GHSA-5mg7-485q-xm76: Two LiteLLM versions published containing credential harvesting malware
(updated )
After an API Token exposure from an exploited trivy dependency, two new releases of litellm were uploaded to PyPI containing automatically activated malware, harvesting sensitive credentials and files, and exfiltrating to a remote API.
Anyone who has installed and run the project should assume any credentials available to litellm environment may have been exposed, and revoke/rotate thema ccordingly.
References
- futuresearch.ai/blog/litellm-pypi-supply-chain-attack
- github.com/BerriAI/litellm
- github.com/BerriAI/litellm/issues/24518
- github.com/advisories/GHSA-5mg7-485q-xm76
- github.com/pypa/advisory-database/tree/main/vulns/litellm/PYSEC-2026-2.yaml
- inspector.pypi.io/project/litellm/1.82.7/packages/79/5f/b6998d42c6ccd32d36e12661f2734602e72a576d52a51f4245aef0b20b4d/litellm-1.82.7-py3-none-any.whl/litellm/proxy/proxy_server.py
- inspector.pypi.io/project/litellm/1.82.8/packages/f6/2c/731b614e6cee0bca1e010a36fd381fba69ee836fe3cb6753ba23ef2b9601/litellm-1.82.8.tar.gz/litellm-1.82.8/litellm_init.pth
- www.wiz.io/blog/teampcp-attack-kics-github-action
Code Behaviors & Features
Detect and mitigate GHSA-5mg7-485q-xm76 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →