⚠ LiteLLM 1.82.8 Supply Chain Compromise
LiteLLM PyPI release 1.82.8 contains a malicious litellm_init.pth that exfiltrates credentials and self-replicates.
Reference: BerriAI/litellm#24512
Status: ccproxy is not affected - pinned to <1.82.8 across all branches.
Action taken:
- Full system scan confirmed no instances of 1.82.8
- All branches pinned with
litellm[proxy]>=1.13.0,<1.82.8
- Actively seeking LiteLLM alternatives
We are safe - currently on 1.82.6. I've done a full scan of all my packages and repositories, and nothing on my system is using 1.82.8. I've pinned all repositories and am immediately seeking alternatives to LiteLLM. I don't use Discord a ton, but I see all notifications on my server - if you have any suggestions or want to discuss, feel free to reach out there.
⚠ LiteLLM 1.82.8 Supply Chain Compromise
LiteLLM PyPI release 1.82.8 contains a malicious
litellm_init.pththat exfiltrates credentials and self-replicates.Reference: BerriAI/litellm#24512
Status: ccproxy is not affected - pinned to
<1.82.8across all branches.Action taken:
litellm[proxy]>=1.13.0,<1.82.8We are safe - currently on 1.82.6. I've done a full scan of all my packages and repositories, and nothing on my system is using 1.82.8. I've pinned all repositories and am immediately seeking alternatives to LiteLLM. I don't use Discord a ton, but I see all notifications on my server - if you have any suggestions or want to discuss, feel free to reach out there.