Vulnerabilities in berriai
35 resultsCVE-2026-12795MEDIUMBerriAI litellm SSO Debug Flow ui_sso.py json.dumps missing authenticationEPSS 0.5%CVE-2026-49468CRITICALLiteLLM: Authentication Bypass via Host Header InjectionEPSS 0.5%CVE-2024-5225MEDIUMSQL Injection in berriai/litellmEPSS 0.4%CVE-2024-5710MEDIUMImproper Access Control in Team Management in berriai/litellmEPSS 0.4%CVE-2026-35030CRITICALLiteLLM has an authentication bypass via OIDC userinfo cache key collisionEPSS 0.4%CVE-2026-12796MEDIUMBerriAI litellm SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expirationEPSS 0.4%CVE-2026-12770MEDIUMBerriAI litellm Admin Key key_management_endpoints.py improper authorizationEPSS 0.3%CVE-2026-42203HIGHLiteLLM: Server-Side Template Injection in /prompts/test endpointEPSS 0.3%CVE-2025-0628HIGHImproper Authorization in BerriAI/litellmEPSS 0.3%CVE-2026-12771LOWBerriAI litellm M2M JWT user_api_key_auth.py improper authorizationEPSS 0.3%CVE-2026-12799MEDIUMBerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorizationEPSS 0.3%CVE-2026-12772MEDIUMBerriAI litellm PROXY_ADMIN database API Key Generator login_utils.py authenticate_user session expirationEPSS 0.3%CVE-2026-12774MEDIUMBerriAI litellm MCP Server Connection Testing rest_endpoints.py _execute_with_mcp_client server-side request forgeryEPSS 0.3%CVE-2026-12798MEDIUMBerriAI litellm MCP OpenAPI Spec Loader openapi_to_mcp_generator.py load_openapi_spec_async server-side request forgeryEPSS 0.3%CVE-2026-12797MEDIUMBerriAI litellm Completions banned_keywords.py async_pre_call_hook authorizationEPSS 0.2%