← Back to the AI Dependency AtlasExact package identity dossier

PyTorch

pypi:torch
pypi

This dossier links the stable identity pypi:torch to 9 exact observed versions across 10 public repositories.

pypipypi:torchecosystem:name + exact version + evidence path

A package identity or provider interface in published code does not prove configuration, an account, procurement, data transfer or an API call.

ecosystem:name + exact version + evidence path
10repositories
15exact evidence rows
9exact versions
1reported license expression
23OSV records returned
Exact published evidence

Observed exact versions and registry metadata

Publication age and licenses come from deps.dev metadata. They are context—not a maintenance, legal or portability verdict.

Exact version2.5.129 Oct 2024
Repositories
1
Occurrences
1
Reported licenses
BSD-3-Clause
no verified publish attestation reported19 OSV records
Exact version2.6.029 Jan 2025
Repositories
1
Occurrences
1
Reported licenses
BSD-3-Clause
no verified publish attestation reported22 OSV records
Exact version2.7.023 Apr 2025
Repositories
1
Occurrences
1
Reported licenses
BSD-3-Clause
no verified publish attestation reported14 OSV records
Exact version2.7.104 Jun 2025
Repositories
3
Occurrences
4
Reported licenses
BSD-3-Clause
no verified publish attestation reported9 OSV records
Exact version2.7.1+cpuNot reported
Repositories
1
Occurrences
1
Reported licenses
Not reported
no verified publish attestation reported9 OSV records
Exact version2.8.006 Aug 2025
Repositories
1
Occurrences
1
Reported licenses
BSD-3-Clause
no verified publish attestation reported8 OSV records
Open exact source ↗
Exact version2.9.112 Nov 2025
Repositories
2
Occurrences
2
Reported licenses
BSD-3-Clause
no verified publish attestation reported4 OSV records
Open exact source ↗
Exact version2.9.1+cpuNot reported
Repositories
1
Occurrences
3
Reported licenses
Not reported
no verified publish attestation reported4 OSV records
Exact version2.10.021 Jan 2026
Repositories
1
Occurrences
1
Reported licenses
BSD-3-Clause
no verified publish attestation reported2 OSV records
Open exact source ↗
Observed relations

Repositories carrying this identity

F13-RAGlandeshauptstadt-muenchen/f-13-rag
2.7.1 · 2.9.1+cpu5 Occurrences
Ressource Efficient Computer Visionuba-ki-lab/ressource-efficient-computer-vision
2.7.1+cpu · 2.9.12 Occurrences
Coding Agent Usage Simulationuba-ki-lab/coding-agent-usage-simulation
2.8.01 Occurrence
density-mapsuba-ki-lab/density-maps
2.10.01 Occurrence
GSA Extractionuba-ki-lab/gsa-extraction
2.7.11 Occurrence
LLM Questionnaire Benchmarking Frameworkuba-ki-lab/llm-questionnaire-benchmarking-framework
2.7.11 Occurrence
LLM Testframeworkuba-ki-lab/llm-testframework
2.6.01 Occurrence
Objection managementuba-ki-lab/objection-management
2.5.11 Occurrence
photovoltaic_systemsuba-ki-lab/photovoltaic_systems
2.7.01 Occurrence
Retrieval Evaluationuba-ki-lab/retrieval-evaluation
2.9.11 Occurrence
Exact published evidence

exact evidence rows

Coding Agent Usage Simulationuba-ki-lab/coding-agent-usage-simulation
pypi:torch@2.8.0uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
density-mapsuba-ki-lab/density-maps
pypi:torch@2.10.0uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
F13-RAGlandeshauptstadt-muenchen/f-13-rag
pypi:torch@2.7.1requirements-gpu.in
direct declarationnot marked as development-only
Open exact source ↗
F13-RAGlandeshauptstadt-muenchen/f-13-rag
pypi:torch@2.7.1requirements-gpu.txt
generated or transitive declarationnot marked as development-only
Open exact source ↗
F13-RAGlandeshauptstadt-muenchen/f-13-rag
pypi:torch@2.9.1+cpurequirements-dev.txt
generated or transitive declarationnot marked as development-only
Open exact source ↗
F13-RAGlandeshauptstadt-muenchen/f-13-rag
pypi:torch@2.9.1+cpurequirements-testing.txt
generated or transitive declarationnot marked as development-only
Open exact source ↗
F13-RAGlandeshauptstadt-muenchen/f-13-rag
pypi:torch@2.9.1+cpurequirements.txt
generated or transitive declarationnot marked as development-only
Open exact source ↗
GSA Extractionuba-ki-lab/gsa-extraction
pypi:torch@2.7.1uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
LLM Questionnaire Benchmarking Frameworkuba-ki-lab/llm-questionnaire-benchmarking-framework
pypi:torch@2.7.1uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
LLM Testframeworkuba-ki-lab/llm-testframework
pypi:torch@2.6.0uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
Objection managementuba-ki-lab/objection-management
pypi:torch@2.5.1uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
photovoltaic_systemsuba-ki-lab/photovoltaic_systems
pypi:torch@2.7.0sbom.json
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
Ressource Efficient Computer Visionuba-ki-lab/ressource-efficient-computer-vision
pypi:torch@2.7.1+cpupyproject.toml
direct declarationdevelopment dependency
Open exact source ↗
Ressource Efficient Computer Visionuba-ki-lab/ressource-efficient-computer-vision
pypi:torch@2.9.1uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
Retrieval Evaluationuba-ki-lab/retrieval-evaluation
pypi:torch@2.9.1uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
OSV

Related OSV records

GHSA-3749-ghw9-m3mg

PyTorch susceptible to local Denial of Service

3 repositories10 Jun 2026
GHSA-53q9-r3pm-6pq6

PyTorch: `torch.load` with `weights_only=True` leads to remote code execution

1 repository04 Feb 2026
GHSA-887c-mr87-cxwp

PyTorch Improper Resource Shutdown or Release vulnerability

7 repositories14 Jul 2026
GHSA-c678-jfcj-6jmf

PyTorch Tuple Handler is Vulnerable to Memory Corruption through Manipulation of None Argument

2 repositories09 Jun 2026
GHSA-f4hp-rmr7-r7v8

PyTorch is Vulnerable to Memory Consumption through pad_packed_sequence Function

2 repositories10 Jun 2026
GHSA-qfhq-4f3w-5fph

PyTorch is vulnerable to memory corruption through its torch.lstm_cell function

9 repositories10 Jun 2026
GHSA-rrmf-rvhw-rf47

PyTorch is vulnerable to memory corruption through its torch.jit.script function

10 repositories17 Jul 2026
GHSA-vgrw-7cvw-pwgx

PyTorch is vulnerable to memory corruption through its unpack_sequence function

8 repositories10 Jun 2026
GHSA-x3gm-94wq-g975

PyTorch: Manipulation of the argument scale/zero_point leads to improper initialization via Quantized Sigmoid Module

2 repositories10 Jun 2026
PYSEC-2025-198

Not reported

2 repositories20 May 2026
PYSEC-2025-199

Not reported

1 repository20 May 2026
PYSEC-2025-200

Not reported

1 repository20 May 2026
PYSEC-2025-201

Not reported

1 repository20 May 2026
PYSEC-2025-202

Not reported

1 repository20 May 2026
PYSEC-2025-203

Not reported

8 repositories20 May 2026
PYSEC-2025-204

Not reported

8 repositories20 May 2026
PYSEC-2025-205

Not reported

3 repositories20 May 2026
PYSEC-2025-206

Not reported

8 repositories20 May 2026
PYSEC-2025-207

Not reported

3 repositories20 May 2026
PYSEC-2025-208

Not reported

3 repositories20 May 2026
PYSEC-2025-209

Not reported

3 repositories20 May 2026
PYSEC-2026-139

Not reported

10 repositories21 May 2026
PYSEC-2026-2286

Not reported

9 repositories13 Jul 2026
Interpretation boundary

Exact identities in, explicit limits out

Only exact npm and PyPI tuples are enriched. Reported SPDX expressions are metadata; no compatibility, obligation or legal conclusion is inferred.

Retrieval, parsing, matching and publishing use no generative AI model.

i6eal (2026): PyTorch — exact AI dependency evidence dossier, data state 19 Jul 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/paket/torch-47a5352a/

Reading this dossier

Does package presence prove that a provider is used?
No. Even a direct interface declaration does not establish configuration, credentials, procurement, data transfer or an API call.
Why are exact versions required?
OSV and registry metadata can be linked reproducibly only to an observed package@version tuple. The collector never substitutes a newest release for a range.
Does a missing row mean the dependency is absent?
No. It means not observed within the bounded files and repository checkpoint. Incomplete trees and parser failures remain explicit.

Need a permanent dependency evidence trail for another public code cohort?

We build source-backed data products with stable identities, reproducible joins and boundaries that remain visible.

Discuss a data projectExplore all tools