uba-ki-lab/coding-agent-usage-simulationThis dossier retains 173 exact component occurrences from 1 published evidence files at one immutable repository commit.
Published dependency evidence does not prove deployment, productive use, procurement or runtime reachability.
project ID + commit SHA + exact evidence pathEvery file remains tied to the observed commit. A parse error stays visible and never becomes a zero.
sha256:bd553a0a85987dc2e10ac8a15fdc2c60ccd7405408e5ff41ef47eca9399dda7fpypi:vllm0.11.039 OSV records returnedpypi:transformers4.57.125 OSV records returnedpypi:torch2.8.023 OSV records returnedpypi:lmcache0.3.81 OSV record returnedpypi:datasets4.3.0pypi:openai2.6.1pypi:tokenizers0.22.1pypi:tiktoken0.12.0pypi:aiohttp3.13.130 OSV records returnedpypi:pillow12.0.015 OSV records returnedpypi:python-multipart0.0.208 OSV records returnedpypi:starlette0.49.08 OSV records returnedpypi:urllib32.5.07 OSV records returnedpypi:ray2.50.16 OSV records returnedpypi:jinja23.1.64 OSV records returnedpypi:cbor25.7.13 OSV records returnedpypi:requests2.32.53 OSV records returnedpypi:setuptools79.0.13 OSV records returnedpypi:filelock3.20.02 OSV records returnedpypi:mlx0.29.32 OSV records returnedpypi:protobuf6.33.02 OSV records returnedpypi:xgrammar0.1.252 OSV records returnedpypi:certifi2025.10.51 OSV record returnedpypi:click8.2.11 OSV record returnedpypi:diskcache5.6.31 OSV record returnedpypi:h110.16.01 OSV record returnedpypi:idna3.111 OSV record returnedpypi:msgpack1.1.21 OSV record returnedpypi:pyarrow22.0.01 OSV record returnedpypi:pygments2.19.21 OSV record returnedpypi:python-dotenv1.2.11 OSV record returnedpypi:sentencepiece0.2.11 OSV record returnedpypi:tqdm4.67.11 OSV record returnedpypi:aiofile3.9.0pypi:aiofiles25.1.0pypi:aiohappyeyeballs2.6.1pypi:aiosignal1.4.0pypi:annotated-doc0.0.3pypi:annotated-types0.7.0pypi:antlr4-python3-runtime4.9.3pypi:anyio4.11.0pypi:astor0.8.1pypi:attrs25.4.0pypi:awscrt0.28.2pypi:blake31.0.8pypi:cachetools6.2.1pypi:caio0.9.24pypi:cffi2.0.0pypi:charset-normalizer3.4.4pypi:cloudpickle3.1.1pypi:colorama0.4.6pypi:compressed-tensors0.11.0pypi:cufile-python0.2.0pypi:cupy-cuda12x13.6.0pypi:depyf0.19.0pypi:dill0.4.0pypi:distro1.9.0pypi:dnspython2.8.0pypi:einops0.8.1pypi:email-validator2.3.0pypi:fastapi0.120.1pypi:fastapi-cli0.0.14pypi:fastapi-cloud-cli0.3.1pypi:fastrlock0.8.3pypi:frozendict2.4.6pypi:frozenlist1.8.0pypi:fsspec2025.9.0pypi:gguf0.17.1pypi:h5py3.15.1pypi:hf-xet1.2.0pypi:httpcore1.0.9pypi:httptools0.7.1pypi:httpx0.28.1pypi:huggingface-hub0.36.0pypi:hydra-core1.3.2pypi:interegular0.3.3pypi:jiter0.11.1pypi:jsonschema4.25.1pypi:jsonschema-specifications2025.9.1pypi:lark1.2.2pypi:llguidance0.7.30pypi:llvmlite0.44.0pypi:lm-format-enforcer0.11.3pypi:markdown-it-py4.0.0pypi:markupsafe3.0.3pypi:mdurl0.1.2pypi:mistral-common1.8.5pypi:mlx-lm0.28.3pypi:mlx-metal0.29.3pypi:mpmath1.3.0pypi:msgspec0.19.0pypi:multidict6.7.0pypi:multiprocess0.70.16pypi:networkx3.5pypi:ninja1.13.0pypi:nixl0.7.0pypi:numba0.61.2pypi:numpy2.2.0pypi:nvidia-cublas-cu1212.8.4.1pypi:nvidia-cuda-cupti-cu1212.8.90pypi:nvidia-cuda-nvrtc-cu1212.8.93pypi:nvidia-cuda-runtime-cu1212.8.90pypi:nvidia-cudnn-cu129.10.2.21pypi:nvidia-cufft-cu1211.3.3.83pypi:nvidia-cufile-cu121.13.1.3pypi:nvidia-curand-cu1210.3.9.90pypi:nvidia-cusolver-cu1211.7.3.90pypi:nvidia-cusparse-cu1212.5.8.93pypi:nvidia-cusparselt-cu120.7.1pypi:nvidia-ml-py13.580.82pypi:nvidia-nccl-cu122.27.3pypi:nvidia-nvjitlink-cu1212.8.93pypi:nvidia-nvtx-cu1212.8.90pypi:nvtx0.2.13pypi:omegaconf2.3.0pypi:openai-harmony0.0.4pypi:opencv-python-headless4.12.0.88pypi:outlines-core0.2.11pypi:packaging25.0pypi:pandas2.3.3This page displays 120 of 173 ordered rows. The machine-readable dossier retains the complete exact projection.
Certifi removes GLOBALTRUST root certificate
10 Jun 2026HuggingFace transformers vulnerable to remote code execution
13 Jul 2026Starlette has possible denial-of-service vector when parsing large files in multipart forms
07 Jul 2026aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence
13 Jul 2026vLLM affected by RCE via auto_map dynamic module loading during model initialization
17 Jul 2026AIOHTTP has CRLF injection through multipart part content type header construction
13 Jul 2026urllib3 streaming API improperly handles highly compressed data
07 Jul 2026PyTorch susceptible to local Denial of Service
10 Jun 2026Transformers is vulnerable to ReDoS attack through its DonutProcessor class
07 Jul 2026Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)
07 Jul 2026Sentencepiece has a a heap overflow issue
07 Jul 2026cbor2 has a Denial of Service via Uncontrolled Recursion in cbor2.loads
13 Jul 2026vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class
07 Jul 2026LMCache: 16-bit multimodal hash collision can poison KV cache entries
16 Jul 2026vLLM: Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server
17 Jul 2026AIOHTTP has late size enforcement for non-file multipart fields causes memory DoS
13 Jul 2026vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors
17 Jul 2026urllib3 does not control redirects in browsers and Node.js
07 Jul 2026aiohttp: HTTP/1 Pipelined Requests Queue Without Limit
13 Jul 2026aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections
27 Jun 2026Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching
04 Feb 2026vLLM has RCE In Video Processing
17 Jul 2026Hugging Face Transformers vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer
07 Jul 2026Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching
13 Jul 2026PyTorch: `torch.load` with `weights_only=True` leads to remote code execution
04 Feb 2026AIOHTTP vulnerable to brute-force leak of internal static file path components
07 Jul 2026Denial of service (DoS) via deformation `multipart/form-data` boundary
07 Jul 2026Hugging Face Transformers is vulnerable to ReDoS through its MarianTokenizer
07 Jul 2026XGrammar affected by Denial of Service by infinite recursion grammars
07 Jul 2026vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving
17 Jul 2026setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write
11 May 2026python-multipart: Quadratic-time querystring parsing with semicolon separators causes CPU denial of service
13 Jul 2026Pillow has a heap buffer overflow with nested list coordinates
13 Jul 2026AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header injection/security bypass
16 Jul 2026aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines
13 Jul 2026Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix
08 Jul 2026AIOHTTP's unicode processing of header values could cause parsing discrepancies
07 Jul 2026vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`
17 Jul 2026HuggingFace Transformers allows for arbitrary code execution in the `Trainer` class
13 Jul 2026vLLM: Processing differential in multi-channel audio downmixing enables hidden-input/moderation bypass for audio models
17 Jul 2026vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server
07 Jul 2026AIOHTTP vulnerable to denial of service through large payloads
07 Jul 2026python-multipart: Semicolon treated as querystring field separator enables parameter smuggling
13 Jul 2026AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
07 Jul 2026vLLM: OOM Denial of Service via Audio Decompression Bomb
17 Jul 2026vLLM DOS: Remotely kill vllm over http with invalid JSON schema
04 Feb 2026Transformers Regular Expression Denial of Service (ReDoS) vulnerability
07 Jul 2026MessagePack for Python: Out-of-bounds read / crash on Unpacker reuse after a caught error
08 Jul 2026The collector reads bounded lockfiles, SBOMs and exact double-equals pins at one immutable commit. Version ranges are never resolved by assumption.
Retrieval, parsing, matching and publishing use no generative AI model.i6eal (2026): Coding Agent Usage Simulation — exact AI dependency evidence dossier, data state 19 Jul 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/repository/opencode-7674/
We build source-backed data products with stable identities, reproducible joins and boundaries that remain visible.
These tools complement the current result.