Tag
litellm
Safeguard articles tagged "litellm" — guides, analysis, and best practices for software supply chain and application security.
2 articles
AI Security
When the Scanner Is the Backdoor: The LiteLLM Trivy Attack
On March 19, 2026, TeamPCP hijacked Trivy's GitHub Action to steal LiteLLM's PyPI token, then shipped a backdoored release, CVE-2026-33634, CVSS 9.4.
Jul 16, 20266 min read
Supply Chain Attacks
When the Vulnerability Is the Design: MCP STDIO Command Injection Across 150M Downloads (May 2026)
OX Security documented command injection through the MCP STDIO transport across Python, TypeScript, Java, and Rust SDKs. Anthropic calls the behavior by-design and won't patch upstream. That leaves the fix to thousands of downstream projects.
May 6, 202611 min read