VYPR

apk package

chainguard/litellm-compat

pkg:apk/chainguard/litellm-compat

Vulnerabilities (3)

  • CVE-2026-40217HigApr 10, 2026
    affected < 0fixed 0

    LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI.

  • CVE-2026-35030CriApr 6, 2026
    affected < 1.83.3.0-r0fixed 1.83.3.0-r0

    LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, when JWT authentication is enabled (enable_jwt_auth: true), the OIDC userinfo cache uses token[:20] as the cache key. JWT headers produced by the same signing algorithm generate

  • CVE-2026-35029HigApr 6, 2026
    affected < 1.83.3.0-r0fixed 1.83.3.0-r0

    LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, the /config/update endpoint does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to modify proxy configura