landeshauptstadt-muenchen/f-13-ragThis dossier retains 29 exact component occurrences from 5 published evidence files at one immutable repository commit.
Published dependency evidence does not prove deployment, productive use, procurement or runtime reachability.
project ID + commit SHA + exact evidence pathEvery file remains tied to the observed commit. A parse error stays visible and never becomes a zero.
pypi:transformers4.57.325 OSV records returnedpypi:torch2.7.1 · 2.9.1+cpu23 OSV records returnedpypi:openai2.12.0pypi:sentence-transformers5.2.0pypi:accelerate1.12.0pypi:tokenizers0.22.1pypi:scikit-learn1.8.0HuggingFace transformers vulnerable to remote code execution
13 Jul 2026PyTorch susceptible to local Denial of Service
10 Jun 2026Transformers is vulnerable to ReDoS attack through its DonutProcessor class
07 Jul 2026Hugging Face Transformers vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer
07 Jul 2026PyTorch: `torch.load` with `weights_only=True` leads to remote code execution
04 Feb 2026Hugging Face Transformers is vulnerable to ReDoS through its MarianTokenizer
07 Jul 2026HuggingFace Transformers allows for arbitrary code execution in the `Trainer` class
13 Jul 2026Transformers Regular Expression Denial of Service (ReDoS) vulnerability
07 Jul 2026PyTorch Improper Resource Shutdown or Release vulnerability
14 Jul 2026Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability
07 Jul 2026PyTorch Tuple Handler is Vulnerable to Memory Corruption through Manipulation of None Argument
09 Jun 2026PyTorch is Vulnerable to Memory Consumption through pad_packed_sequence Function
10 Jun 2026huggingface/transformers: Arbitrary Code Execution During Model Initialization in the LightGlue Model Loading Path
17 Jul 2026Transformers Regular Expression Denial of Service (ReDoS) vulnerability
07 Jul 2026Deserialization of Untrusted Data in Hugging Face Transformers
10 Jun 2026Transformers vulnerable to ReDoS attack through its get_imports() function
07 Jul 2026Transformers's Improper Input Validation vulnerability can be exploited through username injection
07 Jul 2026Transformers's ReDoS vulnerability in get_configuration_file can lead to catastrophic backtracking
07 Jul 2026PyTorch is vulnerable to memory corruption through its torch.lstm_cell function
10 Jun 2026Hugging Face Transformers Regular Expression Denial of Service
10 Jun 2026Deserialization of Untrusted Data in Hugging Face Transformers
10 Jun 2026Hugging Face Transformers library has Regular Expression Denial of Service
07 Jul 2026PyTorch is vulnerable to memory corruption through its torch.jit.script function
17 Jul 2026PyTorch is vulnerable to memory corruption through its unpack_sequence function
10 Jun 2026Deserialization of Untrusted Data in Hugging Face Transformers
10 Jun 2026PyTorch: Manipulation of the argument scale/zero_point leads to improper initialization via Quantized Sigmoid Module
10 Jun 2026Not reported
20 May 2026Not reported
20 May 2026Not reported
20 May 2026Not reported
20 May 2026Not reported
20 May 2026Not reported
20 May 2026Not reported
20 May 2026Not reported
20 May 2026Not reported
20 May 2026Not reported
20 May 2026Not reported
20 May 2026Not reported
20 May 2026Not reported
21 May 2026Not reported
21 May 2026Not reported
21 May 2026Not reported
21 May 2026Not reported
21 May 2026Not reported
21 May 2026Not reported
21 May 2026Not reported
21 May 2026Not reported
21 May 2026Not reported
13 Jul 2026The collector reads bounded lockfiles, SBOMs and exact double-equals pins at one immutable commit. Version ranges are never resolved by assumption.
Retrieval, parsing, matching and publishing use no generative AI model.i6eal (2026): F13-RAG — exact AI dependency evidence dossier, data state 19 Jul 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/repository/opencode-8712/
We build source-backed data products with stable identities, reproducible joins and boundaries that remain visible.
These tools complement the current result.