openkfw/truspaceThis dossier retains 1,931 exact component occurrences from 3 published evidence files at one immutable repository commit.
Published dependency evidence does not prove deployment, productive use, procurement or runtime reachability.
project ID + commit SHA + exact evidence pathEvery file remains tied to the observed commit. A parse error stays visible and never becomes a zero.
sha256:f03c393a70e9c784f088f09c96ba0e208852f7df3d2e4b28e4587c7a3a77ba32sha256:0e07630f799f59cc238d7821d2e5a81266651c4a1e0bd3a4004380761f1f26ffsha256:b5a3aac648953ee59dc087a49a415b61cb6279d65478380ab72faf56de0e70bdnpm:ollama0.5.18npm:axios1.15.025 OSV records returnednpm:undici7.24.414 OSV records returnednpm:next15.5.1513 OSV records returnednpm:nodemailer8.0.54 OSV records returnednpm:minimatch10.2.4 · 3.1.2 · 3.1.5 · 9.0.93 OSV records returnednpm:qs6.14.1 · 6.14.23 OSV records returnednpm:brace-expansion1.1.12 · 1.1.13 · 2.0.3 · 5.0.52 OSV records returnednpm:fast-uri3.1.02 OSV records returnednpm:flatted3.4.22 OSV records returnednpm:js-yaml3.14.2 · 4.1.12 OSV records returnednpm:lodash4.17.21 · 4.18.12 OSV records returnednpm:markdown-it14.1.12 OSV records returnednpm:multer2.1.12 OSV records returnednpm:picomatch2.3.1 · 2.3.2 · 4.0.42 OSV records returnednpm:@babel/core7.28.61 OSV record returnednpm:@babel/plugin-transform-modules-systemjs7.28.51 OSV record returnednpm:ajv6.14.0 · 8.18.01 OSV record returnednpm:bn.js4.12.2 · 5.2.21 OSV record returnednpm:diff3.5.0 · 4.0.41 OSV record returnednpm:elliptic6.6.11 OSV record returnednpm:follow-redirects1.16.01 OSV record returnednpm:form-data4.0.51 OSV record returnednpm:glob13.0.6 · 7.2.31 OSV record returnednpm:icu-minify4.9.11 OSV record returnednpm:ip-address10.1.01 OSV record returnednpm:joi17.13.31 OSV record returnednpm:js-cookie3.0.51 OSV record returnednpm:jws4.0.11 OSV record returnednpm:linkify-it5.0.01 OSV record returnednpm:morgan1.10.11 OSV record returnednpm:next-intl4.9.11 OSV record returnednpm:path-to-regexp0.1.131 OSV record returnednpm:postcss8.4.31 · 8.5.61 OSV record returnednpm:shell-quote1.8.31 OSV record returnednpm:tar7.5.111 OSV record returnednpm:tmp0.2.51 OSV record returnednpm:uuid14.0.0 · 8.3.21 OSV record returnednpm:@alloc/quick-lru5.2.0npm:@babel/code-frame7.28.6npm:@babel/compat-data7.28.6npm:@babel/generator7.28.6npm:@babel/helper-annotate-as-pure7.27.3npm:@babel/helper-compilation-targets7.28.6npm:@babel/helper-create-class-features-plugin7.28.6npm:@babel/helper-create-regexp-features-plugin7.28.5npm:@babel/helper-define-polyfill-provider0.6.5npm:@babel/helper-globals7.28.0npm:@babel/helper-member-expression-to-functions7.28.5npm:@babel/helper-module-imports7.28.6npm:@babel/helper-module-transforms7.28.6npm:@babel/helper-optimise-call-expression7.27.1npm:@babel/helper-plugin-utils7.28.6npm:@babel/helper-remap-async-to-generator7.27.1npm:@babel/helper-replace-supers7.28.6npm:@babel/helper-skip-transparent-expression-wrappers7.27.1npm:@babel/helper-string-parser7.27.1npm:@babel/helper-validator-identifier7.28.5npm:@babel/helper-validator-option7.27.1npm:@babel/helper-wrap-function7.28.6npm:@babel/helpers7.28.6npm:@babel/parser7.28.6npm:@babel/plugin-bugfix-firefox-class-in-computed-class-key7.28.5npm:@babel/plugin-bugfix-safari-class-field-initializer-scope7.27.1npm:@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression7.27.1npm:@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining7.27.1npm:@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly7.28.6npm:@babel/plugin-proposal-class-properties7.18.6npm:@babel/plugin-proposal-object-rest-spread7.20.7npm:@babel/plugin-proposal-private-property-in-object7.21.0-placeholder-for-preset-env.2npm:@babel/plugin-syntax-import-assertions7.28.6npm:@babel/plugin-syntax-import-attributes7.28.6npm:@babel/plugin-syntax-jsx7.28.6npm:@babel/plugin-syntax-object-rest-spread7.8.3npm:@babel/plugin-syntax-unicode-sets-regex7.18.6npm:@babel/plugin-transform-arrow-functions7.27.1npm:@babel/plugin-transform-async-generator-functions7.28.6npm:@babel/plugin-transform-async-to-generator7.28.6npm:@babel/plugin-transform-block-scoped-functions7.27.1npm:@babel/plugin-transform-block-scoping7.28.6npm:@babel/plugin-transform-class-properties7.28.6npm:@babel/plugin-transform-class-static-block7.28.6npm:@babel/plugin-transform-classes7.28.6npm:@babel/plugin-transform-computed-properties7.28.6npm:@babel/plugin-transform-destructuring7.28.5npm:@babel/plugin-transform-dotall-regex7.28.6npm:@babel/plugin-transform-duplicate-keys7.27.1npm:@babel/plugin-transform-duplicate-named-capturing-groups-regex7.28.6npm:@babel/plugin-transform-dynamic-import7.27.1npm:@babel/plugin-transform-explicit-resource-management7.28.6npm:@babel/plugin-transform-exponentiation-operator7.28.6npm:@babel/plugin-transform-export-namespace-from7.27.1npm:@babel/plugin-transform-for-of7.27.1npm:@babel/plugin-transform-function-name7.27.1npm:@babel/plugin-transform-json-strings7.28.6npm:@babel/plugin-transform-literals7.27.1npm:@babel/plugin-transform-logical-assignment-operators7.28.6npm:@babel/plugin-transform-member-expression-literals7.27.1npm:@babel/plugin-transform-modules-amd7.27.1npm:@babel/plugin-transform-modules-commonjs7.28.6npm:@babel/plugin-transform-modules-umd7.27.1npm:@babel/plugin-transform-named-capturing-groups-regex7.27.1npm:@babel/plugin-transform-new-target7.27.1npm:@babel/plugin-transform-nullish-coalescing-operator7.28.6npm:@babel/plugin-transform-numeric-separator7.28.6npm:@babel/plugin-transform-object-rest-spread7.28.6npm:@babel/plugin-transform-object-super7.27.1npm:@babel/plugin-transform-optional-catch-binding7.28.6npm:@babel/plugin-transform-optional-chaining7.28.6npm:@babel/plugin-transform-parameters7.27.7npm:@babel/plugin-transform-private-methods7.28.6npm:@babel/plugin-transform-private-property-in-object7.28.6npm:@babel/plugin-transform-property-literals7.27.1npm:@babel/plugin-transform-react-display-name7.28.0npm:@babel/plugin-transform-react-jsx7.28.6npm:@babel/plugin-transform-react-jsx-development7.27.1npm:@babel/plugin-transform-react-pure-annotations7.27.1npm:@babel/plugin-transform-regenerator7.28.6npm:@babel/plugin-transform-regexp-modifiers7.28.6npm:@babel/plugin-transform-reserved-words7.27.1This page displays 120 of 1,430 ordered rows. The machine-readable dossier retains the complete exact projection.
LinkifyIt#match scan loop has quadratic algorithmic complexity
30 Jun 2026minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions
28 Feb 2026flatted vulnerable to unbounded recursion DoS in parse() revive phase
17 Mar 2026Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes
14 May 2026Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection
17 Jun 2026Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up
14 May 2026ajv has ReDoS when using `$data` option
04 Mar 2026Undici has an HTTP Request/Response Smuggling issue
18 Mar 2026axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`
12 Jun 2026undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse
21 Jun 2026Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n
14 May 2026bn.js affected by an infinite loop
25 Feb 2026path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters
08 Jul 2026markdown-it is has a Regular Expression Denial of Service (ReDoS)
18 Feb 2026axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge
12 Jun 2026Next.js's Middleware / Proxy redirects can be cache-poisoned
14 May 2026Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads
17 Jun 2026Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF
08 May 2026minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern
24 Feb 2026Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching
28 Mar 2026Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`
06 May 2026Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig
08 May 2026Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream
06 May 2026Next.js has a Middleware / Proxy bypass through dynamic route parameter injection
14 May 2026Undici has CRLF Injection in undici via `upgrade` option
18 Mar 2026next-intl has prototype pollution with `experimental.messages.precompile` via attacker-controlled translation catalog keys
06 May 2026Axios is vulnerable to DoS attack through lack of data size check
04 Feb 2026morgan vulnerable to Log Forging via unneutralized control characters in :remote-user
10 Jul 2026@babel/core: Arbitrary File Read via sourceMappingURL Comment
16 Jul 2026Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0
06 May 2026glob CLI: Command injection via -c/--cmd executes matches with shell:true
04 Feb 2026Axios: unbounded recursion in toFormData causes DoS via deeply nested request data
08 Jun 2026Axios: Header Injection via Prototype Pollution
06 May 2026qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion
04 Mar 2026markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations
18 Jun 2026Multer vulnerable to Denial of Service via deeply nested field names
17 Jun 2026jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch
05 Feb 2026Allocation of Resources Without Limits or Throttling in Axios
12 Jun 2026minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments
28 Feb 2026Elliptic Uses a Cryptographic Primitive with a Risky Implementation
17 Feb 2026auth0/node-jws Improperly Verifies HMAC Signature
04 Feb 2026axios has DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions
12 Jun 2026Next.js Vulnerable to Denial of Service with Server Components
13 May 2026Picomatch has a ReDoS vulnerability via extglob quantifiers
28 Mar 2026Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades
14 May 2026lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`
08 Jul 2026Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client
18 Mar 2026brace-expansion: Zero-step sequence causes process hang and memory exhaustion
27 Mar 2026The collector reads bounded lockfiles, SBOMs and exact double-equals pins at one immutable commit. Version ranges are never resolved by assumption.
Retrieval, parsing, matching and publishing use no generative AI model.i6eal (2026): TruSpace — exact AI dependency evidence dossier, data state 19 Jul 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/repository/opencode-6819/
We build source-backed data products with stable identities, reproducible joins and boundaries that remain visible.
These tools complement the current result.