← Back to the AI Dependency AtlasExact repository supply-chain dossier

F13-RAG

landeshauptstadt-muenchen/f-13-rag
pypi

This dossier retains 29 exact component occurrences from 5 published evidence files at one immutable repository commit.

opencode:8712ddae51bb41a0project ID + commit SHA + exact evidence path

Published dependency evidence does not prove deployment, productive use, procurement or runtime reachability.

project ID + commit SHA + exact evidence path
29exact component occurrences
7package identities
5evidence files
48OSV records returned
Exact published evidence

Files that resolve this repository’s dependencies

Every file remains tied to the observed commit. A parse error stays visible and never becomes a zero.

Evidence pathrequirements-dev.txt
Format
exact-manifest-pin
Parser state
parsed
Resolved components
7
Open exact source ↗
Evidence pathrequirements-gpu.in
Format
exact-manifest-pin
Parser state
parsed
Resolved components
1
Open exact source ↗
Evidence pathrequirements-gpu.txt
Format
exact-manifest-pin
Parser state
parsed
Resolved components
7
Open exact source ↗
Evidence pathrequirements-testing.txt
Format
exact-manifest-pin
Parser state
parsed
Resolved components
7
Open exact source ↗
Evidence pathrequirements.txt
Format
exact-manifest-pin
Parser state
parsed
Resolved components
7
Open exact source ↗
Observed relations

Package identities at this commit

pypiTransformerspypi:transformers
4 Occurrences4.57.3
Apache-2.025 OSV records returned
pypiPyTorchpypi:torch
5 Occurrences2.7.1 · 2.9.1+cpu
BSD-3-Clause23 OSV records returned
pypiOpenAI SDKpypi:openai
4 Occurrences2.12.0
Apache-2.0
pypiSentence Transformerspypi:sentence-transformers
4 Occurrences5.2.0
Apache-2.0
pypiAcceleratepypi:accelerate
4 Occurrences1.12.0
non-standard
pypiHugging Face Tokenizerspypi:tokenizers
4 Occurrences0.22.1
non-standard
pypiscikit-learnpypi:scikit-learn
4 Occurrences1.8.0
BSD-3-Clause · non-standard
OSV

Related OSV records

GHSA-29pf-2h5f-8g72

HuggingFace transformers vulnerable to remote code execution

8 repositories13 Jul 2026
GHSA-3749-ghw9-m3mg

PyTorch susceptible to local Denial of Service

3 repositories10 Jun 2026
GHSA-37mw-44qp-f5jm

Transformers is vulnerable to ReDoS attack through its DonutProcessor class

2 repositories07 Jul 2026
GHSA-4w7r-h757-3r74

Hugging Face Transformers vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer

2 repositories07 Jul 2026
GHSA-53q9-r3pm-6pq6

PyTorch: `torch.load` with `weights_only=True` leads to remote code execution

1 repository04 Feb 2026
GHSA-59p9-h35m-wg4g

Hugging Face Transformers is vulnerable to ReDoS through its MarianTokenizer

2 repositories07 Jul 2026
GHSA-69w3-r845-3855

HuggingFace Transformers allows for arbitrary code execution in the `Trainer` class

8 repositories13 Jul 2026
GHSA-6rvg-6v2m-4j46

Transformers Regular Expression Denial of Service (ReDoS) vulnerability

1 repository07 Jul 2026
GHSA-887c-mr87-cxwp

PyTorch Improper Resource Shutdown or Release vulnerability

7 repositories14 Jul 2026
GHSA-9356-575x-2w9m

Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability

2 repositories07 Jul 2026
GHSA-c678-jfcj-6jmf

PyTorch Tuple Handler is Vulnerable to Memory Corruption through Manipulation of None Argument

2 repositories09 Jun 2026
GHSA-f4hp-rmr7-r7v8

PyTorch is Vulnerable to Memory Consumption through pad_packed_sequence Function

2 repositories10 Jun 2026
GHSA-fgcw-684q-jj6r

huggingface/transformers: Arbitrary Code Execution During Model Initialization in the LightGlue Model Loading Path

8 repositories17 Jul 2026
GHSA-fpwr-67px-3qhx

Transformers Regular Expression Denial of Service (ReDoS) vulnerability

1 repository07 Jul 2026
GHSA-hxxf-235m-72v3

Deserialization of Untrusted Data in Hugging Face Transformers

1 repository10 Jun 2026
GHSA-jjph-296x-mrcr

Transformers vulnerable to ReDoS attack through its get_imports() function

1 repository07 Jul 2026
GHSA-phhr-52qp-3mj4

Transformers's Improper Input Validation vulnerability can be exploited through username injection

2 repositories07 Jul 2026
GHSA-q2wp-rjmx-x6x9

Transformers's ReDoS vulnerability in get_configuration_file can lead to catastrophic backtracking

1 repository07 Jul 2026
GHSA-qfhq-4f3w-5fph

PyTorch is vulnerable to memory corruption through its torch.lstm_cell function

9 repositories10 Jun 2026
GHSA-qq3j-4f4f-9583

Hugging Face Transformers Regular Expression Denial of Service

1 repository10 Jun 2026
GHSA-qxrp-vhvm-j765

Deserialization of Untrusted Data in Hugging Face Transformers

1 repository10 Jun 2026
GHSA-rcv9-qm8p-9p6j

Hugging Face Transformers library has Regular Expression Denial of Service

2 repositories07 Jul 2026
GHSA-rrmf-rvhw-rf47

PyTorch is vulnerable to memory corruption through its torch.jit.script function

10 repositories17 Jul 2026
GHSA-vgrw-7cvw-pwgx

PyTorch is vulnerable to memory corruption through its unpack_sequence function

8 repositories10 Jun 2026
GHSA-wrfc-pvp9-mr9g

Deserialization of Untrusted Data in Hugging Face Transformers

1 repository10 Jun 2026
GHSA-x3gm-94wq-g975

PyTorch: Manipulation of the argument scale/zero_point leads to improper initialization via Quantized Sigmoid Module

2 repositories10 Jun 2026
PYSEC-2025-198

Not reported

2 repositories20 May 2026
PYSEC-2025-199

Not reported

1 repository20 May 2026
PYSEC-2025-200

Not reported

1 repository20 May 2026
PYSEC-2025-201

Not reported

1 repository20 May 2026
PYSEC-2025-202

Not reported

1 repository20 May 2026
PYSEC-2025-203

Not reported

8 repositories20 May 2026
PYSEC-2025-204

Not reported

8 repositories20 May 2026
PYSEC-2025-205

Not reported

3 repositories20 May 2026
PYSEC-2025-206

Not reported

8 repositories20 May 2026
PYSEC-2025-207

Not reported

3 repositories20 May 2026
PYSEC-2025-208

Not reported

3 repositories20 May 2026
PYSEC-2025-209

Not reported

3 repositories20 May 2026
PYSEC-2025-211

Not reported

3 repositories21 May 2026
PYSEC-2025-212

Not reported

3 repositories21 May 2026
PYSEC-2025-213

Not reported

3 repositories21 May 2026
PYSEC-2025-214

Not reported

3 repositories21 May 2026
PYSEC-2025-215

Not reported

3 repositories21 May 2026
PYSEC-2025-216

Not reported

3 repositories21 May 2026
PYSEC-2025-217

Not reported

8 repositories21 May 2026
PYSEC-2025-218

Not reported

5 repositories21 May 2026
PYSEC-2026-139

Not reported

10 repositories21 May 2026
PYSEC-2026-2286

Not reported

9 repositories13 Jul 2026
Interpretation boundary

Exact identities in, explicit limits out

The collector reads bounded lockfiles, SBOMs and exact double-equals pins at one immutable commit. Version ranges are never resolved by assumption.

Retrieval, parsing, matching and publishing use no generative AI model.

i6eal (2026): F13-RAG — exact AI dependency evidence dossier, data state 19 Jul 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/repository/opencode-8712/

Reading this dossier

Does this repository dossier prove deployment?
No. It documents dependencies published at one observed commit, not a deployed environment.
Why are exact versions required?
OSV and registry metadata can be linked reproducibly only to an observed package@version tuple. The collector never substitutes a newest release for a range.
Does a missing row mean the dependency is absent?
No. It means not observed within the bounded files and repository checkpoint. Incomplete trees and parser failures remain explicit.

Need a permanent dependency evidence trail for another public code cohort?

We build source-backed data products with stable identities, reproducible joins and boundaries that remain visible.

Discuss a data projectExplore all tools