GHSA-XMPW-2VMM-P4P6 Malicious code in guardrails-ai 0.10.1 (supply chain compromise)

Impact On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Affected: any user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026. Security researchers identified the malicious package within approximately 2 hours ...

atlas-mcp (=0.1.0), blackmaria (=0.1.0) +5 more potentially affected by CVE-2026-45758 via guardrails-ai (=0.10.0)

guardrails-ai PYPI version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on guardrails-ai and may be impacted: - atlas-mcp =0.1.0 - blackmaria =0.1.0 - dao-ai =0.1.39, =0.0.0a0, =0.1.0, =0.1.3 Source cves: CVE-2026-45758 Source advisory:...

Malicious code in guardrails-ai 0.10.1 (supply chain compromise)

Impact On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Affected: any user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026. Security researchers identified the malicious package within approximately 2 hours ...

PT-2026-41973

Impact On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Affected: any user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026. Security researchers identified the malicious package within approximately 2 hours ...

GHSA-R6HF-G5X6-7PV9 Guardrails AI contains a code injection vulnerability in its Hub package installation mechanism

Guardrails AI thru 0.6.7 contains a code injection vulnerability CWE-94 in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the postinstall...

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP , the threat actor behind the recentsupply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have been modified to inclu...

MAL-2026-3607 Malicious code in guardrails-ai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

atlas-mcp (=0.1.0), blackmaria (=0.1.0) +5 more potentially affected by unknown CVE via guardrails-ai (=0.10.0)

guardrails-ai PYPI version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on guardrails-ai and may be impacted: - atlas-mcp =0.1.0 - blackmaria =0.1.0 - dao-ai =0.1.39, =0.0.0a0, =0.1.0, =0.1.3 Source cves: unknown CVE Source advisory:...

Malicious code in guardrails-ai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5 This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor. The package will steal credentials...

CVE-2026-31233

CVE-2026-31233 affects Guardrails AI through version 0.6.7. The vulnerability resides in the Hub package installation mechanism: when installing validator packages, the system fetches a manifest from the Guardrails Hub and dynamically executes a script specified in the post_install field. The scr...

athina (=1.1.0), atlas-mcp (=0.1.0) +7 more potentially affected by unknown CVE via guardrails-ai (>=0.10.0 <=0.8.0)

guardrails-ai PYPI version =0.10.0, =0.1.39, =0.0.0a0, =0.0.1, =0.1.0, =0.1.3 Source cves: unknown CVE Source advisory: SNYK:PYTHON-GUARDRAILSAI-16641086...

EUVD-2024-2883

Malicious code in bioql PyPI...

EUVD-2024-2333

Malicious code in bioql PyPI...

CVE-2024-6961

RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity...

CVE-2024-45858

An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a maliciously crafted XML file containing Python code, the code will be passed to an eval function, causing i...

Guardrails has an arbitrary code execution vulnerability

An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a maliciously crafted XML file containing Python code, the code will be passed to an eval function, causing i...

CVE-2024-45858

An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a maliciously crafted XML file containing Python code, the code will be passed to an eval function, causing i...

CVE-2024-45858

CVE-2024-45858 affects Guardrails AI Guardrails framework versions 0.2.9–0.5.10. The root cause is improper validation of XML files, where loading a malicious XML containing Python code causes the code to be passed to eval and executed on the user’s machine. The vulnerability enables arbitrary co...

CVE-2024-45858

An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a maliciously crafted XML file containing Python code, the code will be passed to an eval function, causing i...

XML Entity Expansion (XXE)

guardrails-ai is vulnerable to XML Entity Expansion XXE. The vulnerability is due to consuming RAIL documents from external sources, which may cause leakage of internal file data via the SYSTEM entity...