← Back to the AI Dependency AtlasExact package identity dossier

cryptography

pypi:cryptography
pypi

This dossier links the stable identity pypi:cryptography to 7 exact observed versions across 8 public repositories.

pypipypi:cryptographyecosystem:name + exact version + evidence path

A package identity or provider interface in published code does not prove configuration, an account, procurement, data transfer or an API call.

ecosystem:name + exact version + evidence path
8repositories
9exact evidence rows
7exact versions
1reported license expression
6OSV records returned
Exact published evidence

Observed exact versions and registry metadata

Publication age and licenses come from deps.dev metadata. They are context—not a maintenance, legal or portability verdict.

Exact version42.0.804 Jun 2024
Repositories
1
Occurrences
1
Reported licenses
Apache-2.0 OR BSD-3-Clause
no verified publish attestation reported5 OSV records
Open exact source ↗
Exact version43.0.318 Oct 2024
Repositories
1
Occurrences
1
Reported licenses
Apache-2.0 OR BSD-3-Clause
verified publish attestation4 OSV records
Open exact source ↗
Exact version44.0.027 Nov 2024
Repositories
1
Occurrences
1
Reported licenses
Apache-2.0 OR BSD-3-Clause
verified publish attestation4 OSV records
Open exact source ↗
Exact version44.0.302 May 2025
Repositories
1
Occurrences
1
Reported licenses
Apache-2.0 OR BSD-3-Clause
verified publish attestation3 OSV records
Open exact source ↗
Exact version45.0.701 Sept 2025
Repositories
1
Occurrences
1
Reported licenses
Apache-2.0 OR BSD-3-Clause
verified publish attestation4 OSV records
Open exact source ↗
Exact version46.0.316 Oct 2025
Repositories
2
Occurrences
2
Reported licenses
Apache-2.0 OR BSD-3-Clause
verified publish attestation4 OSV records
Open exact source ↗
Exact version48.0.110 Jun 2026
Repositories
1
Occurrences
2
Reported licenses
Apache-2.0 OR BSD-3-Clause
verified publish attestationNo OSV record returned for this exact version
Open exact source ↗
Observed relations

Repositories carrying this identity

MUCGPTlandeshauptstadt-muenchen/mucgpt
48.0.12 Occurrences
kiva-llm-gatewaybaden-wuerttemberg/innenministerium/kiva.platform/kiva-llm-gateway
43.0.31 Occurrence
LLM Questionnaire Benchmarking Frameworkuba-ki-lab/llm-questionnaire-benchmarking-framework
45.0.71 Occurrence
LLM Testframeworkuba-ki-lab/llm-testframework
44.0.31 Occurrence
Objection managementuba-ki-lab/objection-management
42.0.81 Occurrence
Ressource Efficient Computer Visionuba-ki-lab/ressource-efficient-computer-vision
46.0.31 Occurrence
strahlenexpositionuba-ki-lab/strahlenexposition
44.0.01 Occurrence
Workshop Green LLM Usageuba-ki-lab/workshop-green-llm-usage
46.0.31 Occurrence
Exact published evidence

exact evidence rows

kiva-llm-gatewaybaden-wuerttemberg/innenministerium/kiva.platform/kiva-llm-gateway
pypi:cryptography@43.0.3poetry.lock
declaration relationship not reportednot marked as development-only
Open exact source ↗
LLM Questionnaire Benchmarking Frameworkuba-ki-lab/llm-questionnaire-benchmarking-framework
pypi:cryptography@45.0.7uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
LLM Testframeworkuba-ki-lab/llm-testframework
pypi:cryptography@44.0.3uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
MUCGPTlandeshauptstadt-muenchen/mucgpt
pypi:cryptography@48.0.1mucgpt-assistant-service/uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
MUCGPTlandeshauptstadt-muenchen/mucgpt
pypi:cryptography@48.0.1mucgpt-core-service/uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
Objection managementuba-ki-lab/objection-management
pypi:cryptography@42.0.8uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
Ressource Efficient Computer Visionuba-ki-lab/ressource-efficient-computer-vision
pypi:cryptography@46.0.3uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
strahlenexpositionuba-ki-lab/strahlenexposition
pypi:cryptography@44.0.0sbom.json
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
Workshop Green LLM Usageuba-ki-lab/workshop-green-llm-usage
pypi:cryptography@46.0.3uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
OSV

Related OSV records

GHSA-537c-gmf6-5ccf

Vulnerable OpenSSL included in cryptography wheels

7 repositories16 Jun 2026
GHSA-79v4-65xg-pq4g

Vulnerable OpenSSL included in cryptography wheels

3 repositories07 Jul 2026
GHSA-h4gh-qq45-vh27

pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels

1 repository04 Feb 2026
GHSA-m959-cc7f-wv43

cryptography has incomplete DNS name constraint enforcement on peer names

7 repositories05 Jun 2026
GHSA-p423-j2cm-9vmq

Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs

3 repositories05 Jun 2026
GHSA-r6ph-v2qm-q3c2

cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

7 repositories13 Jul 2026
Interpretation boundary

Exact identities in, explicit limits out

Only exact npm and PyPI tuples are enriched. Reported SPDX expressions are metadata; no compatibility, obligation or legal conclusion is inferred.

Retrieval, parsing, matching and publishing use no generative AI model.

i6eal (2026): cryptography — exact AI dependency evidence dossier, data state 19 Jul 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/paket/cryptography-de36c9c8/

Reading this dossier

Does package presence prove that a provider is used?
No. Even a direct interface declaration does not establish configuration, credentials, procurement, data transfer or an API call.
Why are exact versions required?
OSV and registry metadata can be linked reproducibly only to an observed package@version tuple. The collector never substitutes a newest release for a range.
Does a missing row mean the dependency is absent?
No. It means not observed within the bounded files and repository checkpoint. Incomplete trees and parser failures remain explicit.

Need a permanent dependency evidence trail for another public code cohort?

We build source-backed data products with stable identities, reproducible joins and boundaries that remain visible.

Discuss a data projectExplore all tools