GHSA-xmpw-2vmm-p4p6

### Impact

On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of `guardrails-ai` (0.10.1) to PyPI.

**Affected:** any user who installed `guardrails-ai==0.10.1` from PyPI on May 11, 2026.

Security researchers identified the malicious package within approximately 2 hours of publication, and PyPI quarantined the repository. Based on our telemetry, we have observed no requests to Guardrails AI infrastructure originating from the malicious 0.10.1 version, and a review of system and access logs has produced no evidence of user data exfiltration through our systems.

For the full timeline, technical details, and remediation steps we have taken, see [SECURITY_ADVISORY.md](https://github.com/guardrails-ai/guardrails/blob/main/SECURITY_ADVISORY.md).

### Patches

No patched version above 0.10.1 is available yet. **Downgrade to `0.10.0`**, which is unaffected.

### Workarounds

**1. Pin to a safe version:**

`guardrails-ai==0.10.0`

**2. While the PyPI quarantine is active, install from GitHub:**

`pip install git+https://github.com/guardrails-ai/guardrails.git@v0.10.0`

The `v0.10.0` tag in this repository is clean. Track quarantine status here: [#1473](https://github.com/guardrails-ai/guardrails/issues/1473).

**3. If you installed 0.10.1, treat the host as potentially compromised.** Rotate any credentials accessible from that machine (GitHub PATs, cloud provider keys, package registry tokens, API keys) and audit your GitHub account for unauthorized workflows or repositories.

**4. Snowglobe and Guardrails Hub users :** all Snowglobe and Guardrails Hub API keys will be invalidated at 2:00 PM Pacific on May 13, 2026. Rotate yours before then to avoid service interruption.

### References

- Full advisory, timeline, and remediation details: [SECURITY_ADVISORY.md](https://github.com/guardrails-ai/guardrails/blob/main/SECURITY_ADVISORY.md)