uba-ki-lab/strahlenexpositionThis dossier retains 324 exact component occurrences from 2 published evidence files at one immutable repository commit.
Published dependency evidence does not prove deployment, productive use, procurement or runtime reachability.
project ID + commit SHA + exact evidence pathEvery file remains tied to the observed commit. A parse error stays visible and never becomes a zero.
sha256:c489b7b61f52a098139ff30c50edcca0e32753b4b014f22e0b51d2e97c950433sha256:4352d1512c073ad9072f4876774e7e60b4d7287e992b698284e6e3054e972883pypi:scikit-learn1.6.1pypi:mistune3.1.316 OSV records returnedpypi:pillow11.2.115 OSV records returnedpypi:tornado6.4.210 OSV records returnedpypi:jupyter-server2.15.07 OSV records returnedpypi:urllib32.4.07 OSV records returnedpypi:cryptography44.0.06 OSV records returnedpypi:pip22.0.26 OSV records returnedpypi:werkzeug3.0.66 OSV records returnedpypi:jupyterlab4.4.05 OSV records returnedpypi:jinja23.1.64 OSV records returnedpypi:nbconvert7.16.63 OSV records returnedpypi:notebook7.0.73 OSV records returnedpypi:requests2.32.33 OSV records returnedpypi:setuptools80.0.13 OSV records returnedpypi:bleach6.2.02 OSV records returnedpypi:dulwich0.22.72 OSV records returnedpypi:filelock3.18.02 OSV records returnedpypi:poetry2.0.12 OSV records returnedpypi:soupsieve2.62 OSV records returnedpypi:weasyprint64.12 OSV records returnedpypi:brotli1.1.01 OSV record returnedpypi:certifi2025.4.261 OSV record returnedpypi:click8.1.81 OSV record returnedpypi:flask3.0.31 OSV record returnedpypi:fonttools4.57.01 OSV record returnedpypi:h110.14.01 OSV record returnedpypi:idna3.101 OSV record returnedpypi:jaraco-context6.0.11 OSV record returnedpypi:jupyter-core5.7.21 OSV record returnedpypi:lxml5.4.01 OSV record returnedpypi:markdown3.81 OSV record returnedpypi:msgpack1.1.01 OSV record returnedpypi:pyarrow20.0.01 OSV record returnedpypi:pygments2.19.11 OSV record returnedpypi:pytest7.4.41 OSV record returnedpypi:virtualenv20.30.01 OSV record returnedpypi:accessible-pygments0.0.5pypi:adjusttext1.3.0pypi:alabaster1.0.0pypi:anyio4.9.0pypi:argon2-cffi23.1.0pypi:argon2-cffi-bindings21.2.0pypi:arrow1.3.0pypi:asttokens3.0.0pypi:async-lru2.0.5pypi:attrs25.3.0pypi:babel2.17.0pypi:backports-tarfile1.2.0pypi:beautifulsoup44.13.3pypi:blinker1.9.0pypi:boolean-py5.0pypi:brotlicffi1.1.0.0pypi:build1.2.2.post1pypi:cachecontrol0.14.2pypi:cffi1.17.1pypi:cfgv3.4.0pypi:chardet5.2.0pypi:charset-normalizer3.4.1pypi:cleo2.1.0pypi:colorama0.4.6pypi:comm0.2.2pypi:contourpy1.3.2pypi:coverage7.8.0pypi:crashtest0.4.1pypi:cssselect20.8.0pypi:cycler0.12.1pypi:cyclonedx-bom6.0.0pypi:cyclonedx-python-lib10.0.0pypi:dash2.18.2pypi:dash-ag-grid31.3.1pypi:dash-bootstrap-components1.7.1pypi:dash-core-components2.0.0pypi:dash-html-components2.0.0pypi:dash-table5.0.0pypi:debugpy1.8.13pypi:decorator5.2.1pypi:defusedxml0.7.1pypi:distlib0.3.9pypi:docutils0.21.2pypi:exceptiongroup1.2.2pypi:executing2.2.0pypi:fastexcel0.12.1pypi:fastjsonschema2.21.1pypi:fpdf1.7.2pypi:fqdn1.5.1pypi:ghp-import2.1.0pypi:httpcore1.0.7pypi:httpx0.28.1pypi:identify2.6.10pypi:imagesize1.4.1pypi:importlib-metadata8.7.0pypi:iniconfig2.1.0pypi:installer0.7.0pypi:ipykernel6.29.5pypi:ipython8.34.0pypi:ipywidgets8.1.5pypi:isoduration20.11.0pypi:itsdangerous2.2.0pypi:jaraco-classes3.4.0pypi:jaraco-functools4.1.0pypi:jedi0.19.2pypi:jeepney0.8.0pypi:joblib1.4.2pypi:json50.12.0pypi:jsonpointer3.0.0pypi:jsonschema4.23.0pypi:jsonschema-specifications2025.4.1pypi:jupyter1.1.1pypi:jupyter-client8.6.3pypi:jupyter-console6.6.3pypi:jupyter-events0.12.0pypi:jupyter-lsp2.2.5pypi:jupyter-server-terminals0.5.3pypi:jupyterlab-pygments0.3.0pypi:jupyterlab-server2.27.3pypi:jupyterlab-widgets3.0.13pypi:kaleido0.1.0.post1 · 0.2.1pypi:keyring25.6.0pypi:kiwisolver1.4.8This page displays 120 of 224 ordered rows. The machine-readable dossier retains the complete exact projection.
Certifi removes GLOBALTRUST root certificate
10 Jun 2026Jupyter Server has a CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat` (from huntr)
13 Jul 2026Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write
13 Jul 2026Werkzeug safe_join() allows Windows special device names
13 Jul 2026Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain
07 Jul 2026Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation
13 Jul 2026Soup Sieve has Memory Exhaustion via Large Comma-Separated Selector Lists
13 Jul 2026urllib3 streaming API improperly handles highly compressed data
07 Jul 2026Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
07 Jul 2026JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request
08 Jun 2026Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)
07 Jul 2026Tornado: Authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient
13 Jul 2026urllib3 does not control redirects in browsers and Node.js
07 Jul 2026nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames
13 Jul 2026pip's fallback tar extraction doesn't check symbolic links point to extraction directory
07 Jul 2026Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching
13 Jul 2026Vulnerable OpenSSL included in cryptography wheels
16 Jun 2026Jupyter Server: Path Traversal via incorrect startswith() root directory check allows access to sibling directories
06 Jun 2026Mistune has XSS via unescaped figclass/figwidth in Figure directive
09 Jun 2026jaraco.context Has a Path Traversal Vulnerability
07 Jul 2026pip has an interpretation conflict due to handling both concatenated tar and ZIP files as ZIP files
13 Jul 2026virtualenv Has TOCTOU Vulnerabilities in Directory Creation
07 Jul 2026Jupyter Server's Authentication Cookies Remain Valid After Password Reset and Server Restart
06 Jun 2026setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write
11 May 2026Python-Markdown has an Uncaught Exception
10 Jun 2026Pillow has a heap buffer overflow with nested list coordinates
13 Jul 2026Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix
08 Jul 2026Flask session does not add `Vary: Cookie` header when accessed in some ways
13 Jul 2026MessagePack for Python: Out-of-bounds read / crash on Unpacker reuse after a caught error
08 Jul 2026pip Path Traversal vulnerability
07 Jul 2026pytest has vulnerable tmpdir handling
07 Jul 2026Poetry has Path Traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4
13 Jul 2026fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib
07 Jul 2026Tornado has incomplete validation of cookie attributes
13 Jul 2026Vulnerable OpenSSL included in cryptography wheels
07 Jul 2026Tornado vulnerable to excessive logging caused by malformed multipart form data
07 Jul 2026nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding
13 Jul 2026Soup Sieve: Regular Expression Denial of Service (ReDoS) via Selector Parser
13 Jul 2026Werkzeug safe_join() allows Windows special device names with compound extensions
07 Jul 2026Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows
13 Jul 2026Mistune Math Plugin has an XSS Escape Bypass
13 Jul 2026Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input
13 Jul 2026Bleach: URI sanitization allows disallowed URI schemes with Unicode > U+00A0 in output
18 Jun 2026WeasyPrint has a Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect
07 Jul 2026Requests vulnerable to .netrc credentials leak via malicious URLs
07 Jul 2026HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering
13 Jul 2026Requests `Session` object does not verify requests after making first request with verify=False
07 Jul 2026Pillow affected by out-of-bounds write when loading PSD images
13 Jul 2026The collector reads bounded lockfiles, SBOMs and exact double-equals pins at one immutable commit. Version ranges are never resolved by assumption.
Retrieval, parsing, matching and publishing use no generative AI model.i6eal (2026): strahlenexposition — exact AI dependency evidence dossier, data state 19 Jul 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/repository/opencode-5142/
We build source-backed data products with stable identities, reproducible joins and boundaries that remain visible.
These tools complement the current result.