Malicious Supply Chain Compromise in litellm

60% confidence

Description

A malicious supply chain compromise has been identified in the Python Package Index package litellm version 1.82.8. The published wheel contains a malicious .pth file (litellm_init.pth, 34,628 bytes) which is automatically executed by the Python interpreter on every startup, without requiring any explicit import of the litellm module.

Affected Products

Vendor	Product	Versions
python package index	litellm	1.82.8

Related News (1 articles)

Tier C

Schneier on Security1d ago

Python Supply-Chain Compromise

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

PublishedApr 8, 2026

Last enriched1d ago

Community Vote

0 upvotes0 downvotes

No votes yet

Malicious Supply Chain Compromise in litellm

Description

Affected Products

Related News (1 articles)

Community Vote

Pin to Dashboard

Verification

Vulnerability Timeline