PyPi: Litellm

CVE-2025-0330

Safety vulnerability ID: 76182

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 20, 2025 Updated at Apr 03, 2025

Scan your Python projects for vulnerabilities →

Advisory

In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfuse_secret and langfuse_public_key, which can provide full access to the Langfuse project storing all requests.

Affected package

litellm

Latest version: 1.65.3

Library to easily interface with LLM API providers

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/advisories/GHSA-879v-fggm-vxw2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0330

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application