← Back to the AI Dependency AtlasExact repository supply-chain dossier

ai-websearch-benchmark

datenlabor-bmz/ai-websearch-benchmark
pypi

This dossier retains 65 exact component occurrences from 1 published evidence files at one immutable repository commit.

opencode:8742cd6b854b1b40project ID + commit SHA + exact evidence path

Published dependency evidence does not prove deployment, productive use, procurement or runtime reachability.

project ID + commit SHA + exact evidence path
65exact component occurrences
65package identities
1evidence file
69OSV records returned
Exact published evidence

Files that resolve this repository’s dependencies

Every file remains tied to the observed commit. A parse error stays visible and never becomes a zero.

Evidence pathuv.locksha256:b8f9651f03205e9719be196d83af006415043f761f2f02bcde0cac7b36f8dca7
Format
uv-lock
Parser state
parsed
Resolved components
65
Open exact source ↗
Observed relations

Package identities at this commit

pypiLangChain Corepypi:langchain-core
1 Occurrence1.2.7
MIT7 OSV records returned
pypiLangChain Communitypypi:langchain-community
1 Occurrence0.4.1
MIT4 OSV records returned
pypiLangChainpypi:langchain
1 Occurrence1.2.6
MIT3 OSV records returned
pypiLangGraphpypi:langgraph
1 Occurrence1.0.6
MIT2 OSV records returned
pypiLangChain OpenAIpypi:langchain-openai
1 Occurrence1.1.7
MIT1 OSV record returned
pypiOpenAI SDKpypi:openai
1 Occurrence2.15.0
Apache-2.0
pypiLangChain · Linkuppypi:langchain-linkup
1 Occurrence0.1.7
MIT
pypiLangChain · Tavilypypi:langchain-tavily
1 Occurrence0.2.17
MIT
pypitiktokenpypi:tiktoken
1 Occurrence0.12.0
non-standard
pypiaiohttppypi:aiohttp
1 Occurrence3.13.3
Apache-2.0 · Apache-2.0 AND MIT30 OSV records returned
pypiurllib3pypi:urllib3
1 Occurrence2.6.3
MIT7 OSV records returned
pypilangsmithpypi:langsmith
1 Occurrence0.6.4
MIT3 OSV records returned
pypirequestspypi:requests
1 Occurrence2.32.5
Apache-2.03 OSV records returned
pypicertifipypi:certifi
1 Occurrence2026.1.4
MPL-2.01 OSV record returned
pypih11pypi:h11
1 Occurrence0.16.0
MIT1 OSV record returned
pypiidnapypi:idna
1 Occurrence3.11
BSD-3-Clause · non-standard1 OSV record returned
pypilangchain-classicpypi:langchain-classic
1 Occurrence1.0.1
MIT1 OSV record returned
pypilangchain-text-splitterspypi:langchain-text-splitters
1 Occurrence1.1.0
MIT1 OSV record returned
pypilanggraph-checkpointpypi:langgraph-checkpoint
1 Occurrence4.0.0
MIT1 OSV record returned
pypilanggraph-sdkpypi:langgraph-sdk
1 Occurrence0.3.3
MIT1 OSV record returned
pypimarshmallowpypi:marshmallow
1 Occurrence3.26.2
MIT1 OSV record returned
pypiorjsonpypi:orjson
1 Occurrence3.11.5
Apache-2.0 OR MIT · MPL-2.0 AND (Apache-2.0 OR MIT)1 OSV record returned
pypipydantic-settingspypi:pydantic-settings
1 Occurrence2.12.0
MIT1 OSV record returned
pypipython-dotenvpypi:python-dotenv
1 Occurrence1.2.1
BSD-3-Clause1 OSV record returned
pypitqdmpypi:tqdm
1 Occurrence4.67.1
MIT AND MPL-2.01 OSV record returned
pypiaiohappyeyeballspypi:aiohappyeyeballs
1 Occurrence2.6.1
PSF-2.0
pypiaiosignalpypi:aiosignal
1 Occurrence1.4.0
Apache-2.0
pypiannotated-typespypi:annotated-types
1 Occurrence0.7.0
MIT
pypianyiopypi:anyio
1 Occurrence4.12.1
MIT
pypiattrspypi:attrs
1 Occurrence25.4.0
MIT
pypicharset-normalizerpypi:charset-normalizer
1 Occurrence3.4.4
MIT
pypicoloramapypi:colorama
1 Occurrence0.4.6
non-standard
pypidataclasses-jsonpypi:dataclasses-json
1 Occurrence0.6.7
MIT
pypidistropypi:distro
1 Occurrence1.9.0
Apache-2.0
pypifrozenlistpypi:frozenlist
1 Occurrence1.8.0
Apache-2.0
pypigreenletpypi:greenlet
1 Occurrence3.3.0
MIT · MIT AND PSF-2.0 · MIT AND Python-2.0
pypihttpcorepypi:httpcore
1 Occurrence1.0.9
BSD-3-Clause
pypihttpxpypi:httpx
1 Occurrence0.28.1
BSD-3-Clause
pypihttpx-ssepypi:httpx-sse
1 Occurrence0.4.3
MIT
pypijiterpypi:jiter
1 Occurrence0.12.0
MIT
pypijsonpatchpypi:jsonpatch
1 Occurrence1.33
non-standard
pypijsonpointerpypi:jsonpointer
1 Occurrence3.0.0
non-standard
pypilanggraph-prebuiltpypi:langgraph-prebuilt
1 Occurrence1.0.6
MIT
pypilinkup-sdkpypi:linkup-sdk
1 Occurrence0.12.0
MIT
pypimultidictpypi:multidict
1 Occurrence6.7.0
Apache-2.0
pypimypy-extensionspypi:mypy-extensions
1 Occurrence1.1.0
MIT
pypinumpypypi:numpy
1 Occurrence2.4.1
0BSD AND BSD-3-Clause AND CC0-1.0 AND MIT AND Zlib · non-standard
pypiormsgpackpypi:ormsgpack
1 Occurrence1.12.2
Apache-2.0 OR MIT
pypipackagingpypi:packaging
1 Occurrence25.0
Apache-2.0 OR BSD-2-Clause · non-standard
pypipropcachepypi:propcache
1 Occurrence0.4.1
Apache-2.0
pypipydanticpypi:pydantic
1 Occurrence2.12.5
MIT
pypipydantic-corepypi:pydantic-core
1 Occurrence2.41.5
MIT
pypipyyamlpypi:pyyaml
1 Occurrence6.0.3
MIT
pypiregexpypi:regex
1 Occurrence2026.1.15
Apache-2.0 AND CNRI-Python · non-standard
pypirequests-toolbeltpypi:requests-toolbelt
1 Occurrence1.0.0
Apache-2.0
pypisniffiopypi:sniffio
1 Occurrence1.3.1
Apache-2.0 OR MIT
pypisqlalchemypypi:sqlalchemy
1 Occurrence2.0.46
MIT
pypitenacitypypi:tenacity
1 Occurrence9.1.2
Apache-2.0
pypityping-extensionspypi:typing-extensions
1 Occurrence4.15.0
PSF-2.0 · non-standard
pypityping-inspectpypi:typing-inspect
1 Occurrence0.9.0
MIT
pypityping-inspectionpypi:typing-inspection
1 Occurrence0.4.2
MIT
pypiuuid-utilspypi:uuid-utils
1 Occurrence0.14.0
BSD-3-Clause · non-standard
pypixxhashpypi:xxhash
1 Occurrence3.6.0
non-standard
pypiyarlpypi:yarl
1 Occurrence1.22.0
Apache-2.0
pypizstandardpypi:zstandard
1 Occurrence0.25.0
BSD-3-Clause
OSV

Related OSV records

GHSA-248v-346w-9cwc

Certifi removes GLOBALTRUST root certificate

1 repository10 Jun 2026
GHSA-2fqr-mr3j-6wp8

aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence

9 repositories13 Jul 2026
GHSA-2g6r-c272-w58r

LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages

2 repositories13 Jul 2026
GHSA-2vrm-gr82-f7m5

AIOHTTP has CRLF injection through multipart part content type header construction

9 repositories13 Jul 2026
GHSA-2xpw-w6gg-jr37

urllib3 streaming API improperly handles highly compressed data

13 repositories07 Jul 2026
GHSA-3644-q5cj-c5c7

LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning

3 repositories13 Jul 2026
GHSA-38jv-5279-wg99

Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)

13 repositories07 Jul 2026
GHSA-3wq7-rqq7-wx6j

AIOHTTP has late size enforcement for non-file multipart fields causes memory DoS

9 repositories13 Jul 2026
GHSA-428g-f7cq-pgp5

Marshmallow has DoS in Schema.load(many)

2 repositories07 Jul 2026
GHSA-45pg-36p6-83v9

Langchain SQL Injection vulnerability

1 repository07 Jul 2026
GHSA-48p4-8xcf-vxj5

urllib3 does not control redirects in browsers and Node.js

7 repositories07 Jul 2026
GHSA-4fvr-rgm6-gqmc

aiohttp: HTTP/1 Pipelined Requests Queue Without Limit

9 repositories13 Jul 2026
GHSA-4m7w-qmgq-4wj5

aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections

9 repositories27 Jun 2026
GHSA-4xgf-cpjx-pc3j

pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size

2 repositories08 Jul 2026
GHSA-54jq-c3m8-4m76

AIOHTTP vulnerable to brute-force leak of internal static file path components

7 repositories07 Jul 2026
GHSA-5chr-fjjv-38qv

langchain-core allows unauthorized users to read arbitrary files from the host file system

1 repository07 Jul 2026
GHSA-63hf-3vf5-4wqf

AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header injection/security bypass

9 repositories16 Jul 2026
GHSA-63hw-fmq6-xxg2

aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines

9 repositories13 Jul 2026
GHSA-65pc-fj4g-8rjx

Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix

17 repositories08 Jul 2026
GHSA-69f9-5gxw-wvc2

AIOHTTP's unicode processing of header values could cause parsing discrepancies

7 repositories07 Jul 2026
GHSA-6jhg-hg63-jvvf

AIOHTTP vulnerable to denial of service through large payloads

7 repositories07 Jul 2026
GHSA-6mq8-rvhq-8wgg

AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb

7 repositories07 Jul 2026
GHSA-6qv9-48xg-fc7f

LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates

1 repository07 Jul 2026
GHSA-926x-3r5x-gfhw

LangChain has incomplete f-string validation in prompt templates

2 repositories13 Jul 2026
GHSA-9548-qrrj-x5pj

AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections

4 repositories07 Jul 2026
GHSA-966j-vmvw-g2g9

AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect

9 repositories13 Jul 2026
GHSA-9hjg-9r4m-mvj7

Requests vulnerable to .netrc credentials leak via malicious URLs

7 repositories07 Jul 2026
GHSA-9wx4-h78v-vm56

Requests `Session` object does not verify requests after making first request with verify=False

1 repository07 Jul 2026
GHSA-9x8q-7h8h-wcw9

aiohttp: Payload Response Resources Are Not Closed After Mid-Body Disconnect

9 repositories13 Jul 2026
GHSA-c427-h43c-vf67

AIOHTTP accepts duplicate Host headers

9 repositories13 Jul 2026
GHSA-c67j-w6g6-q2cm

LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs

1 repository02 Jul 2026
GHSA-f4xh-w4cj-qxq8

LangSmith SDK TracingMiddleware: Arbitrary server-side file read

1 repository08 Jul 2026
GHSA-fh55-r93g-j68g

AIOHTTP Vulnerable to Cookie Parser Warning Storm

7 repositories07 Jul 2026
GHSA-fjqc-hq36-qh5p

LangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loading

1 repository13 Jul 2026
GHSA-fv5p-p927-qmxr

LangChain Text Splitters: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass

1 repository06 Jun 2026
GHSA-g3cq-j2xw-wf74

aiohttp: Unread Compressed Request Bodies Bypass client_max_size During Cleanup

9 repositories13 Jul 2026
GHSA-g48c-2wqr-h844

LangGraph checkpoint loading has unsafe msgpack deserialization

3 repositories06 Jun 2026
GHSA-g7vv-2v7x-gj9p

tqdm CLI arguments injection attack

1 repository07 Jul 2026
GHSA-g84x-mcqj-x9qq

AIOHTTP vulnerable to DoS through chunked messages

7 repositories07 Jul 2026
GHSA-gc5v-m9x4-r6x2

Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

15 repositories13 Jul 2026
GHSA-gm62-xv2j-4w53

urllib3 allows an unbounded number of links in the decompression chain

13 repositories07 Jul 2026
GHSA-gr75-jv2w-4656

LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders

4 repositories13 Jul 2026
GHSA-hcc4-c3v8-rx92

AIOHTTP Affected by Denial of Service (DoS) via Unbounded DNS Cache in TCPConnector

9 repositories13 Jul 2026
GHSA-hg6j-4rv6-33pg

AIOHTTP is vulnerable to cross-origin redirect with per-request cookies

9 repositories13 Jul 2026
GHSA-hpj7-wq8m-9hgp

aiohttp: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges

9 repositories13 Jul 2026
GHSA-hx9q-6w63-j58v

orjson does not limit recursion for deeply nested JSON documents

4 repositories10 Jun 2026
GHSA-jg22-mg44-37j8

AIOHTTP is Vulnerable to Deserialization of Untrusted Data

9 repositories13 Jul 2026
GHSA-jj3x-wxrx-4x23

AIOHTTP vulnerable to DoS when bypassing asserts

7 repositories07 Jul 2026
Interpretation boundary

Exact identities in, explicit limits out

The collector reads bounded lockfiles, SBOMs and exact double-equals pins at one immutable commit. Version ranges are never resolved by assumption.

Retrieval, parsing, matching and publishing use no generative AI model.

i6eal (2026): ai-websearch-benchmark — exact AI dependency evidence dossier, data state 19 Jul 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/repository/opencode-8742/

Reading this dossier

Does this repository dossier prove deployment?
No. It documents dependencies published at one observed commit, not a deployed environment.
Why are exact versions required?
OSV and registry metadata can be linked reproducibly only to an observed package@version tuple. The collector never substitutes a newest release for a range.
Does a missing row mean the dependency is absent?
No. It means not observed within the bounded files and repository checkpoint. Incomplete trees and parser failures remain explicit.

Need a permanent dependency evidence trail for another public code cohort?

We build source-backed data products with stable identities, reproducible joins and boundaries that remain visible.

Discuss a data projectExplore all tools