"Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from the Python Package Index (PyPI) following a supply chain attack that injected them with malicious credential-stealing code.

Specifically, LiteLLM v1.82.7 and v1.82.8 have been taken down because they contain credential-stealing code in a component file, litellm_init.pth."

https://www.theregister.com/2026/03/24/trivy_compromise_litellm/