Vulnerability Reportlitellm/litellm-database:1.88.2

litellm/litellm-database:v1.88.2litellm/litellm-database:1.88.2

DIGESTsha256:5a68e54a987034168d7b23820e0c8f9e8591c66fd00f8eccf7b1598b0dc2f152

Executive Summary

SAFE

This image is safe for production use. The image has 2 exposed vulnerabilities (max severity 5.1) and 13 post-exploit findings (max severity 3.98), all low severity. The trust score indicates a community image with low reputation, but the image is pinned by digest. Given the low threat score (5/100) and absence of high-severity issues, the risk is minimal.

Threat Score

5/100

SAFE

Community image with low reputation (score 55/100) and unverified publisher.
Exposed surface vulnerabilities: 2 findings with max severity 5.1 (low).
No high or critical severity vulnerabilities found in post-exploit analysis (max 3.98).
Image is pinned by digest for immutability.

Reputation

UNVERIFIED

litellm

COMMUNITY

Community Image with low/unknown reputation
Pinned by digest (Immutable)

Vulnerabilities

Vulnerability Log

15 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-47265	MEDIUM5.1	aiohttp 3.13.5 fixed in 3.14.0	0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2023-39810	LOW3.98	busybox 1.37.0-r57 fixed in 1.37.0-r58	0.7% Theoretical Threat	Post-Exploit
CVE-2026-26157	LOW3.57	busybox 1.37.0-r57 fixed in 1.37.0-r58	0.7% Theoretical Threat	Post-Exploit
CVE-2026-26158	LOW3.57	busybox 1.37.0-r57 fixed in 1.37.0-r58	0.2% Theoretical Threat	Post-Exploit
CVE-2024-6345	LOW3.17	setuptools 68.1.2 fixed in 70.0.0	1.8% Low-Moderate Risk	Post-Exploit
CVE-2025-47273	LOW3.17	setuptools 68.1.2 fixed in 78.1.1	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-33750	LOW2.29	brace-expansion 5.0.4 fixed in 5.0.5, 3.0.2, 2.0.3, 1.1.13	0.4% Theoretical Threat	Post-Exploit
CVE-2026-45149	LOW2.29	brace-expansion 5.0.4 fixed in 5.0.6	0.2% Theoretical Threat	Post-Exploit
CVE-2026-34993	LOW2.23	aiohttp 3.13.5 fixed in 3.14.0	0.1% Theoretical Threat	Post-Exploit
CVE-2026-33671	LOW1.99	picomatch 4.0.3 fixed in 4.0.4, 3.0.2, 2.3.2	0.4% Theoretical Threat	Post-Exploit
CVE-2026-42338	LOW1.87	ip-address 10.1.0 fixed in 10.1.1	0.3% Theoretical Threat	Post-Exploit
CVE-2026-33672	LOW1.62	picomatch 4.0.3 fixed in 4.0.4, 3.0.2, 2.3.2	0.4% Theoretical Threat	Post-Exploit
CVE-2026-53655	NONE0	tar 7.5.11 fixed in 7.5.16	—	Not Applicable
GHSA-vfvv-c25p-m7mm	NONE0	rkyv 0.8.15 fixed in 0.8.16	—	Not Applicable
GHSA-3pv8-6f4r-ffg2	NONE0	tar 0.4.45 fixed in 0.4.46	—	Not Applicable