Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/ultralytics@8.3.47
purl pkg:pypi/ultralytics@8.3.47
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-s5xv-w8ne-nuf3 A number of releases of ultralytics contained malicious crypto miner software. Ultralytics has identified a supply chain attack affecting affecting multiple versions of the ultralytics package. The compromised versions contained unauthorized code that downloaded and executed cryptocurrency mining software when instantiating YOLO models. This code was injected into the PyPI release artifacts and was not present in the public GitHub repository. PYSEC-2024-154

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-31T09:46:46.415157+00:00 PyPI Importer Fixing VCID-s5xv-w8ne-nuf3 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-30T20:38:45.738039+00:00 Pypa Importer Fixing VCID-s5xv-w8ne-nuf3 https://github.com/pypa/advisory-database/blob/main/vulns/ultralytics/PYSEC-2024-154.yaml 38.6.0