Supply Chain Incident

Ultralytics PyPI package compromise

The ultralytics Python project suffered a supply-chain attack through compromised GitHub Actions workflows and PyPI publishing, resulting in malicious package releases.

ConfidenceHigh

Evidence LevelVendor

Attack StageCi Cd Compromise

Source Artifact DivergenceNo

Affected Packages

ultralytics

Affected Releases

No structured records.

Repositories

ultralytics/ultralytics

Organizations

Ultralytics

Maintainers

No structured records.

Threat Actors

No structured records.

Campaigns

No structured records.

Build Systems

GitHub Actions

Distribution Channels

PyPI

Compromised Accounts

Ultralytics PyPI publishing token

Connected Entities

GitHub Actions Build System
PyPI Distribution Channel
ultralytics Package
Ultralytics Organization
Ultralytics PyPI publishing token Compromised Account
ultralytics/ultralytics Repository

References

Supply-chain attack analysis: Ultralytics PyPI Blog · 2024-12-11