← Back to the AI Dependency AtlasExact repository supply-chain dossier

density-maps

uba-ki-lab/density-maps
pypi

This dossier retains 66 exact component occurrences from 1 published evidence files at one immutable repository commit.

opencode:99981da30304236dproject ID + commit SHA + exact evidence path

Published dependency evidence does not prove deployment, productive use, procurement or runtime reachability.

project ID + commit SHA + exact evidence path
66exact component occurrences
66package identities
1evidence file
81OSV records returned
Exact published evidence

Files that resolve this repository’s dependencies

Every file remains tied to the observed commit. A parse error stays visible and never becomes a zero.

Evidence pathuv.locksha256:a3585500d962f78bc6cb14fec81c1117e03be3b4ca8961149d10c8a44c3682ed
Format
uv-lock
Parser state
parsed
Resolved components
66
Open exact source ↗
Observed relations

Package identities at this commit

pypiPyTorchpypi:torch
1 Occurrence2.10.0
BSD-3-Clause23 OSV records returned
pypiaiohttppypi:aiohttp
1 Occurrence3.13.3
Apache-2.0 · Apache-2.0 AND MIT30 OSV records returned
pypipillowpypi:pillow
1 Occurrence12.1.1
HPND · MIT-CMU15 OSV records returned
pypijinja2pypi:jinja2
1 Occurrence3.1.6
BSD-3-Clause · non-standard4 OSV records returned
pypisetuptoolspypi:setuptools
1 Occurrence82.0.1
MIT3 OSV records returned
pypifilelockpypi:filelock
1 Occurrence3.25.2
MIT · Unlicense2 OSV records returned
pypiidnapypi:idna
1 Occurrence3.11
BSD-3-Clause · non-standard1 OSV record returned
pypipygmentspypi:pygments
1 Occurrence2.19.2
BSD-2-Clause1 OSV record returned
pypipytestpypi:pytest
1 Occurrence9.0.2
MIT1 OSV record returned
pypitqdmpypi:tqdm
1 Occurrence4.67.3
MIT AND MPL-2.01 OSV record returned
pypiaiohappyeyeballspypi:aiohappyeyeballs
1 Occurrence2.6.1
PSF-2.0
pypiaiosignalpypi:aiosignal
1 Occurrence1.4.0
Apache-2.0
pypialbucorepypi:albucore
1 Occurrence0.0.24
non-standard
pypialbumentationspypi:albumentations
1 Occurrence2.0.8
non-standard
pypiannotated-typespypi:annotated-types
1 Occurrence0.7.0
MIT
pypiattrspypi:attrs
1 Occurrence25.4.0
MIT
pypicoloramapypi:colorama
1 Occurrence0.4.6
non-standard
pypicoveragepypi:coverage
1 Occurrence7.13.4
Apache-2.0
pypicuda-bindingspypi:cuda-bindings
1 Occurrence12.9.4
non-standard
pypicuda-pathfinderpypi:cuda-pathfinder
1 Occurrence1.4.2
Apache-2.0
pypifrozenlistpypi:frozenlist
1 Occurrence1.8.0
Apache-2.0
pypifsspecpypi:fsspec
1 Occurrence2026.2.0
BSD-3-Clause · non-standard
pypiiniconfigpypi:iniconfig
1 Occurrence2.3.0
MIT
pypilightningpypi:lightning
1 Occurrence2.6.1
Apache-2.0
pypilightning-utilitiespypi:lightning-utilities
1 Occurrence0.15.3
Apache-2.0
pypimarkupsafepypi:markupsafe
1 Occurrence3.0.3
BSD-3-Clause · non-standard
pypimpmathpypi:mpmath
1 Occurrence1.3.0
non-standard
pypimultidictpypi:multidict
1 Occurrence6.7.1
Apache-2.0
pypinetworkxpypi:networkx
1 Occurrence3.6.1
BSD-3-Clause · non-standard
pypinumpypypi:numpy
1 Occurrence2.4.3
0BSD AND BSD-3-Clause AND CC0-1.0 AND MIT AND Zlib · non-standard
pypinvidia-cublas-cu12pypi:nvidia-cublas-cu12
1 Occurrence12.8.4.1
non-standard
pypinvidia-cuda-cupti-cu12pypi:nvidia-cuda-cupti-cu12
1 Occurrence12.8.90
non-standard
pypinvidia-cuda-nvrtc-cu12pypi:nvidia-cuda-nvrtc-cu12
1 Occurrence12.8.93
non-standard
pypinvidia-cuda-runtime-cu12pypi:nvidia-cuda-runtime-cu12
1 Occurrence12.8.90
non-standard
pypinvidia-cudnn-cu12pypi:nvidia-cudnn-cu12
1 Occurrence9.10.2.21
non-standard
pypinvidia-cufft-cu12pypi:nvidia-cufft-cu12
1 Occurrence11.3.3.83
non-standard
pypinvidia-cufile-cu12pypi:nvidia-cufile-cu12
1 Occurrence1.13.1.3
non-standard
pypinvidia-curand-cu12pypi:nvidia-curand-cu12
1 Occurrence10.3.9.90
non-standard
pypinvidia-cusolver-cu12pypi:nvidia-cusolver-cu12
1 Occurrence11.7.3.90
non-standard
pypinvidia-cusparse-cu12pypi:nvidia-cusparse-cu12
1 Occurrence12.5.8.93
non-standard
pypinvidia-cusparselt-cu12pypi:nvidia-cusparselt-cu12
1 Occurrence0.7.1
non-standard
pypinvidia-nccl-cu12pypi:nvidia-nccl-cu12
1 Occurrence2.27.5
BSD-3-Clause · non-standard
pypinvidia-nvjitlink-cu12pypi:nvidia-nvjitlink-cu12
1 Occurrence12.8.93
non-standard
pypinvidia-nvshmem-cu12pypi:nvidia-nvshmem-cu12
1 Occurrence3.4.5
BSD-3-Clause · non-standard
pypinvidia-nvtx-cu12pypi:nvidia-nvtx-cu12
1 Occurrence12.8.90
Apache-2.0 · non-standard
pypiopencv-python-headlesspypi:opencv-python-headless
1 Occurrence4.13.0.92
Apache-2.0
pypipackagingpypi:packaging
1 Occurrence26.0
Apache-2.0 OR BSD-2-Clause · non-standard
pypipluggypypi:pluggy
1 Occurrence1.6.0
MIT
pypipropcachepypi:propcache
1 Occurrence0.4.1
Apache-2.0
pypipydanticpypi:pydantic
1 Occurrence2.12.5
MIT
pypipydantic-corepypi:pydantic-core
1 Occurrence2.41.5
MIT
pypipytest-covpypi:pytest-cov
1 Occurrence7.0.0
MIT
pypipytorch-lightningpypi:pytorch-lightning
1 Occurrence2.6.1
Apache-2.0
pypipyyamlpypi:pyyaml
1 Occurrence6.0.3
MIT
pypiruffpypi:ruff
1 Occurrence0.15.6
MIT
pypiscipypypi:scipy
1 Occurrence1.17.1
non-standard
pypisimsimdpypi:simsimd
1 Occurrence6.5.16
Apache-2.0
pypistringzillapypi:stringzilla
1 Occurrence4.6.0
Apache-2.0
pypisympypypi:sympy
1 Occurrence1.14.0
non-standard
pypitorchmetricspypi:torchmetrics
1 Occurrence1.9.0
Apache-2.0
pypitorchvisionpypi:torchvision
1 Occurrence0.25.0
non-standard
pypitritonpypi:triton
1 Occurrence3.6.0
MIT
pypitypypi:ty
1 Occurrence0.0.23
MIT
pypityping-extensionspypi:typing-extensions
1 Occurrence4.15.0
PSF-2.0 · non-standard
pypityping-inspectionpypi:typing-inspection
1 Occurrence0.4.2
MIT
pypiyarlpypi:yarl
1 Occurrence1.23.0
Apache-2.0
OSV

Related OSV records

GHSA-2fqr-mr3j-6wp8

aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence

9 repositories13 Jul 2026
GHSA-2vrm-gr82-f7m5

AIOHTTP has CRLF injection through multipart part content type header construction

9 repositories13 Jul 2026
GHSA-3749-ghw9-m3mg

PyTorch susceptible to local Denial of Service

3 repositories10 Jun 2026
GHSA-3wq7-rqq7-wx6j

AIOHTTP has late size enforcement for non-file multipart fields causes memory DoS

9 repositories13 Jul 2026
GHSA-4fvr-rgm6-gqmc

aiohttp: HTTP/1 Pipelined Requests Queue Without Limit

9 repositories13 Jul 2026
GHSA-4m7w-qmgq-4wj5

aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections

9 repositories27 Jun 2026
GHSA-5239-wwwm-4pmq

Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching

13 repositories13 Jul 2026
GHSA-53q9-r3pm-6pq6

PyTorch: `torch.load` with `weights_only=True` leads to remote code execution

1 repository04 Feb 2026
GHSA-54jq-c3m8-4m76

AIOHTTP vulnerable to brute-force leak of internal static file path components

7 repositories07 Jul 2026
GHSA-5rjg-fvgr-3xxf

setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write

2 repositories11 May 2026
GHSA-5xmw-vc9v-4wf2

Pillow has a heap buffer overflow with nested list coordinates

10 repositories13 Jul 2026
GHSA-63hf-3vf5-4wqf

AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header injection/security bypass

9 repositories16 Jul 2026
GHSA-63hw-fmq6-xxg2

aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines

9 repositories13 Jul 2026
GHSA-65pc-fj4g-8rjx

Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix

17 repositories08 Jul 2026
GHSA-69f9-5gxw-wvc2

AIOHTTP's unicode processing of header values could cause parsing discrepancies

7 repositories07 Jul 2026
GHSA-6jhg-hg63-jvvf

AIOHTTP vulnerable to denial of service through large payloads

7 repositories07 Jul 2026
GHSA-6mq8-rvhq-8wgg

AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb

7 repositories07 Jul 2026
GHSA-6w46-j5rx-g56g

pytest has vulnerable tmpdir handling

6 repositories07 Jul 2026
GHSA-887c-mr87-cxwp

PyTorch Improper Resource Shutdown or Release vulnerability

7 repositories14 Jul 2026
GHSA-9548-qrrj-x5pj

AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections

4 repositories07 Jul 2026
GHSA-966j-vmvw-g2g9

AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect

9 repositories13 Jul 2026
GHSA-9x8q-7h8h-wcw9

aiohttp: Payload Response Resources Are Not Closed After Mid-Body Disconnect

9 repositories13 Jul 2026
GHSA-c427-h43c-vf67

AIOHTTP accepts duplicate Host headers

9 repositories13 Jul 2026
GHSA-c678-jfcj-6jmf

PyTorch Tuple Handler is Vulnerable to Memory Corruption through Manipulation of None Argument

2 repositories09 Jun 2026
GHSA-cfh3-3jmp-rvhc

Pillow affected by out-of-bounds write when loading PSD images

12 repositories13 Jul 2026
GHSA-cpwx-vrp4-4pq7

Jinja2 vulnerable to sandbox breakout through attr filter selecting format method

2 repositories07 Jul 2026
GHSA-cx63-2mw6-8hw5

setuptools vulnerable to Command Injection via package URL

1 repository07 Jul 2026
GHSA-f4hp-rmr7-r7v8

PyTorch is Vulnerable to Memory Consumption through pad_packed_sequence Function

2 repositories10 Jun 2026
GHSA-fh55-r93g-j68g

AIOHTTP Vulnerable to Cookie Parser Warning Storm

7 repositories07 Jul 2026
GHSA-g3cq-j2xw-wf74

aiohttp: Unread Compressed Request Bodies Bypass client_max_size During Cleanup

9 repositories13 Jul 2026
GHSA-g7vv-2v7x-gj9p

tqdm CLI arguments injection attack

1 repository07 Jul 2026
GHSA-g84x-mcqj-x9qq

AIOHTTP vulnerable to DoS through chunked messages

7 repositories07 Jul 2026
GHSA-gmj6-6f8f-6699

Jinja has a sandbox breakout through malicious filenames

1 repository07 Jul 2026
GHSA-h75v-3vvj-5mfj

Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

1 repository07 Jul 2026
GHSA-hcc4-c3v8-rx92

AIOHTTP Affected by Denial of Service (DoS) via Unbounded DNS Cache in TCPConnector

9 repositories13 Jul 2026
GHSA-hg6j-4rv6-33pg

AIOHTTP is vulnerable to cross-origin redirect with per-request cookies

9 repositories13 Jul 2026
GHSA-hpj7-wq8m-9hgp

aiohttp: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges

9 repositories13 Jul 2026
GHSA-jg22-mg44-37j8

AIOHTTP is Vulnerable to Deserialization of Untrusted Data

9 repositories13 Jul 2026
GHSA-jj3x-wxrx-4x23

AIOHTTP vulnerable to DoS when bypassing asserts

7 repositories07 Jul 2026
GHSA-m5qp-6w8w-w647

AIOHTTP has a Multipart Header Size Bypass

9 repositories13 Jul 2026
GHSA-m6qw-4cw2-hm4m

aiohttp: CRLF injection in multipart headers

9 repositories13 Jul 2026
GHSA-mqqc-3gqh-h2x8

AIOHTTP has unicode match groups in regexes for ASCII protocol elements

7 repositories07 Jul 2026
GHSA-mwh4-6h8g-pg8w

AIOHTTP has HTTP response splitting via \r in reason phrase

9 repositories13 Jul 2026
GHSA-p998-jp59-783m

AIOHTTP affected by UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows

9 repositories13 Jul 2026
GHSA-pwv6-vv43-88gr

Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow)

13 repositories13 Jul 2026
GHSA-q2x7-8rv6-6q7h

Jinja has a sandbox breakout through indirect reference to format method

1 repository07 Jul 2026
GHSA-qfhq-4f3w-5fph

PyTorch is vulnerable to memory corruption through its torch.lstm_cell function

9 repositories10 Jun 2026
GHSA-qmgc-5h2g-mvrw

filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock

10 repositories07 Jul 2026
Interpretation boundary

Exact identities in, explicit limits out

The collector reads bounded lockfiles, SBOMs and exact double-equals pins at one immutable commit. Version ranges are never resolved by assumption.

Retrieval, parsing, matching and publishing use no generative AI model.

i6eal (2026): density-maps — exact AI dependency evidence dossier, data state 19 Jul 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/repository/opencode-9998/

Reading this dossier

Does this repository dossier prove deployment?
No. It documents dependencies published at one observed commit, not a deployed environment.
Why are exact versions required?
OSV and registry metadata can be linked reproducibly only to an observed package@version tuple. The collector never substitutes a newest release for a range.
Does a missing row mean the dependency is absent?
No. It means not observed within the bounded files and repository checkpoint. Incomplete trees and parser failures remain explicit.

Need a permanent dependency evidence trail for another public code cohort?

We build source-backed data products with stable identities, reproducible joins and boundaries that remain visible.

Discuss a data projectExplore all tools