Vulnerability Reportlitellm/litellm-database:1.86.6

litellm/litellm-database:v1.86.6litellm/litellm-database:1.86.6

DIGESTsha256:7d20f6396a6ef245f04335ca09a7e3a6b46e0a7dd6957464b96ab1b158f8a2b5

Executive Summary

SAFE

This image is safe for production use. It contains 25 vulnerabilities on the exposed surface and 26 post-exploit-only, but all are low severity (max 5.52) and no findings were identified as exploitable. The image is pinned by digest for integrity, though it is an unverified community image with low reputation, so standard monitoring is advised.

Threat Score

5/100

SAFE

Low severity vulnerabilities (max 5.52 exposed, 3.98 post) with no critical or high-severity findings
No exposed surface or post-exploit findings (INPUT 4 and 5 empty) indicating no actionable exploits
Image pinned by digest (immutable) ensuring integrity, though trust is UNVERIFIED with low reputation

Reputation

UNVERIFIED

litellm

COMMUNITY

Community Image with low/unknown reputation
Pinned by digest (Immutable)

Vulnerabilities

Vulnerability Log

51 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-48710	MEDIUM5.52	starlette 0.50.0 fixed in 1.0.1	0.9% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-34181	MEDIUM5.35	libcrypto3 3.6.2-r3 fixed in 3.6.3-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libcrypto3 3.6.2-r3 fixed in 3.6.3-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libssl3 3.6.2-r3 fixed in 3.6.3-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libssl3 3.6.2-r3 fixed in 3.6.3-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libcrypto3 3.6.2-r3 fixed in 3.6.3-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libssl3 3.6.2-r3 fixed in 3.6.3-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libssl3 3.6.2-r3 fixed in 3.6.3-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-48524	MEDIUM5.02	PyJWT 2.12.0 fixed in 2.13.0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libcrypto3 3.6.2-r3 fixed in 3.6.3-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libssl3 3.6.2-r3 fixed in 3.6.3-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libcrypto3 3.6.2-r3 fixed in 3.6.3-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libcrypto3 3.6.2-r3 fixed in 3.6.3-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libssl3 3.6.2-r3 fixed in 3.6.3-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libssl3 3.6.2-r3 fixed in 3.6.3-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-33672	MEDIUM4.5	picomatch 4.0.3 fixed in 4.0.4, 3.0.2, 2.3.2	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libcrypto3 3.6.2-r3 fixed in 3.6.3-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libssl3 3.6.2-r3 fixed in 3.6.3-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2023-39810	LOW3.98	busybox 1.37.0-r57 fixed in 1.37.0-r58	0.7% Theoretical Threat	Post-Exploit
CVE-2026-26157	LOW3.57	busybox 1.37.0-r57 fixed in 1.37.0-r58	0.7% Theoretical Threat	Post-Exploit
CVE-2026-26158	LOW3.57	busybox 1.37.0-r57 fixed in 1.37.0-r58	0.2% Theoretical Threat	Post-Exploit
CVE-2024-6345	LOW3.17	setuptools 68.1.2 fixed in 70.0.0	1.8% Low-Moderate Risk	Post-Exploit
CVE-2025-47273	LOW3.17	setuptools 68.1.2 fixed in 78.1.1	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-45446	LOW3.15	libcrypto3 3.6.2-r3 fixed in 3.6.3-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libssl3 3.6.2-r3 fixed in 3.6.3-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45447	LOW2.92	libcrypto3 3.6.2-r3 fixed in 3.6.3-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-45447	LOW2.92	libssl3 3.6.2-r3 fixed in 3.6.3-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-45445	LOW2.78	libcrypto3 3.6.2-r3 fixed in 3.6.3-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libssl3 3.6.2-r3 fixed in 3.6.3-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-34183	LOW2.29	libcrypto3 3.6.2-r3 fixed in 3.6.3-r0	0.5% Theoretical Threat	Post-Exploit
CVE-2026-34183	LOW2.29	libssl3 3.6.2-r3 fixed in 3.6.3-r0	0.5% Theoretical Threat	Post-Exploit
CVE-2026-33750	LOW2.29	brace-expansion 5.0.4 fixed in 5.0.5, 3.0.2, 2.0.3, 1.1.13	0.4% Theoretical Threat	Post-Exploit
CVE-2026-45149	LOW2.29	brace-expansion 5.0.4 fixed in 5.0.6	0.2% Theoretical Threat	Post-Exploit
CVE-2026-47265	LOW2.29	aiohttp 3.13.5 fixed in 3.14.0	0.1% Theoretical Threat	Post-Exploit
CVE-2026-34182	LOW2.26	libcrypto3 3.6.2-r3 fixed in 3.6.3-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-34182	LOW2.26	libssl3 3.6.2-r3 fixed in 3.6.3-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-34993	LOW2.23	aiohttp 3.13.5 fixed in 3.14.0	0.1% Theoretical Threat	Post-Exploit
CVE-2026-33671	LOW1.99	picomatch 4.0.3 fixed in 4.0.4, 3.0.2, 2.3.2	0.4% Theoretical Threat	Post-Exploit
CVE-2026-42338	LOW1.87	ip-address 10.1.0 fixed in 10.1.1	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42764	LOW1.81	libcrypto3 3.6.2-r3 fixed in 3.6.3-r0	0.7% Theoretical Threat	Post-Exploit
CVE-2026-42769	LOW1.81	libcrypto3 3.6.2-r3 fixed in 3.6.3-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42770	LOW1.81	libcrypto3 3.6.2-r3 fixed in 3.6.3-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-42764	LOW1.81	libssl3 3.6.2-r3 fixed in 3.6.3-r0	0.7% Theoretical Threat	Post-Exploit
CVE-2026-42769	LOW1.81	libssl3 3.6.2-r3 fixed in 3.6.3-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-35188	NONE0	libcrypto3 3.6.2-r3 fixed in 3.6.3-r0	0.2% Theoretical Threat	Not Applicable
CVE-2026-42765	NONE0	libcrypto3 3.6.2-r3 fixed in 3.6.3-r0	0.4% Theoretical Threat	Not Applicable
CVE-2026-35188	NONE0	libssl3 3.6.2-r3 fixed in 3.6.3-r0	0.2% Theoretical Threat	Not Applicable
CVE-2026-42765	NONE0	libssl3 3.6.2-r3 fixed in 3.6.3-r0	0.4% Theoretical Threat	Not Applicable
CVE-2026-53655	NONE0	tar 7.5.11 fixed in 7.5.16	—	Not Applicable
GHSA-vfvv-c25p-m7mm	NONE0	rkyv 0.8.15 fixed in 0.8.16	—	Not Applicable
GHSA-3pv8-6f4r-ffg2	NONE0	tar 0.4.45 fixed in 0.4.46	—	Not Applicable