uba-ki-lab/ressource-efficient-computer-visionThis dossier retains 244 exact component occurrences from 3 published evidence files at one immutable repository commit.
Published dependency evidence does not prove deployment, productive use, procurement or runtime reachability.
project ID + commit SHA + exact evidence pathEvery file remains tied to the observed commit. A parse error stays visible and never becomes a zero.
sha256:5ae12d5615c84d40c25d23a8c2e2306ea5f3f1f75a14a27e1c36426ce966c99fsha256:e2f86442aaca182ff71abf8a0d916c515193ed063af29d024bd5365c66c3aa2cpypi:transformers4.57.425 OSV records returnedpypi:torch2.7.1+cpu · 2.9.123 OSV records returnedpypi:codecarbon3.2.1pypi:tokenizers0.22.2pypi:opencv-python4.11.0.86pypi:scikit-learn1.8.0pypi:ultralytics8.3.252pypi:mlflow3.8.123 OSV records returnedpypi:pillow12.1.015 OSV records returnedpypi:tornado6.5.410 OSV records returnedpypi:starlette0.50.08 OSV records returnedpypi:urllib32.6.37 OSV records returnedpypi:cryptography46.0.36 OSV records returnedpypi:werkzeug3.1.56 OSV records returnedpypi:flask-cors6.0.25 OSV records returnedpypi:gitpython3.1.465 OSV records returnedpypi:jinja23.1.64 OSV records returnedpypi:requests2.32.53 OSV records returnedpypi:setuptools80.9.03 OSV records returnedpypi:filelock3.20.32 OSV records returnedpypi:mako1.3.102 OSV records returnedpypi:protobuf6.33.42 OSV records returnedpypi:pyasn10.6.12 OSV records returnedpypi:streamlit1.55.02 OSV records returnedpypi:certifi2026.1.41 OSV record returnedpypi:click8.3.11 OSV record returnedpypi:flask3.1.21 OSV record returnedpypi:fonttools4.61.11 OSV record returnedpypi:h110.16.01 OSV record returnedpypi:idna3.111 OSV record returnedpypi:jupyter-core5.9.11 OSV record returnedpypi:jwcrypto1.5.61 OSV record returnedpypi:marimo0.23.41 OSV record returnedpypi:markdown3.101 OSV record returnedpypi:pyarrow22.0.01 OSV record returnedpypi:pygments2.19.21 OSV record returnedpypi:pymdown-extensions10.21.21 OSV record returnedpypi:pytest9.0.21 OSV record returnedpypi:python-dotenv1.2.11 OSV record returnedpypi:sqlparse0.5.51 OSV record returnedpypi:tqdm4.67.11 OSV record returnedpypi:absl-py2.3.1pypi:addict2.4.0pypi:albucore0.0.24pypi:albumentations2.0.8pypi:alembic1.18.0pypi:altair6.0.0pypi:annotated-doc0.0.4pypi:annotated-types0.7.0pypi:antlr4-python3-runtime4.9.3pypi:anyio4.12.1pypi:appnope0.1.4pypi:arrow1.4.0pypi:asttokens3.0.1pypi:attrs25.4.0pypi:autograd1.8.0pypi:blinker1.9.0pypi:cachetools6.2.4pypi:cffi2.0.0pypi:charset-normalizer3.4.4pypi:cloudpickle3.1.2pypi:colorama0.4.6pypi:colorlog6.10.1pypi:comm0.2.3pypi:contourpy1.3.3pypi:cycler0.12.1pypi:databricks-sdk0.77.0pypi:debugpy1.8.19pypi:decorator5.2.1pypi:docker7.1.0pypi:docutils0.22.4pypi:escnn1.0.11pypi:executing2.2.1pypi:fastapi0.128.0pypi:fief-client0.20.0pypi:fsspec2026.1.0pypi:gitdb4.0.12pypi:google-auth2.47.0pypi:graphene3.4.3pypi:graphql-core3.2.7pypi:graphql-relay3.2.0pypi:greenlet3.3.0pypi:groundingdino-py0.4.0pypi:grpcio1.76.0pypi:gunicorn23.0.0pypi:hf-xet1.2.0pypi:httpcore1.0.9pypi:httpx0.27.2pypi:huey2.6.0pypi:huggingface-hub0.36.0pypi:hydra-core1.3.2pypi:imageio2.37.2pypi:importlib-metadata8.7.1pypi:iniconfig2.3.0pypi:ipykernel7.1.0pypi:ipython9.9.0pypi:ipython-pygments-lexers1.1.1pypi:ipywidgets8.1.8pypi:itsdangerous2.2.0pypi:jedi0.19.2pypi:joblib1.5.3pypi:jsonschema4.26.0pypi:jsonschema-specifications2025.9.1pypi:jupyter-client8.8.0pypi:jupyterlab-widgets3.0.16pypi:jwt1.4.0pypi:kiwisolver1.4.9pypi:lazy-loader0.4pypi:lie-learn0.0.2pypi:lightning-utilities0.15.2pypi:loro1.10.3pypi:markdown-it-py4.0.0pypi:markupsafe3.0.3pypi:matplotlib3.10.8pypi:matplotlib-inline0.2.1pypi:mdurl0.1.2pypi:mlflow-skinny3.8.1pypi:mlflow-tracing3.8.1pypi:mpmath1.3.0pypi:msgspec0.21.1This page displays 120 of 227 ordered rows. The machine-readable dossier retains the complete exact projection.
Certifi removes GLOBALTRUST root certificate
10 Jun 2026sqlparse: formatting list of tuples leads to denial of service
19 Feb 2026HuggingFace transformers vulnerable to remote code execution
13 Jul 2026Werkzeug safe_join() allows Windows special device names
13 Jul 2026Starlette has possible denial-of-service vector when parsing large files in multipart forms
07 Jul 2026Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain
07 Jul 2026Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookup
13 Jul 2026urllib3 streaming API improperly handles highly compressed data
07 Jul 2026Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
07 Jul 2026PyTorch susceptible to local Denial of Service
10 Jun 2026Transformers is vulnerable to ReDoS attack through its DonutProcessor class
07 Jul 2026Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)
07 Jul 2026Tornado: Authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient
13 Jul 2026MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem
13 Jul 2026Flask-CORS vulnerable to Improper Handling of Case Sensitivity
07 Jul 2026MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint
10 Jun 2026urllib3 does not control redirects in browsers and Node.js
07 Jul 2026Hugging Face Transformers vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer
07 Jul 2026mlflow Creates of Temporary File in Directory with Insecure Permissions
07 Jul 2026Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching
13 Jul 2026Vulnerable OpenSSL included in cryptography wheels
16 Jun 2026PyTorch: `torch.load` with `weights_only=True` leads to remote code execution
04 Feb 2026Hugging Face Transformers is vulnerable to ReDoS through its MarianTokenizer
07 Jul 2026MLflow: Deterministic sampling in dataset digest enables predictable collisions
15 Jul 2026setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write
11 May 2026Python-Markdown has an Uncaught Exception
10 Jun 2026Pillow has a heap buffer overflow with nested list coordinates
13 Jul 2026Regression in pymdownx.snippets reintroduces sibling-prefix path traversal bypass despite restrict_base_path
13 Jul 2026pyasn1 has a DoS vulnerability in decoder
07 Jul 2026MLflow Has a Server-Side Request Forgery (SSRF) Vulnerability
13 Jul 2026Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix
08 Jul 2026Flask session does not add `Vary: Cookie` header when accessed in some ways
13 Jul 2026HuggingFace Transformers allows for arbitrary code execution in the `Trainer` class
13 Jul 2026Transformers Regular Expression Denial of Service (ReDoS) vulnerability
07 Jul 2026pytest has vulnerable tmpdir handling
07 Jul 2026GitPython reference APIs has a path traversal vulnerability that allows arbitrary file write and delete outside the repository
13 Jul 2026MLflow: unauthenticated access to certain FastAPI routes
13 Jul 2026fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib
07 Jul 2026Tornado has incomplete validation of cookie attributes
13 Jul 2026Vulnerable OpenSSL included in cryptography wheels
07 Jul 2026Tornado vulnerable to excessive logging caused by malformed multipart form data
07 Jul 2026Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``
07 Jul 2026protobuf affected by a JSON recursion depth bypass
07 Jul 2026Unauthenticated SSRF Vulnerability in Streamlit on Windows (NTLM Credential Exposure)
13 Jul 2026mlflow: FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization
01 Jul 2026Flask-CORS improper regex path matching vulnerability
07 Jul 2026Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS
27 Jun 2026flask-cors vulnerable to log injection when the log level is set to debug
10 Jun 2026The collector reads bounded lockfiles, SBOMs and exact double-equals pins at one immutable commit. Version ranges are never resolved by assumption.
Retrieval, parsing, matching and publishing use no generative AI model.i6eal (2026): Ressource Efficient Computer Vision — exact AI dependency evidence dossier, data state 19 Jul 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/repository/opencode-10775/
We build source-backed data products with stable identities, reproducible joins and boundaries that remain visible.
These tools complement the current result.