← Back to the AI Dependency AtlasExact package identity dossier

werkzeug

pypi:werkzeug
pypi

This dossier links the stable identity pypi:werkzeug to 5 exact observed versions across 6 public repositories.

pypipypi:werkzeugecosystem:name + exact version + evidence path

A package identity or provider interface in published code does not prove configuration, an account, procurement, data transfer or an API call.

ecosystem:name + exact version + evidence path
6repositories
7exact evidence rows
5exact versions
2reported license expressions
6OSV records returned
Exact published evidence

Observed exact versions and registry metadata

Publication age and licenses come from deps.dev metadata. They are context—not a maintenance, legal or portability verdict.

Exact version3.0.124 Oct 2023
Repositories
1
Occurrences
1
Reported licenses
non-standard
no verified publish attestation reported6 OSV records
Open exact source ↗
Exact version3.0.625 Oct 2024
Repositories
1
Occurrences
2
Reported licenses
non-standard
no verified publish attestation reported3 OSV records
Open exact source ↗
Exact version3.1.101 Nov 2024
Repositories
1
Occurrences
1
Reported licenses
non-standard
no verified publish attestation reported3 OSV records
Open exact source ↗
Exact version3.1.308 Nov 2024
Repositories
2
Occurrences
2
Reported licenses
non-standard
no verified publish attestation reported3 OSV records
Open exact source ↗
Exact version3.1.508 Jan 2026
Repositories
1
Occurrences
1
Reported licenses
BSD-3-Clause
verified publish attestation1 OSV record
Open exact source ↗
Observed relations

Repositories carrying this identity

strahlenexpositionuba-ki-lab/strahlenexposition
3.0.62 Occurrences
Energieautarkes Wohnquartier - Backendenergieautarkes-wohnquartier/backend
3.1.31 Occurrence
AIiqsh/collaboration-online-board/ai
3.0.11 Occurrence
GSA Extractionuba-ki-lab/gsa-extraction
3.1.31 Occurrence
LLM Questionnaire Benchmarking Frameworkuba-ki-lab/llm-questionnaire-benchmarking-framework
3.1.11 Occurrence
Ressource Efficient Computer Visionuba-ki-lab/ressource-efficient-computer-vision
3.1.51 Occurrence
Exact published evidence

exact evidence rows

AIiqsh/collaboration-online-board/ai
pypi:werkzeug@3.0.1SPDX_v2.0.0.yml
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
Energieautarkes Wohnquartier - Backendenergieautarkes-wohnquartier/backend
pypi:werkzeug@3.1.3poetry.lock
declaration relationship not reportednot marked as development-only
Open exact source ↗
GSA Extractionuba-ki-lab/gsa-extraction
pypi:werkzeug@3.1.3uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
LLM Questionnaire Benchmarking Frameworkuba-ki-lab/llm-questionnaire-benchmarking-framework
pypi:werkzeug@3.1.1uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
Ressource Efficient Computer Visionuba-ki-lab/ressource-efficient-computer-vision
pypi:werkzeug@3.1.5uv.lock
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
strahlenexpositionuba-ki-lab/strahlenexposition
pypi:werkzeug@3.0.6poetry.lock
declaration relationship not reportednot marked as development-only
Open exact source ↗
strahlenexpositionuba-ki-lab/strahlenexposition
pypi:werkzeug@3.0.6sbom.json
declaration relationship not reporteddevelopment scope not reported
Open exact source ↗
OSV

Related OSV records

GHSA-29vq-49wr-vm6x

Werkzeug safe_join() allows Windows special device names

6 repositories13 Jul 2026
GHSA-2g68-c3qc-8985

Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain

1 repository07 Jul 2026
GHSA-87hc-h4r5-73f7

Werkzeug safe_join() allows Windows special device names with compound extensions

5 repositories07 Jul 2026
GHSA-f9vj-2wh5-fj8j

Werkzeug safe_join not safe on Windows

1 repository07 Jul 2026
GHSA-hgf8-39gv-g3f2

Werkzeug safe_join() allows Windows special device names

5 repositories07 Jul 2026
GHSA-q34m-jh98-gwm2

Werkzeug possible resource exhaustion when parsing file data in forms

1 repository13 Jul 2026
Interpretation boundary

Exact identities in, explicit limits out

Only exact npm and PyPI tuples are enriched. Reported SPDX expressions are metadata; no compatibility, obligation or legal conclusion is inferred.

Retrieval, parsing, matching and publishing use no generative AI model.

i6eal (2026): werkzeug — exact AI dependency evidence dossier, data state 19 Jul 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/paket/werkzeug-b18d5b02/

Reading this dossier

Does package presence prove that a provider is used?
No. Even a direct interface declaration does not establish configuration, credentials, procurement, data transfer or an API call.
Why are exact versions required?
OSV and registry metadata can be linked reproducibly only to an observed package@version tuple. The collector never substitutes a newest release for a range.
Does a missing row mean the dependency is absent?
No. It means not observed within the bounded files and repository checkpoint. Incomplete trees and parser failures remain explicit.

Need a permanent dependency evidence trail for another public code cohort?

We build source-backed data products with stable identities, reproducible joins and boundaries that remain visible.

Discuss a data projectExplore all tools