Homepage

llmswap@5.2.0 vulnerabilities

Universal LLM SDK + MCP Client: GPT-5.2, Claude Opus 4.5, Gemini 3 Flash, Gemini 3 Pro, Grok 4.1, DeepSeek V3.2 + 10 providers. LMArena top models. Natural language tool calling. Zero vendor lock-in. Production SDK + beautiful CLI.

  • latest version

    5.5.4

  • latest non vulnerable version

    5.5.4

  • first published

    5 months ago

  • latest version published

    11 days ago

  • licenses detected

  • View llmswap package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the llmswap package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Information Exposure

    llmswap is an Universal LLM SDK + MCP Client: GPT-5.2, Claude Opus 4.5, Gemini 3 Flash, Gemini 3 Pro, Grok 4.1, DeepSeek V3.2 + 10 providers. LMArena top models. Natural language tool calling. Zero vendor lock-in. Production SDK + beautiful CLI.

    Affected versions of this package are vulnerable to Information Exposure via error handling across multiple providers. An attacker can expose sensitive information, including API keys, credentials, and internal system details, through unfiltered error responses that fail to sanitize exception messages before returning them to users.

    Note: Successful exploitation of this vulnerability requires the attacker to have access to the network traffic.

    How to fix Information Exposure?

    Upgrade llmswap to version 5.2.1 or higher.

    [,5.2.1)
    Go back to all versions of this package