litellm 1.83.6

Direct Vulnerabilities

Known vulnerabilities in the litellm package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
C SQL Injection litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to SQL Injection via the token lookup query in the combined view path. An attacker can extract or manipulate records by supplying a crafted token value that is interpolated directly into the `WHERE v.token = '{token}'` clause. This affects the proxy’s combined-view token resolution logic and can expose or alter tenant-scoped data returned by the database query. Workarounds Set `disable_error_logs: true` under `general_settings` to prevent unauthenticated input from reaching the vulnerable proxy API key verification query path. How to fix SQL Injection? Upgrade `litellm` to version 1.83.7 or higher.	[1.81.16,1.83.7)
H Improper Neutralization of Special Elements Used in a Template Engine litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the `POST /prompts/test` endpoint, which accepts user-supplied prompt templates and renders them without sandboxing. An attacker can execute arbitrary code within the server process by submitting a crafted template after authenticating with a valid proxy API key. This may expose sensitive environment variables or allow commands to be executed on the host. How to fix Improper Neutralization of Special Elements Used in a Template Engine? Upgrade `litellm` to version 1.83.7 or higher.	[1.80.5,1.83.7)
H Command Injection litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Command Injection via preview MCP server endpoints `POST /mcp-rest/test/connection` and `POST /mcp-rest/test/tools/list`. An attacker can execute arbitrary commands by accessing the publicly exposed MCP management interface and configuring the server with attacker-controlled commands and arguments. How to fix Command Injection? Upgrade `litellm` to version 1.83.7 or higher.	[1.74.2,1.83.7)
H Arbitrary Code Injection litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Arbitrary Code Injection in the `/guardrails/test_custom_code` endpoint through bytecode rewriting. An attacker can execute arbitrary code by sending specially crafted requests to this endpoint. How to fix Arbitrary Code Injection? There is no fixed version for `litellm`.	[0,)

Vulnerability

Vulnerable Version

SQL Injection

litellm is a Library to easily interface with LLM API providers

Affected versions of this package are vulnerable to SQL Injection via the token lookup query in the combined view path. An attacker can extract or manipulate records by supplying a crafted token value that is interpolated directly into the WHERE v.token = '{token}' clause. This affects the proxy’s combined-view token resolution logic and can expose or alter tenant-scoped data returned by the database query.

Workarounds

Set disable_error_logs: true under general_settings to prevent unauthenticated input from reaching the vulnerable proxy API key verification query path.

How to fix SQL Injection?

Upgrade litellm to version 1.83.7 or higher.

[1.81.16,1.83.7)

Improper Neutralization of Special Elements Used in a Template Engine

litellm is a Library to easily interface with LLM API providers

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the POST /prompts/test endpoint, which accepts user-supplied prompt templates and renders them without sandboxing. An attacker can execute arbitrary code within the server process by submitting a crafted template after authenticating with a valid proxy API key. This may expose sensitive environment variables or allow commands to be executed on the host.

How to fix Improper Neutralization of Special Elements Used in a Template Engine?

Upgrade litellm to version 1.83.7 or higher.

[1.80.5,1.83.7)

Command Injection

litellm is a Library to easily interface with LLM API providers

Affected versions of this package are vulnerable to Command Injection via preview MCP server endpoints POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list. An attacker can execute arbitrary commands by accessing the publicly exposed MCP management interface and configuring the server with attacker-controlled commands and arguments.

How to fix Command Injection?

Upgrade litellm to version 1.83.7 or higher.

[1.74.2,1.83.7)

Arbitrary Code Injection

litellm is a Library to easily interface with LLM API providers

Affected versions of this package are vulnerable to Arbitrary Code Injection in the /guardrails/test_custom_code endpoint through bytecode rewriting. An attacker can execute arbitrary code by sending specially crafted requests to this endpoint.

How to fix Arbitrary Code Injection?

There is no fixed version for litellm.

[0,)

litellm@1.83.6

Library to easily interface with LLM API providers

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically