← Back to the AI Dependency AtlasExact repository supply-chain dossier

kiva-llm-gateway

baden-wuerttemberg/innenministerium/kiva.platform/kiva-llm-gateway
npm · pypi

This dossier retains 212 exact component occurrences from 5 published evidence files at one immutable repository commit.

opencode:77814a5cd798be9bproject ID + commit SHA + exact evidence path

Published dependency evidence does not prove deployment, productive use, procurement or runtime reachability.

project ID + commit SHA + exact evidence path
212exact component occurrences
210package identities
5evidence files
109OSV records returned
Exact published evidence

Files that resolve this repository’s dependencies

Every file remains tied to the observed commit. A parse error stays visible and never becomes a zero.

Evidence path.circleci/requirements.txt
Format
exact-manifest-pin
Parser state
parsed
Resolved components
1
Open exact source ↗
Evidence pathdocker/build_from_pip/requirements.txt
Format
exact-manifest-pin
Parser state
parsed
Resolved components
1
Open exact source ↗
Evidence pathlitellm-proxy-extras/poetry.locksha256:7aacdd2d6bddd29e968ce7bc8a8d6d1bad7e45a49b3f9c5578218167369ecc43
Format
poetry-lock
Parser state
empty
Resolved components
0
Open exact source ↗
Evidence pathpackage-lock.jsonsha256:d294856f064f2df8e74e9938d8f1f07f410acbc4071ec9e1a71d093eb5f1ebc3
Format
npm-lock
Parser state
parsed
Resolved components
22
Open exact source ↗
Evidence pathpoetry.locksha256:6b6c7f6f3e100b48b887d7b16e1a7cd9be71e2de24e5221fe66df332d05d305b
Format
poetry-lock
Parser state
parsed
Resolved components
188
Open exact source ↗
Observed relations

Package identities at this commit

pypiLiteLLMpypi:litellm
1 Occurrence1.67.4.dev1
MIT8 OSV records returned
pypiOpenAI SDKpypi:openai
2 Occurrences1.81.0 · 1.91.0
Apache-2.0
pypiHugging Face Tokenizerspypi:tokenizers
1 Occurrence0.21.0
non-standard
pypitiktokenpypi:tiktoken
1 Occurrence0.7.0
non-standard
pypiaiohttppypi:aiohttp
1 Occurrence3.10.11
Apache-2.0 · Apache-2.0 AND MIT30 OSV records returned
pypipython-multipartpypi:python-multipart
1 Occurrence0.0.18
Apache-2.08 OSV records returned
pypistarlettepypi:starlette
1 Occurrence0.44.0
BSD-3-Clause8 OSV records returned
pypipyjwtpypi:pyjwt
1 Occurrence2.9.0
MIT7 OSV records returned
pypiurllib3pypi:urllib3
1 Occurrence2.2.3
MIT7 OSV records returned
pypicryptographypypi:cryptography
1 Occurrence43.0.3
Apache-2.0 OR BSD-3-Clause6 OSV records returned
pypijinja2pypi:jinja2
1 Occurrence3.1.6
BSD-3-Clause · non-standard4 OSV records returned
pypiblackpypi:black
1 Occurrence23.12.1
MIT3 OSV records returned
pypimcppypi:mcp
1 Occurrence1.10.0
MIT3 OSV records returned
pypirequestspypi:requests
1 Occurrence2.31.0
Apache-2.03 OSV records returned
pypifilelockpypi:filelock
1 Occurrence3.16.1
MIT · Unlicense2 OSV records returned
pypiprotobufpypi:protobuf
1 Occurrence4.25.8
BSD-3-Clause2 OSV records returned
pypipyasn1pypi:pyasn1
1 Occurrence0.6.1
BSD-2-Clause2 OSV records returned
pypiazure-corepypi:azure-core
1 Occurrence1.33.0
MIT1 OSV record returned
pypicertifipypi:certifi
1 Occurrence2025.6.15
MPL-2.01 OSV record returned
pypiclickpypi:click
1 Occurrence8.1.8
BSD-3-Clause · non-standard1 OSV record returned
pypidiskcachepypi:diskcache
1 Occurrence5.6.3
Apache-2.01 OSV record returned
pypifastapi-ssopypi:fastapi-sso
1 Occurrence0.16.0
MIT1 OSV record returned
pypih11pypi:h11
1 Occurrence0.16.0
MIT1 OSV record returned
pypih2pypi:h2
1 Occurrence4.1.0
MIT1 OSV record returned
pypiidnapypi:idna
1 Occurrence3.10
BSD-3-Clause · non-standard1 OSV record returned
pypiorjsonpypi:orjson
1 Occurrence3.10.15
Apache-2.0 OR MIT · MPL-2.0 AND (Apache-2.0 OR MIT)1 OSV record returned
pypipydantic-settingspypi:pydantic-settings
1 Occurrence2.10.1
MIT1 OSV record returned
pypipygmentspypi:pygments
1 Occurrence2.19.2
BSD-2-Clause1 OSV record returned
pypipynaclpypi:pynacl
1 Occurrence1.5.0
Apache-2.01 OSV record returned
pypipytestpypi:pytest
1 Occurrence7.4.4
MIT1 OSV record returned
pypipython-dotenvpypi:python-dotenv
1 Occurrence1.0.1
BSD-3-Clause1 OSV record returned
pypitqdmpypi:tqdm
1 Occurrence4.67.1
MIT AND MPL-2.01 OSV record returned
pypivirtualenvpypi:virtualenv
1 Occurrence20.34.0
MIT1 OSV record returned
npm@prisma/debugnpm:@prisma/debug
1 Occurrence5.17.0
Apache-2.0
npm@prisma/enginesnpm:@prisma/engines
1 Occurrence5.17.0
Apache-2.0
npm@prisma/engines-versionnpm:@prisma/engines-version
1 Occurrence5.17.0-31.393aa359c9ad4a4bb28630fb5613f9c281cde053
Apache-2.0
npm@prisma/fetch-enginenpm:@prisma/fetch-engine
1 Occurrence5.17.0
Apache-2.0
npm@prisma/get-platformnpm:@prisma/get-platform
1 Occurrence5.17.0
Apache-2.0
npm@types/prismjsnpm:@types/prismjs
1 Occurrence1.26.5
MIT
npm@types/prop-typesnpm:@types/prop-types
1 Occurrence15.7.12
MIT
npm@types/reactnpm:@types/react
1 Occurrence18.2.73
MIT
npm@types/react-copy-to-clipboardnpm:@types/react-copy-to-clipboard
1 Occurrence5.0.7
MIT
pypiaiohappyeyeballspypi:aiohappyeyeballs
1 Occurrence2.4.4
PSF-2.0
pypiaiosignalpypi:aiosignal
1 Occurrence1.3.1
Apache-2.0
pypialabasterpypi:alabaster
1 Occurrence0.7.13
non-standard
pypiannotated-typespypi:annotated-types
1 Occurrence0.7.0
MIT
pypianyiopypi:anyio
1 Occurrence4.5.2
MIT
pypiapschedulerpypi:apscheduler
1 Occurrence3.11.0
MIT
pypiasync-timeoutpypi:async-timeout
1 Occurrence5.0.1
Apache-2.0
pypiattrspypi:attrs
1 Occurrence25.3.0
MIT
pypiazure-identitypypi:azure-identity
1 Occurrence1.21.0
MIT
pypiazure-keyvault-secretspypi:azure-keyvault-secrets
1 Occurrence4.9.0
MIT
pypibabelpypi:babel
1 Occurrence2.17.0
BSD-3-Clause
pypibackoffpypi:backoff
1 Occurrence2.2.1
MIT
pypiboolean-pypypi:boolean-py
1 Occurrence5.0
BSD-2-Clause
pypiboto3pypi:boto3
1 Occurrence1.34.34
Apache-2.0
pypibotocorepypi:botocore
1 Occurrence1.34.162
Apache-2.0
pypicachetoolspypi:cachetools
1 Occurrence5.5.2
MIT
pypicffipypi:cffi
1 Occurrence1.17.1
MIT
pypicfgvpypi:cfgv
1 Occurrence3.4.0
MIT
pypicharset-normalizerpypi:charset-normalizer
1 Occurrence3.4.2
MIT
npmclsxnpm:clsx
1 Occurrence2.1.1
MIT
pypicoloramapypi:colorama
1 Occurrence0.4.6
non-standard
pypicoloredlogspypi:coloredlogs
1 Occurrence15.0.1
MIT
npmcopy-to-clipboardnpm:copy-to-clipboard
1 Occurrence3.3.3
MIT
npmcsstypenpm:csstype
1 Occurrence3.1.3
MIT
pypideprecatedpypi:deprecated
1 Occurrence1.2.18
MIT
pypidistlibpypi:distlib
1 Occurrence0.4.0
PSF-2.0
pypidistropypi:distro
1 Occurrence1.9.0
Apache-2.0
pypidnspythonpypi:dnspython
1 Occurrence2.6.1
ISC
pypidocutilspypi:docutils
1 Occurrence0.20.1
non-standard
pypiemail-validatorpypi:email-validator
1 Occurrence2.2.0
Unlicense
pypiexceptiongrouppypi:exceptiongroup
1 Occurrence1.3.0
MIT
pypifastapipypi:fastapi
1 Occurrence0.115.13
MIT
pypiflake8pypi:flake8
1 Occurrence6.1.0
MIT
pypifrozenlistpypi:frozenlist
1 Occurrence1.5.0
Apache-2.0
pypifsspecpypi:fsspec
1 Occurrence2025.3.0
BSD-3-Clause · non-standard
pypigoogle-api-corepypi:google-api-core
1 Occurrence2.25.1
Apache-2.0
pypigoogle-authpypi:google-auth
1 Occurrence2.40.3
Apache-2.0
pypigoogle-cloud-kmspypi:google-cloud-kms
1 Occurrence2.24.2
Apache-2.0
pypigoogleapis-common-protospypi:googleapis-common-protos
1 Occurrence1.70.0
Apache-2.0
pypigrpc-google-iam-v1pypi:grpc-google-iam-v1
1 Occurrence0.14.2
Apache-2.0
pypigrpciopypi:grpcio
1 Occurrence1.70.0
Apache-2.0
pypigrpcio-statuspypi:grpcio-status
1 Occurrence1.62.3
Apache-2.0
pypigunicornpypi:gunicorn
1 Occurrence23.0.0
MIT
pypihf-xetpypi:hf-xet
1 Occurrence1.1.5
Apache-2.0
pypihpackpypi:hpack
1 Occurrence4.0.0
MIT
pypihttpcorepypi:httpcore
1 Occurrence1.0.9
BSD-3-Clause
pypihttpxpypi:httpx
1 Occurrence0.28.1
BSD-3-Clause
pypihttpx-ssepypi:httpx-sse
1 Occurrence0.4.1
MIT
pypihuggingface-hubpypi:huggingface-hub
1 Occurrence0.33.1
Apache-2.0 · non-standard
pypihumanfriendlypypi:humanfriendly
1 Occurrence10.0
MIT
pypihypercornpypi:hypercorn
1 Occurrence0.15.0
MIT
pypihyperframepypi:hyperframe
1 Occurrence6.0.1
MIT
pypiidentifypypi:identify
1 Occurrence2.6.14
MIT
pypiimagesizepypi:imagesize
1 Occurrence1.4.1
MIT
pypiimportlib-metadatapypi:importlib-metadata
1 Occurrence7.1.0
Apache-2.0 · non-standard
pypiiniconfigpypi:iniconfig
1 Occurrence2.1.0
MIT
pypiisodatepypi:isodate
1 Occurrence0.7.2
non-standard
pypijiterpypi:jiter
1 Occurrence0.9.1
MIT
pypijmespathpypi:jmespath
1 Occurrence1.0.1
MIT
npmjs-tokensnpm:js-tokens
1 Occurrence4.0.0
MIT
pypijsonschemapypi:jsonschema
1 Occurrence4.23.0
MIT
pypijsonschema-specificationspypi:jsonschema-specifications
1 Occurrence2023.12.1
MIT
pypilangfusepypi:langfuse
1 Occurrence2.54.1
MIT
pypilicense-expressionpypi:license-expression
1 Occurrence30.4.4
Apache-2.0
pypilitellm-proxy-extraspypi:litellm-proxy-extras
1 Occurrence0.2.10
Not reported
npmloose-envifynpm:loose-envify
1 Occurrence1.4.0
MIT
pypimarkdown-it-pypypi:markdown-it-py
1 Occurrence3.0.0
MIT
pypimarkupsafepypi:markupsafe
1 Occurrence2.1.5
BSD-3-Clause · non-standard
pypimccabepypi:mccabe
1 Occurrence0.7.0
non-standard
pypimdurlpypi:mdurl
1 Occurrence0.1.2
MIT
pypiml-dtypespypi:ml-dtypes
1 Occurrence0.4.1
non-standard
pypimsalpypi:msal
1 Occurrence1.32.3
MIT
pypimsal-extensionspypi:msal-extensions
1 Occurrence1.3.0
MIT
pypimultidictpypi:multidict
1 Occurrence6.1.0
Apache-2.0
pypimypypypi:mypy
1 Occurrence1.14.1
MIT
pypimypy-extensionspypi:mypy-extensions
1 Occurrence1.1.0
MIT
pypinodeenvpypi:nodeenv
1 Occurrence1.9.1
non-standard
pypinumpypypi:numpy
2 Occurrences1.26.4 · 2.3.1
0BSD AND BSD-3-Clause AND CC0-1.0 AND MIT AND Zlib · non-standard

This page displays 120 of 210 ordered rows. The machine-readable dossier retains the complete exact projection.

OSV

Related OSV records

GHSA-248v-346w-9cwc

Certifi removes GLOBALTRUST root certificate

1 repository10 Jun 2026
GHSA-2c2j-9gv5-cj73

Starlette has possible denial-of-service vector when parsing large files in multipart forms

4 repositories07 Jul 2026
GHSA-2fqr-mr3j-6wp8

aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence

9 repositories13 Jul 2026
GHSA-2vrm-gr82-f7m5

AIOHTTP has CRLF injection through multipart part content type header construction

9 repositories13 Jul 2026
GHSA-2xpw-w6gg-jr37

urllib3 streaming API improperly handles highly compressed data

13 repositories07 Jul 2026
GHSA-38jv-5279-wg99

Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)

13 repositories07 Jul 2026
GHSA-3936-cmfr-pm3m

Black: Arbitrary file writes from unsanitized user input in cache file name

1 repository13 Jul 2026
GHSA-3wq7-rqq7-wx6j

AIOHTTP has late size enforcement for non-file multipart fields causes memory DoS

9 repositories13 Jul 2026
GHSA-48p4-8xcf-vxj5

urllib3 does not control redirects in browsers and Node.js

7 repositories07 Jul 2026
GHSA-4fvr-rgm6-gqmc

aiohttp: HTTP/1 Pipelined Requests Queue Without Limit

9 repositories13 Jul 2026
GHSA-4m7w-qmgq-4wj5

aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections

9 repositories27 Jun 2026
GHSA-4xgf-cpjx-pc3j

pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size

2 repositories08 Jul 2026
GHSA-4xpc-pv4p-pm3w

LiteLLM: Authentication Bypass via Host Header Injection

4 repositories18 Jul 2026
GHSA-5239-wwwm-4pmq

Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching

13 repositories13 Jul 2026
GHSA-537c-gmf6-5ccf

Vulnerable OpenSSL included in cryptography wheels

7 repositories16 Jun 2026
GHSA-53mr-6c8q-9789

LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint

4 repositories13 Jul 2026
GHSA-54jq-c3m8-4m76

AIOHTTP vulnerable to brute-force leak of internal static file path components

7 repositories07 Jul 2026
GHSA-597g-3phw-6986

virtualenv Has TOCTOU Vulnerabilities in Directory Creation

6 repositories07 Jul 2026
GHSA-59g5-xgcq-4qw3

Denial of service (DoS) via deformation `multipart/form-data` boundary

1 repository07 Jul 2026
GHSA-5rvq-cxj2-64vf

python-multipart: Quadratic-time querystring parsing with semicolon separators causes CPU denial of service

5 repositories13 Jul 2026
GHSA-63hf-3vf5-4wqf

AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header injection/security bypass

9 repositories16 Jul 2026
GHSA-63hw-fmq6-xxg2

aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines

9 repositories13 Jul 2026
GHSA-63vm-454h-vhhq

pyasn1 has a DoS vulnerability in decoder

7 repositories07 Jul 2026
GHSA-65pc-fj4g-8rjx

Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix

17 repositories08 Jul 2026
GHSA-69f9-5gxw-wvc2

AIOHTTP's unicode processing of header values could cause parsing discrepancies

7 repositories07 Jul 2026
GHSA-69x8-hrgq-fjj8

LiteLLM: Password hash exposure and pass-the-hash authentication bypass

4 repositories17 Apr 2026
GHSA-6jhg-hg63-jvvf

AIOHTTP vulnerable to denial of service through large payloads

7 repositories07 Jul 2026
GHSA-6jv3-5f52-599m

python-multipart: Semicolon treated as querystring field separator enables parameter smuggling

5 repositories13 Jul 2026
GHSA-6mq8-rvhq-8wgg

AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb

7 repositories07 Jul 2026
GHSA-6w46-j5rx-g56g

pytest has vulnerable tmpdir handling

6 repositories07 Jul 2026
GHSA-752w-5fwx-jx9f

PyJWT accepts unknown `crit` header extensions

2 repositories08 Jun 2026
GHSA-79v4-65xg-pq4g

Vulnerable OpenSSL included in cryptography wheels

3 repositories07 Jul 2026
GHSA-7f5h-v6xp-fcq8

Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``

5 repositories07 Jul 2026
GHSA-7gcm-g887-7qv7

protobuf affected by a JSON recursion depth bypass

10 repositories07 Jul 2026
GHSA-82w8-qh3p-5jfq

Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS

8 repositories27 Jun 2026
GHSA-847f-9342-265h

h2 allows HTTP Request Smuggling due to illegal characters in headers

1 repository07 Jul 2026
GHSA-86qp-5c8j-p5mr

Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks

8 repositories10 Jul 2026
GHSA-8qvm-5x2c-j2w7

protobuf-python has a potential Denial of Service issue

3 repositories07 Jul 2026
GHSA-9548-qrrj-x5pj

AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections

4 repositories07 Jul 2026
GHSA-966j-vmvw-g2g9

AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect

9 repositories13 Jul 2026
GHSA-993g-76c3-p5m4

PyJWKClient: missing scheme allowlist enables CVE-2024-21643-class SSRF + token forgery via file://, ftp://, data: schemes

2 repositories16 Jun 2026
GHSA-9h52-p55h-vw2f

Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default

2 repositories16 Jul 2026
GHSA-9hjg-9r4m-mvj7

Requests vulnerable to .netrc credentials leak via malicious URLs

7 repositories07 Jul 2026
GHSA-9wx4-h78v-vm56

Requests `Session` object does not verify requests after making first request with verify=False

1 repository07 Jul 2026
GHSA-9x8q-7h8h-wcw9

aiohttp: Payload Response Resources Are Not Closed After Mid-Body Disconnect

9 repositories13 Jul 2026
GHSA-c427-h43c-vf67

AIOHTTP accepts duplicate Host headers

9 repositories13 Jul 2026
GHSA-cpwx-vrp4-4pq7

Jinja2 vulnerable to sandbox breakout through attr filter selecting format method

2 repositories07 Jul 2026
GHSA-f96h-pmfr-66vw

Starlette Denial of service (DoS) via multipart/form-data

1 repository07 Jul 2026
Interpretation boundary

Exact identities in, explicit limits out

The collector reads bounded lockfiles, SBOMs and exact double-equals pins at one immutable commit. Version ranges are never resolved by assumption.

Retrieval, parsing, matching and publishing use no generative AI model.

i6eal (2026): kiva-llm-gateway — exact AI dependency evidence dossier, data state 19 Jul 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/repository/opencode-7781/

Reading this dossier

Does this repository dossier prove deployment?
No. It documents dependencies published at one observed commit, not a deployed environment.
Why are exact versions required?
OSV and registry metadata can be linked reproducibly only to an observed package@version tuple. The collector never substitutes a newest release for a range.
Does a missing row mean the dependency is absent?
No. It means not observed within the bounded files and repository checkpoint. Incomplete trees and parser failures remain explicit.

Need a permanent dependency evidence trail for another public code cohort?

We build source-backed data products with stable identities, reproducible joins and boundaries that remain visible.

Discuss a data projectExplore all tools