PkgRadar

PyPI · pypi.org

ultralytics

Py Import Time Subprocess: subprocess call — process spawning.

Why PkgRadar flagged 8.4.70

SeveritySignalEvidence
mediumPy Import Time Subprocesssubprocess call — process spawning. · ultralytics-8.4.70/ultralytics/cfg/__init__.py
highPy Runtime Dynamic Dangerous ImportDynamic __import__('sys') — reflection bypass for static checks. · ultralytics-8.4.70/ultralytics/engine/tuner.py
highPy Import Time Network CallNetwork call (urllib/requests/httpx/http.client) at install or import time. · ultralytics-8.4.70/ultralytics/hub/__init__.py
highPy Import Time Network CallNetwork call (urllib/requests/httpx/http.client) at install or import time. · ultralytics-8.4.70/ultralytics/hub/google/__init__.py

Scanned versions

VersionVerdictScoreScanned (UTC)
8.4.70High risk472026-06-17
8.4.69High risk472026-06-16
8.4.68High risk472026-06-15
8.4.67High risk472026-06-14
8.4.66High risk472026-06-11
8.4.65High risk472026-06-11
8.4.64High risk472026-06-10
8.4.63High risk472026-06-09
8.4.62High risk472026-06-08
8.4.61High risk472026-06-07
8.4.60High risk472026-06-01
8.4.59High risk472026-06-01
8.4.58High risk472026-05-31
8.4.57High risk472026-05-30
8.4.56High risk472026-05-30
8.4.55High risk472026-05-30

Block this in CI

PkgRadar gates ultralytics (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi ultralytics==8.4.70
Start free — 25 scans / moView full evidence