If you discover a security vulnerability in litellm-rust, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, please email: aviv@sinai.dev
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Assessment: Within 1 week
- Fix: Depending on severity, typically within 2 weeks
This policy covers the litellm-rust crate itself. Issues with upstream LLM provider APIs should be reported to those providers directly.
This project uses:
- gitleaks - Automated secret scanning in CI
- cargo-deny - Dependency vulnerability and license auditing
- clippy - Static analysis for common Rust pitfalls
- No
unsafecode in library