← Back to the AI Dependency AtlasExact repository supply-chain dossier

LLM Questionnaire Benchmarking Framework

uba-ki-lab/llm-questionnaire-benchmarking-framework
pypi

This dossier retains 241 exact component occurrences from 1 published evidence files at one immutable repository commit.

opencode:107874e12ee9f3b0bproject ID + commit SHA + exact evidence path

Published dependency evidence does not prove deployment, productive use, procurement or runtime reachability.

project ID + commit SHA + exact evidence path
241exact component occurrences
241package identities
1evidence file
262OSV records returned
Exact published evidence

Files that resolve this repository’s dependencies

Every file remains tied to the observed commit. A parse error stays visible and never becomes a zero.

Evidence pathuv.locksha256:e0cfb7dbb1f83b9adb3c422816068eefba3a17e5146d084022722da579e14760
Format
uv-lock
Parser state
parsed
Resolved components
241
Open exact source ↗
Observed relations

Package identities at this commit

pypivLLMpypi:vllm
1 Occurrence0.10.1.1
Apache-2.039 OSV records returned
pypiTransformerspypi:transformers
1 Occurrence4.57.6
Apache-2.025 OSV records returned
pypiPyTorchpypi:torch
1 Occurrence2.7.1
BSD-3-Clause23 OSV records returned
pypiOpenAI SDKpypi:openai
1 Occurrence1.104.2
Apache-2.0
pypiHugging Face Tokenizerspypi:tokenizers
1 Occurrence0.22.0
non-standard
pypiscikit-learnpypi:scikit-learn
1 Occurrence1.7.1
BSD-3-Clause · non-standard
pypitiktokenpypi:tiktoken
1 Occurrence0.11.0
non-standard
pypiaiohttppypi:aiohttp
1 Occurrence3.12.15
Apache-2.0 · Apache-2.0 AND MIT30 OSV records returned
pypimlflowpypi:mlflow
1 Occurrence3.4.0
non-standard23 OSV records returned
pypipillowpypi:pillow
1 Occurrence11.3.0
HPND · MIT-CMU15 OSV records returned
pypiauthlibpypi:authlib
1 Occurrence1.6.4
BSD-3-Clause9 OSV records returned
pypifastmcppypi:fastmcp
1 Occurrence2.12.3
Apache-2.08 OSV records returned
pypipython-multipartpypi:python-multipart
1 Occurrence0.0.20
Apache-2.08 OSV records returned
pypistarlettepypi:starlette
1 Occurrence0.47.3
BSD-3-Clause8 OSV records returned
pypiurllib3pypi:urllib3
1 Occurrence2.5.0
MIT7 OSV records returned
pypicryptographypypi:cryptography
1 Occurrence45.0.7
Apache-2.0 OR BSD-3-Clause6 OSV records returned
pypiraypypi:ray
1 Occurrence2.49.1
Apache-2.06 OSV records returned
pypiwerkzeugpypi:werkzeug
1 Occurrence3.1.1
BSD-3-Clause · non-standard6 OSV records returned
pypigitpythonpypi:gitpython
1 Occurrence3.1.45
BSD-3-Clause5 OSV records returned
pypijinja2pypi:jinja2
1 Occurrence3.1.6
BSD-3-Clause · non-standard4 OSV records returned
pypicbor2pypi:cbor2
1 Occurrence5.7.0
MIT3 OSV records returned
pypimcppypi:mcp
1 Occurrence1.14.1
MIT3 OSV records returned
pypirequestspypi:requests
1 Occurrence2.32.5
Apache-2.03 OSV records returned
pypisetuptoolspypi:setuptools
1 Occurrence79.0.1
MIT3 OSV records returned
pypifilelockpypi:filelock
1 Occurrence3.19.1
MIT · Unlicense2 OSV records returned
pypimakopypi:mako
1 Occurrence1.3.10
MIT2 OSV records returned
pypimlxpypi:mlx
1 Occurrence0.29.0
MIT2 OSV records returned
pypiprotobufpypi:protobuf
1 Occurrence6.32.0
BSD-3-Clause2 OSV records returned
pypipyasn1pypi:pyasn1
1 Occurrence0.6.1
BSD-2-Clause2 OSV records returned
pypixgrammarpypi:xgrammar
1 Occurrence0.1.21
Apache-2.02 OSV records returned
pypicertifipypi:certifi
1 Occurrence2025.8.3
MPL-2.01 OSV record returned
pypiclickpypi:click
1 Occurrence8.2.1
BSD-3-Clause · non-standard1 OSV record returned
pypidiskcachepypi:diskcache
1 Occurrence5.6.3
Apache-2.01 OSV record returned
pypiflaskpypi:flask
1 Occurrence3.1.2
BSD-3-Clause · non-standard1 OSV record returned
pypifonttoolspypi:fonttools
1 Occurrence4.59.2
MIT1 OSV record returned
pypih11pypi:h11
1 Occurrence0.16.0
MIT1 OSV record returned
pypiidnapypi:idna
1 Occurrence3.10
BSD-3-Clause · non-standard1 OSV record returned
pypimsgpackpypi:msgpack
1 Occurrence1.1.1
Apache-2.01 OSV record returned
pypipyarrowpypi:pyarrow
1 Occurrence21.0.0
Apache-2.0 · non-standard1 OSV record returned
pypipydantic-settingspypi:pydantic-settings
1 Occurrence2.10.1
MIT1 OSV record returned
pypipygmentspypi:pygments
1 Occurrence2.19.2
BSD-2-Clause1 OSV record returned
pypipython-dotenvpypi:python-dotenv
1 Occurrence1.1.1
BSD-3-Clause1 OSV record returned
pypisentencepiecepypi:sentencepiece
1 Occurrence0.2.1
non-standard1 OSV record returned
pypisqlparsepypi:sqlparse
1 Occurrence0.5.3
non-standard1 OSV record returned
pypitqdmpypi:tqdm
1 Occurrence4.67.1
MIT AND MPL-2.01 OSV record returned
pypivirtualenvpypi:virtualenv
1 Occurrence20.34.0
MIT1 OSV record returned
pypiaiohappyeyeballspypi:aiohappyeyeballs
1 Occurrence2.6.1
PSF-2.0
pypiaiohttp-corspypi:aiohttp-cors
1 Occurrence0.8.1
Apache-2.0
pypiaiosignalpypi:aiosignal
1 Occurrence1.4.0
Apache-2.0
pypialembicpypi:alembic
1 Occurrence1.16.5
MIT
pypiannotated-typespypi:annotated-types
1 Occurrence0.7.0
MIT
pypiantlr4-python3-runtimepypi:antlr4-python3-runtime
1 Occurrence4.9.3
non-standard
pypianyiopypi:anyio
1 Occurrence4.10.0
MIT
pypiastorpypi:astor
1 Occurrence0.8.1
BSD-3-Clause
pypiattrspypi:attrs
1 Occurrence25.3.0
MIT
pypiblake3pypi:blake3
1 Occurrence1.0.5
Apache-2.0 OR CC0-1.0
pypiblinkerpypi:blinker
1 Occurrence1.9.0
MIT
pypicachetoolspypi:cachetools
1 Occurrence5.5.2
MIT
pypicffipypi:cffi
1 Occurrence1.17.1
MIT
pypicharset-normalizerpypi:charset-normalizer
1 Occurrence3.4.3
MIT
pypicloudpicklepypi:cloudpickle
1 Occurrence3.1.1
BSD-3-Clause
pypicoloramapypi:colorama
1 Occurrence0.4.6
non-standard
pypicolorfulpypi:colorful
1 Occurrence0.5.7
MIT
pypicompressed-tensorspypi:compressed-tensors
1 Occurrence0.10.2
Apache-2.0
pypicontourpypypi:contourpy
1 Occurrence1.3.3
non-standard
pypicupy-cuda12xpypi:cupy-cuda12x
1 Occurrence13.6.0
MIT
pypicyclerpypi:cycler
1 Occurrence0.12.1
non-standard
pypicycloptspypi:cyclopts
1 Occurrence3.24.0
Apache-2.0
pypidatabricks-sdkpypi:databricks-sdk
1 Occurrence0.65.0
non-standard
pypidepyfpypi:depyf
1 Occurrence0.19.0
MIT
pypidillpypi:dill
1 Occurrence0.4.0
BSD-3-Clause
pypidistlibpypi:distlib
1 Occurrence0.4.0
PSF-2.0
pypidistropypi:distro
1 Occurrence1.9.0
Apache-2.0
pypidnspythonpypi:dnspython
1 Occurrence2.7.0
ISC
pypidockerpypi:docker
1 Occurrence7.1.0
Apache-2.0
pypidocstring-parserpypi:docstring-parser
1 Occurrence0.17.0
MIT
pypidocutilspypi:docutils
1 Occurrence0.22.1
non-standard
pypieinopspypi:einops
1 Occurrence0.8.1
MIT
pypiemail-validatorpypi:email-validator
1 Occurrence2.3.0
Unlicense
pypiet-xmlfilepypi:et-xmlfile
1 Occurrence2.0.0
MIT
pypiexceptiongrouppypi:exceptiongroup
1 Occurrence1.3.0
MIT
pypifastapipypi:fastapi
1 Occurrence0.116.1
MIT
pypifastapi-clipypi:fastapi-cli
1 Occurrence0.0.10
MIT
pypifastapi-cloud-clipypi:fastapi-cloud-cli
1 Occurrence0.1.5
MIT
pypifastrlockpypi:fastrlock
1 Occurrence0.8.3
non-standard
pypifrozenlistpypi:frozenlist
1 Occurrence1.7.0
Apache-2.0
pypifsspecpypi:fsspec
1 Occurrence2025.9.0
BSD-3-Clause · non-standard
pypiggufpypi:gguf
1 Occurrence0.17.1
MIT
pypigitdbpypi:gitdb
1 Occurrence4.0.12
non-standard
pypigoogle-api-corepypi:google-api-core
1 Occurrence2.25.1
Apache-2.0
pypigoogle-authpypi:google-auth
1 Occurrence2.40.3
Apache-2.0
pypigoogleapis-common-protospypi:googleapis-common-protos
1 Occurrence1.70.0
Apache-2.0
pypigraphenepypi:graphene
1 Occurrence3.4.3
MIT
pypigraphql-corepypi:graphql-core
1 Occurrence3.2.6
MIT
pypigraphql-relaypypi:graphql-relay
1 Occurrence3.2.0
MIT
pypigreenletpypi:greenlet
1 Occurrence3.2.4
MIT · MIT AND PSF-2.0 · MIT AND Python-2.0
pypigrpciopypi:grpcio
1 Occurrence1.74.0
Apache-2.0
pypigunicornpypi:gunicorn
1 Occurrence23.0.0
MIT
pypihf-xetpypi:hf-xet
1 Occurrence1.1.9
Apache-2.0
pypihttpcorepypi:httpcore
1 Occurrence1.0.9
BSD-3-Clause
pypihttptoolspypi:httptools
1 Occurrence0.6.4
MIT
pypihttpxpypi:httpx
1 Occurrence0.28.1
BSD-3-Clause
pypihttpx-ssepypi:httpx-sse
1 Occurrence0.4.1
MIT
pypihuggingface-hubpypi:huggingface-hub
1 Occurrence0.34.4
Apache-2.0 · non-standard
pypihydra-corepypi:hydra-core
1 Occurrence1.3.2
MIT
pypiimportlib-metadatapypi:importlib-metadata
1 Occurrence8.7.0
Apache-2.0 · non-standard
pypiinquirerpypypi:inquirerpy
1 Occurrence0.3.4
MIT
pypiinteregularpypi:interegular
1 Occurrence0.3.3
MIT
pypiisodatepypi:isodate
1 Occurrence0.7.2
non-standard
pypiitsdangerouspypi:itsdangerous
1 Occurrence2.2.0
BSD-3-Clause · non-standard
pypijiterpypi:jiter
1 Occurrence0.10.0
MIT
pypijoblibpypi:joblib
1 Occurrence1.5.2
BSD-3-Clause
pypijsonschemapypi:jsonschema
1 Occurrence4.25.1
MIT
pypijsonschema-pathpypi:jsonschema-path
1 Occurrence0.3.4
Apache-2.0
pypijsonschema-specificationspypi:jsonschema-specifications
1 Occurrence2025.4.1
MIT
pypikiwisolverpypi:kiwisolver
1 Occurrence1.4.9
non-standard
pypilarkpypi:lark
1 Occurrence1.2.2
MIT
pypilazy-object-proxypypi:lazy-object-proxy
1 Occurrence1.12.0
BSD-2-Clause
pypillguidancepypi:llguidance
1 Occurrence0.7.30
MIT
pypillvmlitepypi:llvmlite
1 Occurrence0.44.0
non-standard

This page displays 120 of 241 ordered rows. The machine-readable dossier retains the complete exact projection.

OSV

Related OSV records

GHSA-248v-346w-9cwc

Certifi removes GLOBALTRUST root certificate

1 repository10 Jun 2026
GHSA-27jp-wm6q-gp25

sqlparse: formatting list of tuples leads to denial of service

2 repositories19 Feb 2026
GHSA-29pf-2h5f-8g72

HuggingFace transformers vulnerable to remote code execution

8 repositories13 Jul 2026
GHSA-29vq-49wr-vm6x

Werkzeug safe_join() allows Windows special device names

6 repositories13 Jul 2026
GHSA-2c2j-9gv5-cj73

Starlette has possible denial-of-service vector when parsing large files in multipart forms

4 repositories07 Jul 2026
GHSA-2fqr-mr3j-6wp8

aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence

9 repositories13 Jul 2026
GHSA-2g68-c3qc-8985

Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain

1 repository07 Jul 2026
GHSA-2h4p-vjrc-8xpq

Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookup

5 repositories13 Jul 2026
GHSA-2pc9-4j83-qjmr

vLLM affected by RCE via auto_map dynamic module loading during model initialization

2 repositories17 Jul 2026
GHSA-2vrm-gr82-f7m5

AIOHTTP has CRLF injection through multipart part content type header construction

9 repositories13 Jul 2026
GHSA-2xpw-w6gg-jr37

urllib3 streaming API improperly handles highly compressed data

13 repositories07 Jul 2026
GHSA-3749-ghw9-m3mg

PyTorch susceptible to local Denial of Service

3 repositories10 Jun 2026
GHSA-37mw-44qp-f5jm

Transformers is vulnerable to ReDoS attack through its DonutProcessor class

2 repositories07 Jul 2026
GHSA-38jv-5279-wg99

Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)

13 repositories07 Jul 2026
GHSA-38vq-g6vr-w8wf

Sentencepiece has a a heap overflow issue

1 repository07 Jul 2026
GHSA-3c37-wwvx-h642

cbor2 has a Denial of Service via Uncontrolled Recursion in cbor2.loads

2 repositories13 Jul 2026
GHSA-3f6c-7fw2-ppm4

vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class

2 repositories07 Jul 2026
GHSA-3mwp-wvh9-7528

vLLM: Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server

3 repositories17 Jul 2026
GHSA-3wq7-rqq7-wx6j

AIOHTTP has late size enforcement for non-file multipart fields causes memory DoS

9 repositories13 Jul 2026
GHSA-3ww4-5jv9-j5gm

vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors

3 repositories17 Jul 2026
GHSA-42h5-h8qh-vv9v

MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem

3 repositories13 Jul 2026
GHSA-46r5-x6jq-v8g6

MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint

3 repositories10 Jun 2026
GHSA-48p4-8xcf-vxj5

urllib3 does not control redirects in browsers and Node.js

7 repositories07 Jul 2026
GHSA-4fvr-rgm6-gqmc

aiohttp: HTTP/1 Pipelined Requests Queue Without Limit

9 repositories13 Jul 2026
GHSA-4m7w-qmgq-4wj5

aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections

9 repositories27 Jun 2026
GHSA-4qjh-9fv9-r85r

Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching

1 repository04 Feb 2026
GHSA-4r2x-xpjr-7cvv

vLLM has RCE In Video Processing

3 repositories17 Jul 2026
GHSA-4w7r-h757-3r74

Hugging Face Transformers vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer

2 repositories07 Jul 2026
GHSA-4x5p-f36r-mxxr

mlflow Creates of Temporary File in Directory with Insecure Permissions

1 repository07 Jul 2026
GHSA-4xgf-cpjx-pc3j

pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size

2 repositories08 Jul 2026
GHSA-5239-wwwm-4pmq

Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching

13 repositories13 Jul 2026
GHSA-537c-gmf6-5ccf

Vulnerable OpenSSL included in cryptography wheels

7 repositories16 Jun 2026
GHSA-53q9-r3pm-6pq6

PyTorch: `torch.load` with `weights_only=True` leads to remote code execution

1 repository04 Feb 2026
GHSA-54jq-c3m8-4m76

AIOHTTP vulnerable to brute-force leak of internal static file path components

7 repositories07 Jul 2026
GHSA-597g-3phw-6986

virtualenv Has TOCTOU Vulnerabilities in Directory Creation

6 repositories07 Jul 2026
GHSA-59g5-xgcq-4qw3

Denial of service (DoS) via deformation `multipart/form-data` boundary

1 repository07 Jul 2026
GHSA-59p9-h35m-wg4g

Hugging Face Transformers is vulnerable to ReDoS through its MarianTokenizer

2 repositories07 Jul 2026
GHSA-5cmr-4px5-23pc

XGrammar affected by Denial of Service by infinite recursion grammars

1 repository07 Jul 2026
GHSA-5h2m-4q8j-pqpj

FastMCP OAuth Proxy token reuse across MCP servers

1 repository13 Jul 2026
GHSA-5jv2-g5wq-cmr4

vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving

3 repositories17 Jul 2026
GHSA-5qmp-p3c4-72qj

MLflow: Deterministic sampling in dataset digest enables predictable collisions

3 repositories15 Jul 2026
GHSA-5rjg-fvgr-3xxf

setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write

2 repositories11 May 2026
GHSA-5rvq-cxj2-64vf

python-multipart: Quadratic-time querystring parsing with semicolon separators causes CPU denial of service

5 repositories13 Jul 2026
GHSA-5xmw-vc9v-4wf2

Pillow has a heap buffer overflow with nested list coordinates

10 repositories13 Jul 2026
GHSA-63hf-3vf5-4wqf

AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header injection/security bypass

9 repositories16 Jul 2026
GHSA-63hw-fmq6-xxg2

aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines

9 repositories13 Jul 2026
GHSA-63vm-454h-vhhq

pyasn1 has a DoS vulnerability in decoder

7 repositories07 Jul 2026
GHSA-65h7-c7c4-mghx

MLflow Has a Server-Side Request Forgery (SSRF) Vulnerability

3 repositories13 Jul 2026
Interpretation boundary

Exact identities in, explicit limits out

The collector reads bounded lockfiles, SBOMs and exact double-equals pins at one immutable commit. Version ranges are never resolved by assumption.

Retrieval, parsing, matching and publishing use no generative AI model.

i6eal (2026): LLM Questionnaire Benchmarking Framework — exact AI dependency evidence dossier, data state 19 Jul 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/repository/opencode-10787/

Reading this dossier

Does this repository dossier prove deployment?
No. It documents dependencies published at one observed commit, not a deployed environment.
Why are exact versions required?
OSV and registry metadata can be linked reproducibly only to an observed package@version tuple. The collector never substitutes a newest release for a range.
Does a missing row mean the dependency is absent?
No. It means not observed within the bounded files and repository checkpoint. Incomplete trees and parser failures remain explicit.

Need a permanent dependency evidence trail for another public code cohort?

We build source-backed data products with stable identities, reproducible joins and boundaries that remain visible.

Discuss a data projectExplore all tools