uba-ki-lab/photovoltaic_systemsThis dossier retains 99 exact component occurrences from 2 published evidence files at one immutable repository commit.
Published dependency evidence does not prove deployment, productive use, procurement or runtime reachability.
project ID + commit SHA + exact evidence pathEvery file remains tied to the observed commit. A parse error stays visible and never becomes a zero.
sha256:96f1a2a325045c8cc77018c4e6ddb5eee3755657b446c27c42dc724c0bcc6365pypi:torch2.7.023 OSV records returnedpypi:opencv-python4.11.0.86pypi:scikit-learn1.6.1pypi:pillow11.2.115 OSV records returnedpypi:urllib32.4.07 OSV records returnedpypi:pip25.1.16 OSV records returnedpypi:jinja23.1.64 OSV records returnedpypi:ujson5.10.04 OSV records returnedpypi:requests2.32.33 OSV records returnedpypi:setuptools80.8.03 OSV records returnedpypi:filelock3.18.02 OSV records returnedpypi:soupsieve2.72 OSV records returnedpypi:certifi2025.4.261 OSV record returnedpypi:click8.2.11 OSV record returnedpypi:fonttools4.58.01 OSV record returnedpypi:geopandas1.0.11 OSV record returnedpypi:idna3.101 OSV record returnedpypi:lxml5.4.01 OSV record returnedpypi:pyarrow20.0.01 OSV record returnedpypi:tqdm4.67.11 OSV record returnedpypi:affine2.4.0pypi:arrow1.3.0pypi:attrs25.3.0pypi:beautifulsoup44.13.4pypi:boolean-py5.0pypi:chardet5.2.0pypi:charset-normalizer3.4.2pypi:click-plugins1.1.1pypi:cligj0.7.2pypi:contourpy1.3.2pypi:cycler0.12.1pypi:cyclonedx-bom6.1.1pypi:cyclonedx-python-lib10.0.1pypi:defusedxml0.7.1pypi:fqdn1.5.1pypi:fsspec2025.5.0pypi:geojson3.2.0pypi:isoduration20.11.0pypi:joblib1.5.0pypi:jsonpointer3.0.0pypi:jsonschema4.23.0pypi:jsonschema-specifications2025.4.1pypi:kiwisolver1.4.8pypi:kneed0.8.5pypi:license-expression30.4.1pypi:markupsafe3.0.2pypi:matplotlib3.10.3pypi:mpmath1.3.0pypi:networkx3.4.2pypi:numpy2.2.6pypi:nvidia-cublas-cu1212.6.4.1pypi:nvidia-cuda-cupti-cu1212.6.80pypi:nvidia-cuda-nvrtc-cu1212.6.77pypi:nvidia-cuda-runtime-cu1212.6.77pypi:nvidia-cudnn-cu129.5.1.17pypi:nvidia-cufft-cu1211.3.0.4pypi:nvidia-cufile-cu121.11.1.6pypi:nvidia-curand-cu1210.3.7.77pypi:nvidia-cusolver-cu1211.7.1.2pypi:nvidia-cusparse-cu1212.5.4.2pypi:nvidia-cusparselt-cu120.6.3pypi:nvidia-nccl-cu122.26.2pypi:nvidia-nvjitlink-cu1212.6.85pypi:nvidia-nvtx-cu1212.6.77pypi:osmpythontools0.3.5pypi:packageurl-python0.16.0pypi:packaging25.0pypi:pandas2.2.3pypi:pip-requirements-parser32.0.1pypi:py-serializable2.0.0pypi:pyogrio0.11.0pypi:pyparsing3.2.3pypi:pyproj3.7.1pypi:python-dateutil2.9.0.post0pypi:pytz2025.2pypi:pyyaml6.0.2pypi:rasterio1.4.3pypi:referencing0.36.2pypi:rfc3339-validator0.1.4pypi:rfc39871.3.8pypi:rpds-py0.25.0pypi:scipy1.15.3pypi:segment-anything1.0pypi:shapely2.1.1pypi:six1.17.0pypi:sortedcontainers2.4.0pypi:supervision0.25.1pypi:sympy1.14.0pypi:threadpoolctl3.6.0pypi:tomli2.2.1pypi:torchvision0.22.0pypi:triton3.3.0pypi:types-python-dateutil2.9.0.20250516pypi:typing-extensions4.13.2pypi:tzdata2025.2pypi:uri-template1.3.0pypi:webcolors24.11.1pypi:xarray2025.4.0Certifi removes GLOBALTRUST root certificate
10 Jun 2026Soup Sieve has Memory Exhaustion via Large Comma-Separated Selector Lists
13 Jul 2026urllib3 streaming API improperly handles highly compressed data
07 Jul 2026PyTorch susceptible to local Denial of Service
10 Jun 2026Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)
07 Jul 2026UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()
18 Jul 2026urllib3 does not control redirects in browsers and Node.js
07 Jul 2026pip's fallback tar extraction doesn't check symbolic links point to extraction directory
07 Jul 2026PyTorch: `torch.load` with `weights_only=True` leads to remote code execution
04 Feb 2026pip has an interpretation conflict due to handling both concatenated tar and ZIP files as ZIP files
13 Jul 2026setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write
11 May 2026Pillow has a heap buffer overflow with nested list coordinates
13 Jul 2026geopandas SQL Injection Vulnerability in to_postgis() Allows Information Disclosure
10 Jun 2026Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix
08 Jul 2026pip Path Traversal vulnerability
07 Jul 2026fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib
07 Jul 2026Soup Sieve: Regular Expression Denial of Service (ReDoS) via Selector Parser
13 Jul 2026PyTorch Improper Resource Shutdown or Release vulnerability
14 Jul 2026Requests vulnerable to .netrc credentials leak via malicious URLs
07 Jul 2026Requests `Session` object does not verify requests after making first request with verify=False
07 Jul 2026UltraJSON has a Memory Leak in ujson.dump() on Write Failure
13 Jul 2026PyTorch Tuple Handler is Vulnerable to Memory Corruption through Manipulation of None Argument
09 Jun 2026UltraJSON has an integer overflow handling large indent leads to buffer overflow or infinite loop
13 Jul 2026Pillow affected by out-of-bounds write when loading PSD images
13 Jul 2026Jinja2 vulnerable to sandbox breakout through attr filter selecting format method
07 Jul 2026setuptools vulnerable to Command Injection via package URL
07 Jul 2026PyTorch is Vulnerable to Memory Consumption through pad_packed_sequence Function
10 Jun 2026tqdm CLI arguments injection attack
07 Jul 2026Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
13 Jul 2026urllib3 allows an unbounded number of links in the decompression chain
07 Jul 2026Jinja has a sandbox breakout through malicious filenames
07 Jul 2026Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
07 Jul 2026pip Vulnerable to Inclusion of Functionality from Untrusted Control Sphere
13 Jul 2026urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API
08 Jun 2026Command Injection in pip when used with Mercurial
10 Jun 2026urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
07 Jul 2026Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow)
13 Jul 2026Jinja has a sandbox breakout through indirect reference to format method
07 Jul 2026urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
20 May 2026PyTorch is vulnerable to memory corruption through its torch.lstm_cell function
10 Jun 2026filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock
07 Jul 2026Pillow has a PDF Parsing Trailer Infinite Loop (DoS)
13 Jul 2026Apache Arrow: Potential use-after-free when reading IPC file with pre-buffering
12 Jun 2026PyTorch is vulnerable to memory corruption through its torch.jit.script function
17 Jul 2026lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files
06 Jun 2026PyTorch is vulnerable to memory corruption through its unpack_sequence function
10 Jun 2026filelock has a TOCTOU race condition which allows symlink attacks during lock file creation
07 Jul 2026pip: Path traversal in console_scripts/gui_scripts entry point names allows installing scripts outside of target directory
14 Jul 2026The collector reads bounded lockfiles, SBOMs and exact double-equals pins at one immutable commit. Version ranges are never resolved by assumption.
Retrieval, parsing, matching and publishing use no generative AI model.i6eal (2026): photovoltaic_systems — exact AI dependency evidence dossier, data state 19 Jul 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/repository/opencode-5201/
We build source-backed data products with stable identities, reproducible joins and boundaries that remain visible.
These tools complement the current result.