If you installed or ran v1.82.7 or v1.82.8, take the actions on https://docs.litellm.ai/blog/security-update-march-2026 immediately.
According to what is described in this link;
TLDR
The compromised PyPI packages were litellm==1.82.7 and litellm==1.82.8. Those packages have now been removed from PyPI.
We believe that the compromise originated from the Trivy dependency used in our CI/CD security scanning workflow.
Customers running the official LiteLLM Proxy Docker image were not impacted. That deployment path pins dependencies in requirements.txt and does not rely on the compromised PyPI packages.
We are pausing new LiteLLM releases until we complete a broader supply-chain review and confirm the release path is safe.
Note: These versions have already been removed from PyPI.