PyPI: litellm
GHSA-5mg7-485q-xm76
Safety vulnerability ID: SFTY-20260325-42188
After an API Token exposure from an exploited trivy dependency, two new releases of `litellm` were uploaded to PyPI containing automatically activated malware, harvesting sensitive credentials and files, and exfiltrating to a remote API. Anyone who has installed and run the project should assume any credentials available to litellm environment may have been exposed, and revoke/rotate thema ccordingly.
Overview
Two LiteLLM versions published containing credential harvesting malware
Advisory
Two LiteLLM versions published containing credential harvesting malware
How to Fix
We recommend updating litellm to the latest non-vulnerable version.
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20260325-42188
- https://github.com/BerriAI/litellm/issues/24518
- https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack
- https://github.com/pypa/advisory-database/tree/main/vulns/litellm/PYSEC-2026-2.yaml
- https://inspector.pypi.io/project/litellm/1.82.7/packages/79/5f/b6998d42c6ccd32d36e12661f2734602e72a576d52a51f4245aef0b20b4d/litellm-1.82.7-py3-none-any.whl/litellm/proxy/proxy_server.py#line.130
- https://inspector.pypi.io/project/litellm/1.82.8/packages/f6/2c/731b614e6cee0bca1e010a36fd381fba69ee836fe3cb6753ba23ef2b9601/litellm-1.82.8.tar.gz/litellm-1.82.8/litellm_init.pth#line.1
- https://www.wiz.io/blog/teampcp-attack-kics-github-action
- https://docs.litellm.ai/blog/security-update-march-2026
- https://github.com/advisories/GHSA-5mg7-485q-xm76
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more