This is an advisory for a malicious package.

We recommend immediate removal of malicious versions of this package. Safety Firewall is actively blocking installation and will help you identify any existing installations of the package.

Learn more

PyPI: litellm

SFTY-20260324-33085

--- _-= Per source details. Do not edit below this line.=-_ ## Source: google-open-source-security (6a89401cbf53902e8374fbf3b424a77bb5e5f8c437176232eab7c3237d10ecbe) LiteLLM was compromised through trivy security scan in a GitHub workflow. Attackers uploaded malicious versions of LiteLLM to PyPI. The malicious code would exfiltrate sensitive secrets to an attcker controlled domain.

PyPI

Created at: Mar 26, 2026Updated at: Mar 26, 2026

Overview

Malicious code in litellm (PyPI)

Advisory

Malicious code in litellm (PyPI)

Affected Package

Affecting litellm package, versions

==1.82.7

==1.82.8

Also affects

---

How to Fix

We recommend updating litellm to the latest non-vulnerable version.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

https://getsafety.com/vulnerabilities/SFTY-20260324-33085

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more