landeshauptstadt-muenchen/mucgptThis dossier retains 1,436 exact component occurrences from 6 published evidence files at one immutable repository commit.
Published dependency evidence does not prove deployment, productive use, procurement or runtime reachability.
project ID + commit SHA + exact evidence pathEvery file remains tied to the observed commit. A parse error stays visible and never becomes a zero.
sha256:44e0d694f02cd214c54b25da38ab9b0eaf2a4c664964ae06090cedec67018049sha256:2eb0ec11652768111a4a6d4f824b2b5549f55799147de770f8f18b03384f5321sha256:70828dc1577a6bf89c797df375c70e16447a5b77c0b3f35e38fd7ace287a3d21sha256:c1e11c227a0654c5528afce5a748b5369d53932a01dc9dc178fdb43df5b8b396sha256:c03cad35a0de144b682e73973f926024bd213c60422024a3eba2b07a292f087bpypi:langchain-core1.4.77 OSV records returnedpypi:langchain-community0.4.14 OSV records returnedpypi:langchain1.3.93 OSV records returnedpypi:langgraph1.2.52 OSV records returnedpypi:langchain-openai1.2.11 OSV record returnedpypi:openai2.31.0npm:@huggingface/transformers4.2.0pypi:langchain-mcp-adapters0.2.2pypi:langchain-protocol0.0.15pypi:tiktoken0.12.0pypi:aiohttp3.14.130 OSV records returnednpm:undici6.27.014 OSV records returnedpypi:tornado6.5.710 OSV records returnedpypi:python-multipart0.0.31 · 0.0.328 OSV records returnedpypi:starlette1.3.18 OSV records returnedpypi:pyjwt2.13.07 OSV records returnedpypi:urllib32.7.07 OSV records returnednpm:vite7.3.57 OSV records returnedpypi:cryptography48.0.16 OSV records returnedpypi:jinja23.1.64 OSV records returnedpypi:langsmith0.8.183 OSV records returnedpypi:mcp1.28.13 OSV records returnednpm:minimatch10.2.5 · 3.1.5 · 5.1.93 OSV records returnedpypi:requests2.33.13 OSV records returnednpm:brace-expansion1.1.14 · 2.1.0 · 5.0.62 OSV records returnednpm:fast-uri3.1.22 OSV records returnedpypi:filelock3.29.02 OSV records returnednpm:flatted3.4.22 OSV records returnednpm:js-yaml4.2.02 OSV records returnedpypi:mako1.3.122 OSV records returnednpm:markdown-it14.2.02 OSV records returnednpm:picomatch2.3.2 · 4.0.42 OSV records returnedpypi:protobuf6.33.62 OSV records returnedpypi:pyasn10.6.32 OSV records returnednpm:@babel/core7.29.61 OSV record returnednpm:@babel/plugin-transform-modules-systemjs7.29.41 OSV record returnednpm:adm-zip0.5.171 OSV record returnednpm:ajv6.14.0 · 8.20.01 OSV record returnedpypi:certifi2026.4.221 OSV record returnedpypi:click8.3.31 OSV record returnednpm:glob11.1.01 OSV record returnedpypi:h110.16.01 OSV record returnedpypi:idna3.151 OSV record returnedpypi:jupyter-core5.9.11 OSV record returnedpypi:langchain-classic1.0.71 OSV record returnedpypi:langchain-text-splitters1.1.21 OSV record returnedpypi:langgraph-checkpoint4.1.11 OSV record returnedpypi:langgraph-sdk0.4.21 OSV record returnednpm:linkify-it5.0.11 OSV record returnedpypi:marshmallow3.26.21 OSV record returnedpypi:orjson3.11.91 OSV record returnednpm:path-to-regexp6.3.01 OSV record returnednpm:postcss8.5.101 OSV record returnednpm:prismjs1.30.01 OSV record returnedpypi:pydantic-settings2.14.21 OSV record returnedpypi:pygments2.20.01 OSV record returnedpypi:pytest9.0.31 OSV record returnedpypi:python-dotenv1.2.21 OSV record returnednpm:rollup4.60.21 OSV record returnedpypi:tqdm4.67.31 OSV record returnednpm:uuid14.0.01 OSV record returnedpypi:virtualenv21.2.4 · 21.3.11 OSV record returnednpm:yaml2.8.31 OSV record returnednpm:@antfu/install-pkg1.1.0npm:@apideck/better-ajv-errors0.3.7npm:@atlaskit/pragmatic-drag-and-drop1.8.1npm:@atlaskit/pragmatic-drag-and-drop-hitbox1.1.0npm:@babel/code-frame7.29.0npm:@babel/compat-data7.29.3npm:@babel/generator7.29.7npm:@babel/helper-annotate-as-pure7.27.3npm:@babel/helper-compilation-targets7.28.6npm:@babel/helper-create-class-features-plugin7.29.3npm:@babel/helper-create-regexp-features-plugin7.28.5npm:@babel/helper-define-polyfill-provider0.6.8npm:@babel/helper-globals7.28.0npm:@babel/helper-member-expression-to-functions7.28.5npm:@babel/helper-module-imports7.28.6npm:@babel/helper-module-transforms7.28.6npm:@babel/helper-optimise-call-expression7.27.1npm:@babel/helper-plugin-utils7.28.6npm:@babel/helper-remap-async-to-generator7.27.1npm:@babel/helper-replace-supers7.28.6npm:@babel/helper-skip-transparent-expression-wrappers7.27.1npm:@babel/helper-string-parser7.29.7npm:@babel/helper-validator-identifier7.29.7npm:@babel/helper-validator-option7.27.1npm:@babel/helper-wrap-function7.28.6npm:@babel/helpers7.29.2npm:@babel/parser7.29.7npm:@babel/plugin-bugfix-firefox-class-in-computed-class-key7.28.5npm:@babel/plugin-bugfix-safari-class-field-initializer-scope7.27.1npm:@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression7.27.1npm:@babel/plugin-bugfix-safari-rest-destructuring-rhs-array7.29.3npm:@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining7.27.1npm:@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly7.28.6npm:@babel/plugin-proposal-private-property-in-object7.21.0-placeholder-for-preset-env.2npm:@babel/plugin-syntax-import-assertions7.28.6npm:@babel/plugin-syntax-import-attributes7.28.6npm:@babel/plugin-syntax-unicode-sets-regex7.18.6npm:@babel/plugin-transform-arrow-functions7.27.1npm:@babel/plugin-transform-async-generator-functions7.29.0npm:@babel/plugin-transform-async-to-generator7.28.6npm:@babel/plugin-transform-block-scoped-functions7.27.1npm:@babel/plugin-transform-block-scoping7.28.6npm:@babel/plugin-transform-class-properties7.28.6npm:@babel/plugin-transform-class-static-block7.28.6npm:@babel/plugin-transform-classes7.28.6npm:@babel/plugin-transform-computed-properties7.28.6npm:@babel/plugin-transform-destructuring7.28.5npm:@babel/plugin-transform-dotall-regex7.28.6npm:@babel/plugin-transform-duplicate-keys7.27.1npm:@babel/plugin-transform-duplicate-named-capturing-groups-regex7.29.0npm:@babel/plugin-transform-dynamic-import7.27.1npm:@babel/plugin-transform-explicit-resource-management7.28.6npm:@babel/plugin-transform-exponentiation-operator7.28.6npm:@babel/plugin-transform-export-namespace-from7.27.1npm:@babel/plugin-transform-for-of7.27.1npm:@babel/plugin-transform-function-name7.27.1npm:@babel/plugin-transform-json-strings7.28.6This page displays 120 of 1,212 ordered rows. The machine-readable dossier retains the complete exact projection.
LinkifyIt#match scan loop has quadratic algorithmic complexity
30 Jun 2026minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions
28 Feb 2026Certifi removes GLOBALTRUST root certificate
10 Jun 2026flatted vulnerable to unbounded recursion DoS in parse() revive phase
17 Mar 2026Starlette has possible denial-of-service vector when parsing large files in multipart forms
07 Jul 2026aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence
13 Jul 2026ajv has ReDoS when using `$data` option
04 Mar 2026LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages
13 Jul 2026Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookup
13 Jul 2026Undici has an HTTP Request/Response Smuggling issue
18 Mar 2026AIOHTTP has CRLF injection through multipart part content type header construction
13 Jul 2026urllib3 streaming API improperly handles highly compressed data
07 Jul 2026Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
07 Jul 2026undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse
21 Jun 2026LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning
13 Jul 2026path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters
08 Jul 2026markdown-it is has a Regular Expression Denial of Service (ReDoS)
18 Feb 2026Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)
07 Jul 2026minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern
24 Feb 2026Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching
28 Mar 2026AIOHTTP has late size enforcement for non-file multipart fields causes memory DoS
13 Jul 2026Tornado: Authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient
13 Jul 2026Marshmallow has DoS in Schema.load(many)
07 Jul 2026Langchain SQL Injection vulnerability
07 Jul 2026yaml is vulnerable to Stack Overflow via deeply nested YAML collections
27 Mar 2026urllib3 does not control redirects in browsers and Node.js
07 Jul 2026Undici has CRLF Injection in undici via `upgrade` option
18 Mar 2026aiohttp: HTTP/1 Pipelined Requests Queue Without Limit
13 Jul 2026aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections
27 Jun 2026Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling
09 Apr 2026@babel/core: Arbitrary File Read via sourceMappingURL Comment
16 Jul 2026pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size
08 Jul 2026Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching
13 Jul 2026Vulnerable OpenSSL included in cryptography wheels
16 Jun 2026AIOHTTP vulnerable to brute-force leak of internal static file path components
07 Jul 2026virtualenv Has TOCTOU Vulnerabilities in Directory Creation
07 Jul 2026Denial of service (DoS) via deformation `multipart/form-data` boundary
07 Jul 2026langchain-core allows unauthorized users to read arbitrary files from the host file system
07 Jul 2026glob CLI: Command injection via -c/--cmd executes matches with shell:true
04 Feb 2026python-multipart: Quadratic-time querystring parsing with semicolon separators causes CPU denial of service
13 Jul 2026AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header injection/security bypass
16 Jul 2026aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines
13 Jul 2026pyasn1 has a DoS vulnerability in decoder
07 Jul 2026Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix
08 Jul 2026AIOHTTP's unicode processing of header values could cause parsing discrepancies
07 Jul 2026AIOHTTP vulnerable to denial of service through large payloads
07 Jul 2026python-multipart: Semicolon treated as querystring field separator enables parameter smuggling
13 Jul 2026AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
07 Jul 2026The collector reads bounded lockfiles, SBOMs and exact double-equals pins at one immutable commit. Version ranges are never resolved by assumption.
Retrieval, parsing, matching and publishing use no generative AI model.i6eal (2026): MUCGPT — exact AI dependency evidence dossier, data state 19 Jul 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/repository/opencode-7202/
We build source-backed data products with stable identities, reproducible joins and boundaries that remain visible.
These tools complement the current result.