← Back to the AI Dependency AtlasExact repository supply-chain dossier

Retrieval Evaluation

uba-ki-lab/retrieval-evaluation
pypi

This dossier retains 150 exact component occurrences from 1 published evidence files at one immutable repository commit.

opencode:7811f64bf5284329project ID + commit SHA + exact evidence path

Published dependency evidence does not prove deployment, productive use, procurement or runtime reachability.

project ID + commit SHA + exact evidence path
150exact component occurrences
150package identities
1evidence file
144OSV records returned
Exact published evidence

Files that resolve this repository’s dependencies

Every file remains tied to the observed commit. A parse error stays visible and never becomes a zero.

Evidence pathuv.locksha256:2b93eec49931aff00a2c694c2c913da38d615033ab4eb9432fdb647839db6dc5
Format
uv-lock
Parser state
parsed
Resolved components
150
Open exact source ↗
Observed relations

Package identities at this commit

pypiTransformerspypi:transformers
1 Occurrence4.57.1
Apache-2.025 OSV records returned
pypiPyTorchpypi:torch
1 Occurrence2.9.1
BSD-3-Clause23 OSV records returned
pypiAnthropic SDKpypi:anthropic
1 Occurrence0.46.0
MIT
pypiHugging Face Datasetspypi:datasets
1 Occurrence4.4.1
Apache-2.0
pypiLlamaIndex · Embeddings OpenAI Likepypi:llama-index-embeddings-openai-like
1 Occurrence0.2.2
MIT
pypiOpenAI SDKpypi:openai
1 Occurrence1.109.1
Apache-2.0
pypiHugging Face Tokenizerspypi:tokenizers
1 Occurrence0.22.1
non-standard
pypiLlamaIndex · Corepypi:llama-index-core
1 Occurrence0.14.8
MIT
pypiLlamaIndex · Vector Stores Milvuspypi:llama-index-vector-stores-milvus
1 Occurrence0.9.3
MIT
pypiMilvus Clientpypi:pymilvus
1 Occurrence2.6.3
non-standard
pypiscikit-learnpypi:scikit-learn
1 Occurrence1.7.2
BSD-3-Clause · non-standard
pypitiktokenpypi:tiktoken
1 Occurrence0.12.0
non-standard
pypiaiohttppypi:aiohttp
1 Occurrence3.13.2
Apache-2.0 · Apache-2.0 AND MIT30 OSV records returned
pypipillowpypi:pillow
1 Occurrence10.4.0
HPND · MIT-CMU15 OSV records returned
pypinltkpypi:nltk
1 Occurrence3.9.2
Apache-2.011 OSV records returned
pypiurllib3pypi:urllib3
1 Occurrence2.5.0
MIT7 OSV records returned
pypijinja2pypi:jinja2
1 Occurrence3.1.6
BSD-3-Clause · non-standard4 OSV records returned
pypirequestspypi:requests
1 Occurrence2.32.5
Apache-2.03 OSV records returned
pypisetuptoolspypi:setuptools
1 Occurrence80.9.0
MIT3 OSV records returned
pypifilelockpypi:filelock
1 Occurrence3.20.0
MIT · Unlicense2 OSV records returned
pypiprotobufpypi:protobuf
1 Occurrence6.33.1
BSD-3-Clause2 OSV records returned
pypipyasn1pypi:pyasn1
1 Occurrence0.6.1
BSD-2-Clause2 OSV records returned
pypisoupsievepypi:soupsieve
1 Occurrence2.8
MIT2 OSV records returned
pypibankspypi:banks
1 Occurrence2.2.0
MIT1 OSV record returned
pypicertifipypi:certifi
1 Occurrence2025.11.12
MPL-2.01 OSV record returned
pypiclickpypi:click
1 Occurrence8.3.1
BSD-3-Clause · non-standard1 OSV record returned
pypih11pypi:h11
1 Occurrence0.16.0
MIT1 OSV record returned
pypiidnapypi:idna
1 Occurrence3.11
BSD-3-Clause · non-standard1 OSV record returned
pypilxmlpypi:lxml
1 Occurrence6.0.2
BSD-3-Clause1 OSV record returned
pypimarkdownpypi:markdown
1 Occurrence3.10
BSD-3-Clause1 OSV record returned
pypimarshmallowpypi:marshmallow
1 Occurrence3.26.1
MIT1 OSV record returned
pypiorjsonpypi:orjson
1 Occurrence3.11.4
Apache-2.0 OR MIT · MPL-2.0 AND (Apache-2.0 OR MIT)1 OSV record returned
pypipyarrowpypi:pyarrow
1 Occurrence22.0.0
Apache-2.0 · non-standard1 OSV record returned
pypipydantic-settingspypi:pydantic-settings
1 Occurrence2.12.0
MIT1 OSV record returned
pypipygmentspypi:pygments
1 Occurrence2.19.2
BSD-2-Clause1 OSV record returned
pypipython-dotenvpypi:python-dotenv
1 Occurrence1.2.1
BSD-3-Clause1 OSV record returned
pypitqdmpypi:tqdm
1 Occurrence4.67.1
MIT AND MPL-2.01 OSV record returned
pypivirtualenvpypi:virtualenv
1 Occurrence20.35.4
MIT1 OSV record returned
pypiaiohappyeyeballspypi:aiohappyeyeballs
1 Occurrence2.6.1
PSF-2.0
pypiaiosignalpypi:aiosignal
1 Occurrence1.4.0
Apache-2.0
pypiaiosqlitepypi:aiosqlite
1 Occurrence0.21.0
MIT
pypiannotated-typespypi:annotated-types
1 Occurrence0.7.0
MIT
pypiantlr4-python3-runtimepypi:antlr4-python3-runtime
1 Occurrence4.9.3
non-standard
pypianyiopypi:anyio
1 Occurrence4.11.0
MIT
pypiargillapypi:argilla
1 Occurrence2.8.0
Apache-2.0
pypiattrspypi:attrs
1 Occurrence25.4.0
MIT
pypibeautifulsoup4pypi:beautifulsoup4
1 Occurrence4.14.2
MIT
pypicachetoolspypi:cachetools
1 Occurrence6.2.2
MIT
pypicfgvpypi:cfgv
1 Occurrence3.4.0
MIT
pypicharset-normalizerpypi:charset-normalizer
1 Occurrence3.4.4
MIT
pypicoloramapypi:colorama
1 Occurrence0.4.6
non-standard
pypidataclasses-jsonpypi:dataclasses-json
1 Occurrence0.6.7
MIT
pypideprecatedpypi:deprecated
1 Occurrence1.3.1
MIT
pypidillpypi:dill
1 Occurrence0.4.0
BSD-3-Clause
pypidirtyjsonpypi:dirtyjson
1 Occurrence1.0.8
MIT
pypidistlibpypi:distlib
1 Occurrence0.4.0
PSF-2.0
pypidistropypi:distro
1 Occurrence1.9.0
Apache-2.0
pypieinopspypi:einops
1 Occurrence0.8.1
MIT
pypifiletypepypi:filetype
1 Occurrence1.2.0
MIT
pypifrozenlistpypi:frozenlist
1 Occurrence1.8.0
Apache-2.0
pypifsspecpypi:fsspec
1 Occurrence2025.10.0
BSD-3-Clause · non-standard
pypiftfypypi:ftfy
1 Occurrence6.3.1
Apache-2.0
pypigoogle-authpypi:google-auth
1 Occurrence2.43.0
Apache-2.0
pypigoogle-genaipypi:google-genai
1 Occurrence1.50.1
Apache-2.0
pypigreenletpypi:greenlet
1 Occurrence3.2.4
MIT · MIT AND PSF-2.0 · MIT AND Python-2.0
pypigriffepypi:griffe
1 Occurrence1.15.0
ISC
pypigrpciopypi:grpcio
1 Occurrence1.76.0
Apache-2.0
pypihf-xetpypi:hf-xet
1 Occurrence1.2.0
Apache-2.0
pypihttpcorepypi:httpcore
1 Occurrence1.0.9
BSD-3-Clause
pypihttpxpypi:httpx
1 Occurrence0.28.1
BSD-3-Clause
pypihuggingface-hubpypi:huggingface-hub
1 Occurrence0.36.0
Apache-2.0 · non-standard
pypihydra-corepypi:hydra-core
1 Occurrence1.3.2
MIT
pypiidentifypypi:identify
1 Occurrence2.6.15
MIT
pypijiterpypi:jiter
1 Occurrence0.12.0
MIT
pypijoblibpypi:joblib
1 Occurrence1.5.2
BSD-3-Clause
pypillama-index-embeddings-openaipypi:llama-index-embeddings-openai
1 Occurrence0.5.1
MIT
pypillama-index-instrumentationpypi:llama-index-instrumentation
1 Occurrence0.4.2
MIT
pypillama-index-workflowspypi:llama-index-workflows
1 Occurrence2.11.1
MIT
pypimarkdown-it-pypypi:markdown-it-py
1 Occurrence4.0.0
MIT
pypimarkdown2pypi:markdown2
1 Occurrence2.5.4
MIT
pypimarkdownifypypi:markdownify
1 Occurrence1.2.2
MIT
pypimarker-pdfpypi:marker-pdf
1 Occurrence1.10.1
GPL-3.0-or-later
pypimarkupsafepypi:markupsafe
1 Occurrence3.0.3
BSD-3-Clause · non-standard
pypimdurlpypi:mdurl
1 Occurrence0.1.2
MIT
pypimilvus-litepypi:milvus-lite
1 Occurrence2.5.1
Not reported
pypimpmathpypi:mpmath
1 Occurrence1.3.0
non-standard
pypimultidictpypi:multidict
1 Occurrence6.7.0
Apache-2.0
pypimultiprocesspypi:multiprocess
1 Occurrence0.70.18
BSD-3-Clause
pypimypy-extensionspypi:mypy-extensions
1 Occurrence1.1.0
MIT
pypinest-asynciopypi:nest-asyncio
1 Occurrence1.6.0
non-standard
pypinetworkxpypi:networkx
1 Occurrence3.5
BSD-3-Clause · non-standard
pypinodeenvpypi:nodeenv
1 Occurrence1.9.1
non-standard
pypinumpypypi:numpy
1 Occurrence2.3.5
0BSD AND BSD-3-Clause AND CC0-1.0 AND MIT AND Zlib · non-standard
pypinvidia-cublas-cu12pypi:nvidia-cublas-cu12
1 Occurrence12.8.4.1
non-standard
pypinvidia-cuda-cupti-cu12pypi:nvidia-cuda-cupti-cu12
1 Occurrence12.8.90
non-standard
pypinvidia-cuda-nvrtc-cu12pypi:nvidia-cuda-nvrtc-cu12
1 Occurrence12.8.93
non-standard
pypinvidia-cuda-runtime-cu12pypi:nvidia-cuda-runtime-cu12
1 Occurrence12.8.90
non-standard
pypinvidia-cudnn-cu12pypi:nvidia-cudnn-cu12
1 Occurrence9.10.2.21
non-standard
pypinvidia-cufft-cu12pypi:nvidia-cufft-cu12
1 Occurrence11.3.3.83
non-standard
pypinvidia-cufile-cu12pypi:nvidia-cufile-cu12
1 Occurrence1.13.1.3
non-standard
pypinvidia-curand-cu12pypi:nvidia-curand-cu12
1 Occurrence10.3.9.90
non-standard
pypinvidia-cusolver-cu12pypi:nvidia-cusolver-cu12
1 Occurrence11.7.3.90
non-standard
pypinvidia-cusparse-cu12pypi:nvidia-cusparse-cu12
1 Occurrence12.5.8.93
non-standard
pypinvidia-cusparselt-cu12pypi:nvidia-cusparselt-cu12
1 Occurrence0.7.1
non-standard
pypinvidia-nccl-cu12pypi:nvidia-nccl-cu12
1 Occurrence2.27.5
BSD-3-Clause · non-standard
pypinvidia-nvjitlink-cu12pypi:nvidia-nvjitlink-cu12
1 Occurrence12.8.93
non-standard
pypinvidia-nvshmem-cu12pypi:nvidia-nvshmem-cu12
1 Occurrence3.3.20
BSD-3-Clause · non-standard
pypinvidia-nvtx-cu12pypi:nvidia-nvtx-cu12
1 Occurrence12.8.90
Apache-2.0 · non-standard
pypiomegaconfpypi:omegaconf
1 Occurrence2.3.0
BSD-3-Clause
pypiopencv-python-headlesspypi:opencv-python-headless
1 Occurrence4.11.0.86
Apache-2.0
pypipackagingpypi:packaging
1 Occurrence25.0
Apache-2.0 OR BSD-2-Clause · non-standard
pypipandaspypi:pandas
1 Occurrence2.3.3
non-standard
pypipdftextpypi:pdftext
1 Occurrence0.6.3
Apache-2.0
pypipikepdfpypi:pikepdf
1 Occurrence10.0.2
MPL-2.0
pypiplatformdirspypi:platformdirs
1 Occurrence4.5.0
MIT
pypipre-commitpypi:pre-commit
1 Occurrence4.4.0
MIT
pypipropcachepypi:propcache
1 Occurrence0.4.1
Apache-2.0
pypipyasn1-modulespypi:pyasn1-modules
1 Occurrence0.4.2
non-standard
pypipydanticpypi:pydantic
1 Occurrence2.12.4
MIT
pypipydantic-corepypi:pydantic-core
1 Occurrence2.41.5
MIT

This page displays 120 of 150 ordered rows. The machine-readable dossier retains the complete exact projection.

OSV

Related OSV records

GHSA-248v-346w-9cwc

Certifi removes GLOBALTRUST root certificate

1 repository10 Jun 2026
GHSA-29pf-2h5f-8g72

HuggingFace transformers vulnerable to remote code execution

8 repositories13 Jul 2026
GHSA-2fqr-mr3j-6wp8

aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence

9 repositories13 Jul 2026
GHSA-2vrm-gr82-f7m5

AIOHTTP has CRLF injection through multipart part content type header construction

9 repositories13 Jul 2026
GHSA-2wc2-fm75-p42x

Soup Sieve has Memory Exhaustion via Large Comma-Separated Selector Lists

4 repositories13 Jul 2026
GHSA-2xpw-w6gg-jr37

urllib3 streaming API improperly handles highly compressed data

13 repositories07 Jul 2026
GHSA-3749-ghw9-m3mg

PyTorch susceptible to local Denial of Service

3 repositories10 Jun 2026
GHSA-37mw-44qp-f5jm

Transformers is vulnerable to ReDoS attack through its DonutProcessor class

2 repositories07 Jul 2026
GHSA-38jv-5279-wg99

Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)

13 repositories07 Jul 2026
GHSA-3wq7-rqq7-wx6j

AIOHTTP has late size enforcement for non-file multipart fields causes memory DoS

9 repositories13 Jul 2026
GHSA-428g-f7cq-pgp5

Marshmallow has DoS in Schema.load(many)

2 repositories07 Jul 2026
GHSA-469j-vmhf-r6v7

NLTK has a Downloader Path Traversal Vulnerability (AFO) - Arbitrary File Overwrite

3 repositories13 Jul 2026
GHSA-48p4-8xcf-vxj5

urllib3 does not control redirects in browsers and Node.js

7 repositories07 Jul 2026
GHSA-4fvr-rgm6-gqmc

aiohttp: HTTP/1 Pipelined Requests Queue Without Limit

9 repositories13 Jul 2026
GHSA-4m7w-qmgq-4wj5

aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections

9 repositories27 Jun 2026
GHSA-4w7r-h757-3r74

Hugging Face Transformers vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer

2 repositories07 Jul 2026
GHSA-4xgf-cpjx-pc3j

pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size

2 repositories08 Jul 2026
GHSA-5239-wwwm-4pmq

Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching

13 repositories13 Jul 2026
GHSA-53q9-r3pm-6pq6

PyTorch: `torch.load` with `weights_only=True` leads to remote code execution

1 repository04 Feb 2026
GHSA-54jq-c3m8-4m76

AIOHTTP vulnerable to brute-force leak of internal static file path components

7 repositories07 Jul 2026
GHSA-597g-3phw-6986

virtualenv Has TOCTOU Vulnerabilities in Directory Creation

6 repositories07 Jul 2026
GHSA-59p9-h35m-wg4g

Hugging Face Transformers is vulnerable to ReDoS through its MarianTokenizer

2 repositories07 Jul 2026
GHSA-5rjg-fvgr-3xxf

setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write

2 repositories11 May 2026
GHSA-5wmx-573v-2qwq

Python-Markdown has an Uncaught Exception

2 repositories10 Jun 2026
GHSA-5xmw-vc9v-4wf2

Pillow has a heap buffer overflow with nested list coordinates

10 repositories13 Jul 2026
GHSA-63hf-3vf5-4wqf

AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header injection/security bypass

9 repositories16 Jul 2026
GHSA-63hw-fmq6-xxg2

aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines

9 repositories13 Jul 2026
GHSA-63vm-454h-vhhq

pyasn1 has a DoS vulnerability in decoder

7 repositories07 Jul 2026
GHSA-65pc-fj4g-8rjx

Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix

17 repositories08 Jul 2026
GHSA-68j8-pq59-fqgm

NLTK has a Path Traversal issue

3 repositories10 Jun 2026
GHSA-69f9-5gxw-wvc2

AIOHTTP's unicode processing of header values could cause parsing discrepancies

7 repositories07 Jul 2026
GHSA-69w3-r845-3855

HuggingFace Transformers allows for arbitrary code execution in the `Trainer` class

8 repositories13 Jul 2026
GHSA-6jhg-hg63-jvvf

AIOHTTP vulnerable to denial of service through large payloads

7 repositories07 Jul 2026
GHSA-6mq8-rvhq-8wgg

AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb

7 repositories07 Jul 2026
GHSA-6rvg-6v2m-4j46

Transformers Regular Expression Denial of Service (ReDoS) vulnerability

1 repository07 Jul 2026
GHSA-7gcm-g887-7qv7

protobuf affected by a JSON recursion depth bypass

10 repositories07 Jul 2026
GHSA-7p94-766c-hgjp

NLTK has a Zip Slip Vulnerability

3 repositories10 Jun 2026
GHSA-836r-79rf-4m37

Soup Sieve: Regular Expression Denial of Service (ReDoS) via Selector Parser

4 repositories13 Jul 2026
GHSA-887c-mr87-cxwp

PyTorch Improper Resource Shutdown or Release vulnerability

7 repositories14 Jul 2026
GHSA-8qvm-5x2c-j2w7

protobuf-python has a potential Denial of Service issue

3 repositories07 Jul 2026
GHSA-9356-575x-2w9m

Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability

2 repositories07 Jul 2026
GHSA-9548-qrrj-x5pj

AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections

4 repositories07 Jul 2026
GHSA-966j-vmvw-g2g9

AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect

9 repositories13 Jul 2026
GHSA-9hjg-9r4m-mvj7

Requests vulnerable to .netrc credentials leak via malicious URLs

7 repositories07 Jul 2026
GHSA-9wx4-h78v-vm56

Requests `Session` object does not verify requests after making first request with verify=False

1 repository07 Jul 2026
GHSA-9x8q-7h8h-wcw9

aiohttp: Payload Response Resources Are Not Closed After Mid-Body Disconnect

9 repositories13 Jul 2026
GHSA-c427-h43c-vf67

AIOHTTP accepts duplicate Host headers

9 repositories13 Jul 2026
GHSA-c678-jfcj-6jmf

PyTorch Tuple Handler is Vulnerable to Memory Corruption through Manipulation of None Argument

2 repositories09 Jun 2026
Interpretation boundary

Exact identities in, explicit limits out

The collector reads bounded lockfiles, SBOMs and exact double-equals pins at one immutable commit. Version ranges are never resolved by assumption.

Retrieval, parsing, matching and publishing use no generative AI model.

i6eal (2026): Retrieval Evaluation — exact AI dependency evidence dossier, data state 19 Jul 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/repository/opencode-7811/

Reading this dossier

Does this repository dossier prove deployment?
No. It documents dependencies published at one observed commit, not a deployed environment.
Why are exact versions required?
OSV and registry metadata can be linked reproducibly only to an observed package@version tuple. The collector never substitutes a newest release for a range.
Does a missing row mean the dependency is absent?
No. It means not observed within the bounded files and repository checkpoint. Incomplete trees and parser failures remain explicit.

Need a permanent dependency evidence trail for another public code cohort?

We build source-backed data products with stable identities, reproducible joins and boundaries that remain visible.

Discuss a data projectExplore all tools