "vulnerability": "VCID-a5y6-f7xv-43gk" }, { "vulnerability": "VCID-cwhb-pzcz-yfeq" }, { "vulnerability": "VCID-fvh1-8bnc-hqcz" }, { "vulnerability": "VCID-md8m-rdpu-dbe4" }, { "vulnerability": "VCID-nst5-3xsy-qbgk" }, { "vulnerability": "VCID-pmft-nzj7-n3ee" }, { "vulnerability": "VCID-r97y-74wy-8fbb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/litellm@1.40.15" } ], "aliases": [ "CVE-2024-5710", "GHSA-qqcv-vg9f-5rr3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a5y6-f7xv-43gk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/268092?format=api", "vulnerability_id": "VCID-cnnd-frah-5yh5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4888", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18172", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4888" }, { "reference_url": "https://github.com/BerriAI/litellm", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm" }, { "reference_url": "https://github.com/BerriAI/litellm/pull/3193", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm/pull/3193" }, { "reference_url": "https://huntr.com/bounties/48461d89-cf13-4ad3-a43e-0d37da08fc6c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T19:29:54Z/" } ], "url": "https://huntr.com/bounties/48461d89-cf13-4ad3-a43e-0d37da08fc6c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4888", "reference_id": "CVE-2024-4888", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4888" }, { "reference_url": "https://github.com/advisories/GHSA-3xr8-qfvj-9p9j", "reference_id": "GHSA-3xr8-qfvj-9p9j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3xr8-qfvj-9p9j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81683?format=api", "purl": "pkg:pypi/litellm@1.35.36", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bck-72ae-wfcm" }, { "vulnerability": "VCID-a5y6-f7xv-43gk" }, { "vulnerability": "VCID-cwhb-pzcz-yfeq" }, { "vulnerability": "VCID-fvh1-8bnc-hqcz" }, { "vulnerability": "VCID-j6rg-j1zw-hkbx" }, { "vulnerability": "VCID-md8m-rdpu-dbe4" }, { "vulnerability": "VCID-nst5-3xsy-qbgk" }, { "vulnerability": "VCID-pmft-nzj7-n3ee" }, { "vulnerability": "VCID-r97y-74wy-8fbb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/litellm@1.35.36" } ], "aliases": [ "CVE-2024-4888", "GHSA-3xr8-qfvj-9p9j" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cnnd-frah-5yh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/273814?format=api", "vulnerability_id": "VCID-cwhb-pzcz-yfeq", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5751", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05359", "scoring_system": "epss", "scoring_elements": "0.90223", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5751" }, { "reference_url": "https://github.com/berriai/litellm", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/berriai/litellm" }, { "reference_url": "https://github.com/BerriAI/litellm/commit/fcea4c22ad96b24436f196ae709f71932e84b0b8", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm/commit/fcea4c22ad96b24436f196ae709f71932e84b0b8" }, { "reference_url": "https://github.com/BerriAI/litellm/pull/4228", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm/pull/4228" }, { "reference_url": "https://huntr.com/bounties/ae623c2f-b64b-4245-9ed4-f13a0a5824ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-06-27T20:20:04Z/" } ], "url": "https://huntr.com/bounties/ae623c2f-b64b-4245-9ed4-f13a0a5824ce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5751", "reference_id": "CVE-2024-5751", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5751" }, { "reference_url": "https://github.com/advisories/GHSA-gppg-gqw8-wh9g", "reference_id": "GHSA-gppg-gqw8-wh9g", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gppg-gqw8-wh9g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81863?format=api", "purl": "pkg:pypi/litellm@1.40.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bck-72ae-wfcm" }, { "vulnerability": "VCID-a5y6-f7xv-43gk" }, { "vulnerability": "VCID-fvh1-8bnc-hqcz" }, { "vulnerability": "VCID-md8m-rdpu-dbe4" }, { "vulnerability": "VCID-nst5-3xsy-qbgk" }, { "vulnerability": "VCID-pmft-nzj7-n3ee" }, { "vulnerability": "VCID-r97y-74wy-8fbb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/litellm@1.40.16" } ], "aliases": [ "CVE-2024-5751", "GHSA-gppg-gqw8-wh9g" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cwhb-pzcz-yfeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/267520?format=api", "vulnerability_id": "VCID-ec9c-md1f-m7gx", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4264", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03284", "scoring_system": "epss", "scoring_elements": "0.87407", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4264" }, { "reference_url": "https://github.com/BerriAI/litellm", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm" }, { "reference_url": "https://github.com/BerriAI/litellm/blob/main/litellm/proxy/proxy_server.py#L2104-L2108", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm/blob/main/litellm/proxy/proxy_server.py#L2104-L2108" }, { "reference_url": "https://github.com/BerriAI/litellm/blob/main/litellm/proxy/proxy_server.py#L2118", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm/blob/main/litellm/proxy/proxy_server.py#L2118" }, { "reference_url": "https://github.com/BerriAI/litellm/blob/main/litellm/proxy/proxy_server.py#L2509-L2517", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm/blob/main/litellm/proxy/proxy_server.py#L2509-L2517" }, { "reference_url": "https://github.com/BerriAI/litellm/blob/main/litellm/proxy/proxy_server.py#L2562-L2577", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm/blob/main/litellm/proxy/proxy_server.py#L2562-L2577" }, { "reference_url": "https://github.com/BerriAI/litellm/blob/main/litellm/utils.py#L9867-L9885", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm/blob/main/litellm/utils.py#L9867-L9885" }, { "reference_url": "https://huntr.com/bounties/a3221b0c-6e25-4295-ab0f-042997e8fc61", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-08-05T19:26:40Z/" } ], "url": "https://huntr.com/bounties/a3221b0c-6e25-4295-ab0f-042997e8fc61" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4264", "reference_id": "CVE-2024-4264", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4264" }, { "reference_url": "https://github.com/advisories/GHSA-7ggm-4rjg-594w", "reference_id": "GHSA-7ggm-4rjg-594w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7ggm-4rjg-594w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/680620?format=api", "purl": "pkg:pypi/litellm@1.28.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bck-72ae-wfcm" }, { "vulnerability": "VCID-a5y6-f7xv-43gk" }, { "vulnerability": "VCID-cnnd-frah-5yh5" }, { "vulnerability": "VCID-cwhb-pzcz-yfeq" }, { "vulnerability": "VCID-fvh1-8bnc-hqcz" }, { "vulnerability": "VCID-j6rg-j1zw-hkbx" }, { "vulnerability": "VCID-md8m-rdpu-dbe4" }, { "vulnerability": "VCID-nst5-3xsy-qbgk" }, { "vulnerability": "VCID-pmft-nzj7-n3ee" }, { "vulnerability": "VCID-r97y-74wy-8fbb" }, { "vulnerability": "VCID-w3wh-mjtz-jbdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/litellm@1.28.13" } ], "aliases": [ "CVE-2024-4264", "GHSA-7ggm-4rjg-594w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ec9c-md1f-m7gx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/277980?format=api", "vulnerability_id": "VCID-fvh1-8bnc-hqcz", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58996", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0330" }, { "reference_url": "https://github.com/BerriAI/litellm", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm" }, { "reference_url": "https://huntr.com/bounties/661b388a-44d8-4ad5-862b-4dc5b80be30a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:53:38Z/" } ], "url": "https://huntr.com/bounties/661b388a-44d8-4ad5-862b-4dc5b80be30a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0330", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0330" }, { "reference_url": "https://github.com/advisories/GHSA-879v-fggm-vxw2", "reference_id": "GHSA-879v-fggm-vxw2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-879v-fggm-vxw2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/759481?format=api", "purl": "pkg:pypi/litellm@1.52.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-md8m-rdpu-dbe4" }, { "vulnerability": "VCID-pmft-nzj7-n3ee" }, { "vulnerability": "VCID-r97y-74wy-8fbb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/litellm@1.52.2" } ], "aliases": [ "CVE-2025-0330", "GHSA-879v-fggm-vxw2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fvh1-8bnc-hqcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/268094?format=api", "vulnerability_id": "VCID-j1mh-vg1z-suda", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4890", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20404", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4890" }, { "reference_url": "https://github.com/BerriAI/litellm", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm" }, { "reference_url": "https://github.com/BerriAI/litellm/pull/2954", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm/pull/2954" }, { "reference_url": "https://huntr.com/bounties/a4f6d357-5b44-4e00-9cac-f1cc351211d2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T19:35:28Z/" } ], "url": "https://huntr.com/bounties/a4f6d357-5b44-4e00-9cac-f1cc351211d2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4890", "reference_id": "CVE-2024-4890", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4890" }, { "reference_url": "https://github.com/advisories/GHSA-8j42-pcfm-3467", "reference_id": "GHSA-8j42-pcfm-3467", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8j42-pcfm-3467" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/680613?format=api", "purl": "pkg:pypi/litellm@1.27.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bck-72ae-wfcm" }, { "vulnerability": "VCID-a5y6-f7xv-43gk" }, { "vulnerability": "VCID-cnnd-frah-5yh5" }, { "vulnerability": "VCID-cwhb-pzcz-yfeq" }, { "vulnerability": "VCID-ec9c-md1f-m7gx" }, { "vulnerability": "VCID-fvh1-8bnc-hqcz" }, { "vulnerability": "VCID-j6rg-j1zw-hkbx" }, { "vulnerability": "VCID-md8m-rdpu-dbe4" }, { "vulnerability": "VCID-nst5-3xsy-qbgk" }, { "vulnerability": "VCID-pmft-nzj7-n3ee" }, { "vulnerability": "VCID-r97y-74wy-8fbb" }, { "vulnerability": "VCID-w3wh-mjtz-jbdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/litellm@1.27.15" } ], "aliases": [ "CVE-2024-4890", "GHSA-8j42-pcfm-3467" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j1mh-vg1z-suda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/273324?format=api", "vulnerability_id": "VCID-j6rg-j1zw-hkbx", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5225", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47732", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5225" }, { "reference_url": "https://github.com/BerriAI/litellm", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm" }, { "reference_url": "https://github.com/BerriAI/litellm/commit/f75c15d6cd535aa78014378ad532de1df6be2f56", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm/commit/f75c15d6cd535aa78014378ad532de1df6be2f56" }, { "reference_url": "https://github.com/BerriAI/litellm/pull/3940", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm/pull/3940" }, { "reference_url": "https://huntr.com/bounties/491e4884-0306-4cd4-8fe2-9a19de33bf5c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-06T20:15:02Z/" } ], "url": "https://huntr.com/bounties/491e4884-0306-4cd4-8fe2-9a19de33bf5c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5225", "reference_id": "CVE-2024-5225", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5225" }, { "reference_url": "https://github.com/advisories/GHSA-h6m6-jj8v-94jj", "reference_id": "GHSA-h6m6-jj8v-94jj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h6m6-jj8v-94jj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81680?format=api", "purl": "pkg:pypi/litellm@1.40.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bck-72ae-wfcm" }, { "vulnerability": "VCID-a5y6-f7xv-43gk" }, { "vulnerability": "VCID-cwhb-pzcz-yfeq" }, { "vulnerability": "VCID-fvh1-8bnc-hqcz" }, { "vulnerability": "VCID-md8m-rdpu-dbe4" }, { "vulnerability": "VCID-nst5-3xsy-qbgk" }, { "vulnerability": "VCID-pmft-nzj7-n3ee" }, { "vulnerability": "VCID-r97y-74wy-8fbb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/litellm@1.40.0" } ], "aliases": [ "CVE-2024-5225", "GHSA-h6m6-jj8v-94jj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j6rg-j1zw-hkbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/278242?format=api", "vulnerability_id": "VCID-md8m-rdpu-dbe4", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0628", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50917", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0628" }, { "reference_url": "https://github.com/BerriAI/litellm", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm" }, { "reference_url": "https://github.com/berriai/litellm/commit/566d9354aab4215091b2e51ad0333e948125fa1b", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-20T17:49:22Z/" } ], "url": "https://github.com/berriai/litellm/commit/566d9354aab4215091b2e51ad0333e948125fa1b" }, { "reference_url": "https://huntr.com/bounties/6c0e2f75-2d03-42f9-9530-e16a973317fc", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-20T17:49:22Z/" } ], "url": "https://huntr.com/bounties/6c0e2f75-2d03-42f9-9530-e16a973317fc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0628", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0628" }, { "reference_url": "https://github.com/advisories/GHSA-fjcf-3j3r-78rp", "reference_id": "GHSA-fjcf-3j3r-78rp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fjcf-3j3r-78rp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195175?format=api", "purl": "pkg:pypi/litellm@1.61.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/litellm@1.61.15" } ], "aliases": [ "CVE-2025-0628", "GHSA-fjcf-3j3r-78rp" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-md8m-rdpu-dbe4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/274571?format=api", "vulnerability_id": "VCID-nst5-3xsy-qbgk", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6587", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.88631", "scoring_system": "epss", "scoring_elements": "0.99523", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6587" }, { "reference_url": "https://github.com/berriai/litellm", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/berriai/litellm" }, { "reference_url": "https://github.com/berriai/litellm/commit/ba1912afd1b19e38d3704bb156adf887f91ae1e0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T16:52:13Z/" } ], "url": "https://github.com/berriai/litellm/commit/ba1912afd1b19e38d3704bb156adf887f91ae1e0" }, { "reference_url": "https://huntr.com/bounties/4001e1a2-7b7a-4776-a3ae-e6692ec3d997", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T16:52:13Z/" } ], "url": "https://huntr.com/bounties/4001e1a2-7b7a-4776-a3ae-e6692ec3d997" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6587", "reference_id": "CVE-2024-6587", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6587" }, { "reference_url": "https://github.com/advisories/GHSA-g26j-5385-hhw3", "reference_id": "GHSA-g26j-5385-hhw3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g26j-5385-hhw3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82773?format=api", "purl": "pkg:pypi/litellm@1.44.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bck-72ae-wfcm" }, { "vulnerability": "VCID-fvh1-8bnc-hqcz" }, { "vulnerability": "VCID-md8m-rdpu-dbe4" }, { "vulnerability": "VCID-pmft-nzj7-n3ee" }, { "vulnerability": "VCID-r97y-74wy-8fbb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/litellm@1.44.8" } ], "aliases": [ "CVE-2024-6587", "GHSA-g26j-5385-hhw3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nst5-3xsy-qbgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/276791?format=api", "vulnerability_id": "VCID-pmft-nzj7-n3ee", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8984", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00641", "scoring_system": "epss", "scoring_elements": "0.7091", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8984" }, { "reference_url": "https://github.com/BerriAI/litellm", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm" }, { "reference_url": "https://github.com/BerriAI/litellm/blob/8c5ff150f6142608ffe968e4e68429f978fda187/litellm/tests/test_spend_logs.py#L242", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm/blob/8c5ff150f6142608ffe968e4e68429f978fda187/litellm/tests/test_spend_logs.py#L242" }, { "reference_url": "https://github.com/BerriAI/litellm/commit/4f49f836aa844ac9b6bfbeff27e6f6b2b9cf3f61", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm/commit/4f49f836aa844ac9b6bfbeff27e6f6b2b9cf3f61" }, { "reference_url": "https://huntr.com/bounties/554fc76b-3097-4223-b4cf-110b853e9355", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:54:05Z/" } ], "url": "https://huntr.com/bounties/554fc76b-3097-4223-b4cf-110b853e9355" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8984", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8984" }, { "reference_url": "https://github.com/advisories/GHSA-fh2c-86xm-pm2x", "reference_id": "GHSA-fh2c-86xm-pm2x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fh2c-86xm-pm2x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195217?format=api", "purl": "pkg:pypi/litellm@1.56.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-md8m-rdpu-dbe4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/litellm@1.56.2" } ], "aliases": [ "CVE-2024-8984", "GHSA-fh2c-86xm-pm2x" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pmft-nzj7-n3ee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/241388?format=api", "vulnerability_id": "VCID-r97y-74wy-8fbb", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10188", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50645", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10188" }, { "reference_url": "https://github.com/BerriAI/litellm", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm" }, { "reference_url": "https://github.com/berriai/litellm/commit/21156ff5d0d84a7dd93f951ca033275c77e4f73c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/berriai/litellm/commit/21156ff5d0d84a7dd93f951ca033275c77e4f73c" }, { "reference_url": "https://huntr.com/bounties/96a32812-213c-4819-ba4e-36143d35e95b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.com/bounties/96a32812-213c-4819-ba4e-36143d35e95b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10188", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10188" }, { "reference_url": "https://github.com/advisories/GHSA-gw2q-qw9j-rgv7", "reference_id": "GHSA-gw2q-qw9j-rgv7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gw2q-qw9j-rgv7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195083?format=api", "purl": "pkg:pypi/litellm@1.53.1.dev1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-md8m-rdpu-dbe4" }, { "vulnerability": "VCID-pmft-nzj7-n3ee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/litellm@1.53.1.dev1" } ], "aliases": [ "CVE-2024-10188", "GHSA-gw2q-qw9j-rgv7" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r97y-74wy-8fbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19850?format=api", "vulnerability_id": "VCID-w3wh-mjtz-jbdb", "summary": "LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint\nBerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious `tokenizer_config.json` files that execute arbitrary code on the server.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2952", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01434", "scoring_system": "epss", "scoring_elements": "0.80999", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2952" }, { "reference_url": "https://github.com/BerriAI/litellm", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm" }, { "reference_url": "https://github.com/BerriAI/litellm/blob/0d803e13798db40aa7463e64a6bafaee386424f5/litellm/proxy/proxy_server.py#L2087", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm/blob/0d803e13798db40aa7463e64a6bafaee386424f5/litellm/proxy/proxy_server.py#L2087" }, { "reference_url": "https://github.com/BerriAI/litellm/commit/8a1cdc901708b07b7ff4eca20f9cb0f1f0e8d0b3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm/commit/8a1cdc901708b07b7ff4eca20f9cb0f1f0e8d0b3" }, { "reference_url": "https://github.com/BerriAI/litellm/issues/2949", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm/issues/2949" }, { "reference_url": "https://github.com/BerriAI/litellm/pull/2941", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/BerriAI/litellm/pull/2941" }, { "reference_url": "https://huntr.com/bounties/a9e0a164-6de0-43a4-a640-0cbfb54220a4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-07-03T15:32:17Z/" } ], "url": "https://huntr.com/bounties/a9e0a164-6de0-43a4-a640-0cbfb54220a4" }, { "reference_url": "https://github.com/berriai/litellm/commit/8a1cdc901708b07b7ff4eca20f9cb0f1f0e8d0b3", "reference_id": "8a1cdc901708b07b7ff4eca20f9cb0f1f0e8d0b3", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-07-03T15:32:17Z/" } ], "url": "https://github.com/berriai/litellm/commit/8a1cdc901708b07b7ff4eca20f9cb0f1f0e8d0b3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2952", "reference_id": "CVE-2024-2952", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2952" }, { "reference_url": "https://github.com/advisories/GHSA-46cm-pfwv-cgf8", "reference_id": "GHSA-46cm-pfwv-cgf8", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-46cm-pfwv-cgf8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/680668?format=api", "purl": "pkg:pypi/litellm@1.34.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bck-72ae-wfcm" }, { "vulnerability": "VCID-a5y6-f7xv-43gk" }, { "vulnerability": "VCID-cnnd-frah-5yh5" }, { "vulnerability": "VCID-cwhb-pzcz-yfeq" }, { "vulnerability": "VCID-fvh1-8bnc-hqcz" }, { "vulnerability": "VCID-j6rg-j1zw-hkbx" }, { "vulnerability": "VCID-md8m-rdpu-dbe4" }, { "vulnerability": "VCID-nst5-3xsy-qbgk" }, { "vulnerability": "VCID-pmft-nzj7-n3ee" }, { "vulnerability": "VCID-r97y-74wy-8fbb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/litellm@1.34.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/80615?format=api", "purl": "pkg:pypi/litellm@1.34.42", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bck-72ae-wfcm" }, { "vulnerability": "VCID-a5y6-f7xv-43gk" }, { "vulnerability": "VCID-cnnd-frah-5yh5" }, { "vulnerability": "VCID-cwhb-pzcz-yfeq" }, { "vulnerability": "VCID-fvh1-8bnc-hqcz" }, { "vulnerability": "VCID-j6rg-j1zw-hkbx" }, { "vulnerability": "VCID-md8m-rdpu-dbe4" }, { "vulnerability": "VCID-nst5-3xsy-qbgk" }, { "vulnerability": "VCID-pmft-nzj7-n3ee" }, { "vulnerability": "VCID-r97y-74wy-8fbb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/litellm@1.34.42" } ], "aliases": [ "CVE-2024-2952", "GHSA-46cm-pfwv-cgf8" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w3wh-mjtz-jbdb" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/litellm@0.1.639" }