Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/49953?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/49953?format=api", "purl": "pkg:pypi/ultralytics@8.3.41", "type": "pypi", "namespace": "", "name": "ultralytics", "version": "8.3.41", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "8.3.47", "latest_non_vulnerable_version": "8.3.47", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9690?format=api", "vulnerability_id": "VCID-s5xv-w8ne-nuf3", "summary": "A number of releases of ultralytics contained malicious crypto miner software.\nUltralytics has identified a supply chain attack\naffecting affecting multiple versions of the ultralytics package.\nThe compromised versions contained unauthorized code that\ndownloaded and executed cryptocurrency mining software\nwhen instantiating YOLO models.\nThis code was injected into the PyPI release artifacts and was not present\nin the public GitHub repository.", "references": [ { "reference_url": "https://blog.yossarian.net/2024/12/06/zizmor-ultralytics-injection", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" } ], "url": "https://blog.yossarian.net/2024/12/06/zizmor-ultralytics-injection" }, { "reference_url": "https://github.com/ultralytics/ultralytics/issues/18027", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" } ], "url": "https://github.com/ultralytics/ultralytics/issues/18027" }, { "reference_url": "https://github.com/ultralytics/ultralytics/pull/18020#issuecomment-2525180194", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" } ], "url": "https://github.com/ultralytics/ultralytics/pull/18020#issuecomment-2525180194" }, { "reference_url": "https://github.com/ultralytics/ultralytics/pull/18052", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" } ], "url": "https://github.com/ultralytics/ultralytics/pull/18052" }, { "reference_url": "https://github.com/ultralytics/ultralytics/pull/18111", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" } ], "url": "https://github.com/ultralytics/ultralytics/pull/18111" }, { "reference_url": "https://github.com/ultralytics/ultralytics/releases/tag/v8.3.48", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" } ], "url": "https://github.com/ultralytics/ultralytics/releases/tag/v8.3.48" }, { "reference_url": "https://inspector.pypi.io/project/ultralytics/8.3.41/packages/d0/99/13d92174aa6a470d348a95e31164769f2cdf77838ea3c3e3fd476285777d/ultralytics-8.3.41-py3-none-any.whl/ultralytics/utils/downloads.py#line.284", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" } ], "url": "https://inspector.pypi.io/project/ultralytics/8.3.41/packages/d0/99/13d92174aa6a470d348a95e31164769f2cdf77838ea3c3e3fd476285777d/ultralytics-8.3.41-py3-none-any.whl/ultralytics/utils/downloads.py#line.284" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49959?format=api", "purl": "pkg:pypi/ultralytics@8.3.47", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ultralytics@8.3.47" } ], "aliases": [ "PYSEC-2024-154" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s5xv-w8ne-nuf3" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/ultralytics@8.3.41" }