VulnerableCode Package Details - pkg:pypi/ultralytics@8.3.45

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/ultralytics@8.3.45

Essentials
History (2)

purl	pkg:pypi/ultralytics@8.3.45

Next non-vulnerable version	8.3.47
Latest non-vulnerable version	8.3.47
Risk	3.9

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-s5xv-w8ne-nuf3 Aliases: PYSEC-2024-154	A number of releases of ultralytics contained malicious crypto miner software. Ultralytics has identified a supply chain attack affecting affecting multiple versions of the ultralytics package. The compromised versions contained unauthorized code that downloaded and executed cryptocurrency mining software when instantiating YOLO models. This code was injected into the PyPI release artifacts and was not present in the public GitHub repository.	8.3.47 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T09:46:46.411399+00:00	PyPI Importer	Affected by	VCID-s5xv-w8ne-nuf3	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-30T20:38:45.728092+00:00	Pypa Importer	Affected by	VCID-s5xv-w8ne-nuf3	https://github.com/pypa/advisory-database/blob/main/vulns/ultralytics/PYSEC-2024-154.yaml	38.6.0