Heads up, developers. There’s a potential security issue with LiteLLM, a popular AI Gateway, involving compromised PyPI packages. Versions 1.82.7 and 1.82.8 got hit by a supply chain attack. The issue seems linked to a possible breach of a maintainer’s account, allowing attackers to publish malicious code designed to steal sensitive data like AWS keys and database passwords.
Here’s what you need to know: If you installed these versions via pip on March 24, 2026, or built a Docker image using them, you might be at risk. Thankfully, these packages have been yanked from PyPI, but if you were affected, rotate your secrets, purge any suspicious files, and check your deployment history for these versions.
And the good news? Official LiteLLM Proxy Docker images that pin dependencies weren’t affected. LiteLLM’s team is pausing new releases to conduct a comprehensive review. For any security concerns, reach out to their support channels promptly. Stay safe out there, folks!
Read more…