Workflow

PyPi: Litellm

CVE-2024-6119

Transitive

Safety vulnerability ID: 74775

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Sep 03, 2024 Updated at Feb 21, 2025
Scan your Python projects for vulnerabilities →

Advisory

Litellm 1.56.2 updates its dependency 'cryptography' to include a security fix.

Affected package

litellm

Latest version: 1.61.13

Library to easily interface with LLM API providers

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* Litellm dev 12 24 2024 p2 by krrishdholakia in https://github.com/BerriAI/litellm/pull/7400
* (feat) Support Dynamic Params for `guardrails` by ishaan-jaff in https://github.com/BerriAI/litellm/pull/7415
* docs: cleanup docker compose comments by marcoscannabrava in https://github.com/BerriAI/litellm/pull/7414
* (Security fix) UI - update `next` version by ishaan-jaff in https://github.com/BerriAI/litellm/pull/7418
* (security fix) - fix docs snyk vulnerability by ishaan-jaff in https://github.com/BerriAI/litellm/pull/7419
* LiteLLM Minor Fixes & Improvements (12/25/2024) - p1 by krrishdholakia in https://github.com/BerriAI/litellm/pull/7411
* LiteLLM Minor Fixes & Improvements (12/25/2024) - p2 by krrishdholakia in https://github.com/BerriAI/litellm/pull/7420
* Ensure 'disable_end_user_cost_tracking_prometheus_only' works for new prometheus metrics by krrishdholakia in https://github.com/BerriAI/litellm/pull/7421
* (security fix) - bump fast api, fastapi-sso, python-multipart - fix snyk vulnerabilities by ishaan-jaff in https://github.com/BerriAI/litellm/pull/7417
* docs - batches cost tracking by ishaan-jaff in https://github.com/BerriAI/litellm/pull/7422
* Add `/openai` pass through route on litellm proxy by ishaan-jaff in https://github.com/BerriAI/litellm/pull/7412
* (Feat) Add logging for `POST v1/fine_tuning/jobs` by ishaan-jaff in https://github.com/BerriAI/litellm/pull/7426
* (docs) - show all supported Azure OpenAI endpoints in overview by ishaan-jaff in https://github.com/BerriAI/litellm/pull/7428
* (docs) - custom guardrail show how to use dynamic guardrail params by ishaan-jaff in https://github.com/BerriAI/litellm/pull/7430
* Support budget/rate limit tiers for keys by krrishdholakia in https://github.com/BerriAI/litellm/pull/7429
* (fix) initializing OTEL Logging on LiteLLM Proxy - ensure OTEL logger is initialized only once by ishaan-jaff in https://github.com/BerriAI/litellm/pull/7435
* Litellm dev 12 26 2024 p3 by krrishdholakia in https://github.com/BerriAI/litellm/pull/7434
* fix(key_management_endpoints.py): enforce user_id / team_id checks on key generate by krrishdholakia in https://github.com/BerriAI/litellm/pull/7437
* LiteLLM Minor Fixes & Improvements (12/26/2024) - p4 by krrishdholakia in https://github.com/BerriAI/litellm/pull/7439
* Refresh VoyageAI models, prices and context by fzowl in https://github.com/BerriAI/litellm/pull/7443
* Revert "Refresh VoyageAI models, prices and context" by krrishdholakia in https://github.com/BerriAI/litellm/pull/7446
* (feat) `/guardrails/list` show guardrail info params by ishaan-jaff in https://github.com/BerriAI/litellm/pull/7442
* add openrouter o1 by paul-gauthier in https://github.com/BerriAI/litellm/pull/7424
* ✨ (Feat) Log Guardrails run, guardrail response on logging integrations by ishaan-jaff in https://github.com/BerriAI/litellm/pull/7445

New Contributors
* marcoscannabrava made their first contribution in https://github.com/BerriAI/litellm/pull/7414
* fzowl made their first contribution in https://github.com/BerriAI/litellm/pull/7443

**Full Changelog**: https://github.com/BerriAI/litellm/compare/v1.55.12...v1.56.2



Docker Run LiteLLM Proxy


docker run \
-e STORE_MODEL_IN_DB=True \
-p 4000:4000 \
ghcr.io/berriai/litellm:main-v1.56.2



Don't want to maintain your internal proxy? get in touch 🎉
Hosted Proxy Alpha: https://calendly.com/d/4mp-gd3-k5k/litellm-1-1-onboarding-chat

Load Test LiteLLM Proxy Results

| Name | Status | Median Response Time (ms) | Average Response Time (ms) | Requests/s | Failures/s | Request Count | Failure Count | Min Response Time (ms) | Max Response Time (ms) |
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
| /chat/completions | Passed ✅ | 250.0 | 275.3240164096845 | 6.143891773397197 | 0.0 | 1838 | 0 | 224.26387399997338 | 1437.5524760000076 |
| Aggregated | Passed ✅ | 250.0 | 275.3240164096845 | 6.143891773397197 | 0.0 | 1838 | 0 | 224.26387399997338 | 1437.5524760000076 |

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application