Home / Security updates / Security Advisory: Trivy, LiteLLM, and Axios Supply Chain Vulnerabilities
Security Advisory: Trivy, LiteLLM, and Axios Supply Chain Vulnerabilities
Security updates detail rendered from /security-updates/upd_c8deb3ab4347ca25.
Overview
| ID | upd_c8deb3ab4347ca25 |
| Collection | Security Updates |
| Provider | Wolfia |
| Company | ThoughtSpot |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_c8deb3ab4347ca25 |
| providerId | wolfia |
| organizationId | org_6e887cbb556eaa03 |
| trustCenterId | tc_d5faf9e1a34af7b3 |
| title | Security Advisory: Trivy, LiteLLM, and Axios Supply Chain Vulnerabilities |
| message | *Update April 2, 2026: The security advisory was updated to reflect that ThoughtSpot is not impacted by the Axios supply chain compromise.* We are aware of the recent supply chain attacks affecting Aqua Security’s Trivy ([<u>March 19, 2026</u>](https://www.aquasec.com/blog/trivy-supply-chain-attack-what-you-need-to-know/)), the LiteLLM Python package on PyPI ([<u>March 24, 2026</u>](https://github.com/BerriAI/litellm/issues/24512)), and the Axios NPM package ([<u>March 30, 2026</u>](https://github.com/axios/axios/issues/10604)). The supply chain attacks involve potential malicious code capable of credential harvesting, data exfiltration, and lateral movement across environments. **Status: ThoughtSpot is not impacted** We have completed a thorough review of our GitHub organizations, repository dependencies, and build environments. ThoughtSpot's products, services, and infrastructure are not impacted by the incidents. * **Trivy**: No compromised Trivy versions or affected GitHub Actions were present in our environments during the impacted time windows. * **LiteLLM**: The affected LiteLLM versions (1.82.7 and 1.82.8) are not and were not used across any ThoughtSpot platform. * **Axios**: No compromised axios versions were present or used by ThoughtSpot. **No action is required from ThoughtSpot customers.** Your data remains secure, and our services continue to operate normally. We maintain continuous monitoring of our supply chain dependencies and will provide updates here if our assessment changes. Your trust is paramount, and we remain committed to maintaining the security of your data. We will continue to update this page as new information becomes available. If you have further questions or require a deeper technical discussion, please reach out to us. |
| url | - |
| publishedAt | 2026-03-25 |
| source | {
"field": "swrFallback./trustportal/public/updates?limit=25"
} |
| company | {
"id": "org_6e887cbb556eaa03",
"name": "ThoughtSpot",
"domains": [
"security.thoughtspot.com"
]
} |
| trust_center | {
"id": "tc_d5faf9e1a34af7b3",
"name": "ThoughtSpot",
"url": "https://security.thoughtspot.com",
"host": "security.thoughtspot.com"
} |
| provider | {
"id": "wolfia",
"name": "Wolfia"
} |
| links | {
"self": "/v1/security-updates/upd_c8deb3ab4347ca25",
"company": "/v1/companies/org_6e887cbb556eaa03",
"trust_center": "/v1/trust-centers/tc_d5faf9e1a34af7b3",
"provider": "/v1/providers/wolfia"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_c8deb3ab4347ca25JSON