{"package":"aws-sam-cli","ecosystem":"conda","latest_version":"1.36.0","description":"AWS SAM CLI is a CLI tool for local development and testing of Serverless applications","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://github.com/awslabs/aws-sam-cli","repository":"https://github.com/awslabs/aws-sam-cli","downloads_weekly":327,"health":{"score":47,"risk":"high","breakdown":{"maintenance":5,"popularity":3,"security":19,"maturity":12,"community":8},"deprecated":false,"max_score":100},"vulnerabilities":{"count":3,"critical":0,"high":0,"medium":3,"low":0,"details":[{"vuln_id":"CVE-2025-3048","severity":"medium","summary":"AWS SAM CLI Path Traversal allows file copy to local cache","affected_versions":"<1.134.0|=0.10.0|=0.11.0|=0.12.0|=0.13.0|=0.14.0|=0.14.1|=0.14.2|=0.15.0|=0.16.0|=0.16.1|=0.17.0|=0.18.0|=0.19.0|=0.20.0|=0.20.1|=0.21.0|=0.22.0|=0.23.0|=0.3.0|=0.30.0|=0.31.0|=0.31.1|=0.32.0|=0.33.1|=0.34.0|=0.35.0|=0.36.0|=0.37.0|=0.38.0|=0.39.0|=0.4.0|=0.40.0|=0.41.0|=0.42.0|=0.43.0|=0.44.0|=0.45.0|=0.46.0|=0.46.1|=0.46.2|=0.47.0|=0.48.0|=0.49.0|=0.5.0|=0.50.0|=0.51.0|=0.52.0|=0.53.0|=0.6.0|=0.6.1|=0.6.2|=0.7.0|=0.8.0|=0.8.1|=0.9.0|=1.0.0|=1.0.0rc1|=1.0.0rc2|=1.1.0|=1.10.0|=1.100.0|=1.101.0|=1.102.0|=1.103.0|=1.104.0|=1.105.0|=1.106.0|=1.107.0|=1.108.0|=1.109.0|=1.11.0|=1.110.0|=1.111.0|=1.112.0|=1.113.0|=1.114.0|=1.115.0|=1.116.0|=1.117.0|=1.118.0|=1.119.0|=1.12.0|=1.120.0|=1.121.0|=1.122.0|=1.123.0|=1.124.0|=1.125.0|=1.126.0|=1.127.0|=1.128.0|=1.129.0|=1.13.1|=1.13.2|=1.130.0|=1.131.0|=1.132.0|=1.133.0|=1.14.0|=1.15.0|=1.16.0|=1.17.0|=1.18.0|=1.18.1|=1.18.2|=1.19.0|=1.19.1|=1.2.0|=1.20.0|=1.21.0|=1.21.1|=1.22.0|=1.23.0|=1.24.0|=1.24.1|=1.25.0|=1.26.0|=1.27.0|=1.27.1|=1.27.2|=1.28.0|=1.29.0|=1.3.0|=1.3.2|=1.30.0|=1.31.0|=1.32.0|=1.33.0|=1.34.1|=1.35.0|=1.36.0|=1.37.0|=1.38.0|=1.38.1|=1.39.0|=1.4.0|=1.40.0|=1.40.1|=1.41.0|=1.42.0|=1.43.0|=1.44.0|=1.45.0|=1.46.0|=1.47.0|=1.48.0|=1.49.0|=1.50.0|=1.51.0|=1.52.0|=1.53.0|=1.54.0|=1.55.0|=1.56.0|=1.56.1|=1.57.0|=1.58.0|=1.59.0|=1.6.0|=1.6.2|=1.60.0|=1.61.0|=1.62.0|=1.63.0|=1.64.0|=1.65.0|=1.66.0|=1.67.0|=1.68.0|=1.69.0|=1.7.0|=1.70.0|=1.70.1|=1.71.0|=1.72.0|=1.73.0|=1.74.0|=1.75.0|=1.76.0|=1.77.0|=1.78.0|=1.79.0|=1.8.0|=1.80.0|=1.81.0|=1.82.0|=1.83.0|=1.84.0|=1.85.0|=1.86.0|=1.86.1|=1.87.0|=1.88.0|=1.89.0|=1.9.0|=1.90.0|=1.91.0|=1.92.0|=1.93.0|=1.94.0|=1.95.0|=1.96.0|=1.97.0|=1.98.0|=1.99.0","fixed_version":"1.134.0","source":"osv","published_at":"2025-03-31T22:36:52Z","in_kev":false,"epss_prob":0.00086,"epss_percentile":0.2473,"threat_tier":"theoretical"},{"vuln_id":"CVE-2025-3047","severity":"medium","summary":"AWS SAM CLI Path Traversal allows file copy to build container","affected_versions":"<1.133.0|=0.10.0|=0.11.0|=0.12.0|=0.13.0|=0.14.0|=0.14.1|=0.14.2|=0.15.0|=0.16.0|=0.16.1|=0.17.0|=0.18.0|=0.19.0|=0.20.0|=0.20.1|=0.21.0|=0.22.0|=0.23.0|=0.3.0|=0.30.0|=0.31.0|=0.31.1|=0.32.0|=0.33.1|=0.34.0|=0.35.0|=0.36.0|=0.37.0|=0.38.0|=0.39.0|=0.4.0|=0.40.0|=0.41.0|=0.42.0|=0.43.0|=0.44.0|=0.45.0|=0.46.0|=0.46.1|=0.46.2|=0.47.0|=0.48.0|=0.49.0|=0.5.0|=0.50.0|=0.51.0|=0.52.0|=0.53.0|=0.6.0|=0.6.1|=0.6.2|=0.7.0|=0.8.0|=0.8.1|=0.9.0|=1.0.0|=1.0.0rc1|=1.0.0rc2|=1.1.0|=1.10.0|=1.100.0|=1.101.0|=1.102.0|=1.103.0|=1.104.0|=1.105.0|=1.106.0|=1.107.0|=1.108.0|=1.109.0|=1.11.0|=1.110.0|=1.111.0|=1.112.0|=1.113.0|=1.114.0|=1.115.0|=1.116.0|=1.117.0|=1.118.0|=1.119.0|=1.12.0|=1.120.0|=1.121.0|=1.122.0|=1.123.0|=1.124.0|=1.125.0|=1.126.0|=1.127.0|=1.128.0|=1.129.0|=1.13.1|=1.13.2|=1.130.0|=1.131.0|=1.132.0|=1.14.0|=1.15.0|=1.16.0|=1.17.0|=1.18.0|=1.18.1|=1.18.2|=1.19.0|=1.19.1|=1.2.0|=1.20.0|=1.21.0|=1.21.1|=1.22.0|=1.23.0|=1.24.0|=1.24.1|=1.25.0|=1.26.0|=1.27.0|=1.27.1|=1.27.2|=1.28.0|=1.29.0|=1.3.0|=1.3.2|=1.30.0|=1.31.0|=1.32.0|=1.33.0|=1.34.1|=1.35.0|=1.36.0|=1.37.0|=1.38.0|=1.38.1|=1.39.0|=1.4.0|=1.40.0|=1.40.1|=1.41.0|=1.42.0|=1.43.0|=1.44.0|=1.45.0|=1.46.0|=1.47.0|=1.48.0|=1.49.0|=1.50.0|=1.51.0|=1.52.0|=1.53.0|=1.54.0|=1.55.0|=1.56.0|=1.56.1|=1.57.0|=1.58.0|=1.59.0|=1.6.0|=1.6.2|=1.60.0|=1.61.0|=1.62.0|=1.63.0|=1.64.0|=1.65.0|=1.66.0|=1.67.0|=1.68.0|=1.69.0|=1.7.0|=1.70.0|=1.70.1|=1.71.0|=1.72.0|=1.73.0|=1.74.0|=1.75.0|=1.76.0|=1.77.0|=1.78.0|=1.79.0|=1.8.0|=1.80.0|=1.81.0|=1.82.0|=1.83.0|=1.84.0|=1.85.0|=1.86.0|=1.86.1|=1.87.0|=1.88.0|=1.89.0|=1.9.0|=1.90.0|=1.91.0|=1.92.0|=1.93.0|=1.94.0|=1.95.0|=1.96.0|=1.97.0|=1.98.0|=1.99.0","fixed_version":"1.133.0","source":"osv","published_at":"2025-03-31T22:36:49Z","in_kev":false,"epss_prob":0.00109,"epss_percentile":0.28867,"threat_tier":"theoretical"},{"vuln_id":"GHSA-rjc6-vm4h-85cg","severity":"medium","summary":"Sensitive Information Exposure Through Insecure Logging For Secrets Like Metadata.DockerBuildArgs","affected_versions":"<1.122.0|=0.10.0|=0.11.0|=0.12.0|=0.13.0|=0.14.0|=0.14.1|=0.14.2|=0.15.0|=0.16.0|=0.16.1|=0.17.0|=0.18.0|=0.19.0|=0.20.0|=0.20.1|=0.21.0|=0.22.0|=0.23.0|=0.3.0|=0.30.0|=0.31.0|=0.31.1|=0.32.0|=0.33.1|=0.34.0|=0.35.0|=0.36.0|=0.37.0|=0.38.0|=0.39.0|=0.4.0|=0.40.0|=0.41.0|=0.42.0|=0.43.0|=0.44.0|=0.45.0|=0.46.0|=0.46.1|=0.46.2|=0.47.0|=0.48.0|=0.49.0|=0.5.0|=0.50.0|=0.51.0|=0.52.0|=0.53.0|=0.6.0|=0.6.1|=0.6.2|=0.7.0|=0.8.0|=0.8.1|=0.9.0|=1.0.0|=1.0.0rc1|=1.0.0rc2|=1.1.0|=1.10.0|=1.100.0|=1.101.0|=1.102.0|=1.103.0|=1.104.0|=1.105.0|=1.106.0|=1.107.0|=1.108.0|=1.109.0|=1.11.0|=1.110.0|=1.111.0|=1.112.0|=1.113.0|=1.114.0|=1.115.0|=1.116.0|=1.117.0|=1.118.0|=1.119.0|=1.12.0|=1.120.0|=1.121.0|=1.13.1|=1.13.2|=1.14.0|=1.15.0|=1.16.0|=1.17.0|=1.18.0|=1.18.1|=1.18.2|=1.19.0|=1.19.1|=1.2.0|=1.20.0|=1.21.0|=1.21.1|=1.22.0|=1.23.0|=1.24.0|=1.24.1|=1.25.0|=1.26.0|=1.27.0|=1.27.1|=1.27.2|=1.28.0|=1.29.0|=1.3.0|=1.3.2|=1.30.0|=1.31.0|=1.32.0|=1.33.0|=1.34.1|=1.35.0|=1.36.0|=1.37.0|=1.38.0|=1.38.1|=1.39.0|=1.4.0|=1.40.0|=1.40.1|=1.41.0|=1.42.0|=1.43.0|=1.44.0|=1.45.0|=1.46.0|=1.47.0|=1.48.0|=1.49.0|=1.50.0|=1.51.0|=1.52.0|=1.53.0|=1.54.0|=1.55.0|=1.56.0|=1.56.1|=1.57.0|=1.58.0|=1.59.0|=1.6.0|=1.6.2|=1.60.0|=1.61.0|=1.62.0|=1.63.0|=1.64.0|=1.65.0|=1.66.0|=1.67.0|=1.68.0|=1.69.0|=1.7.0|=1.70.0|=1.70.1|=1.71.0|=1.72.0|=1.73.0|=1.74.0|=1.75.0|=1.76.0|=1.77.0|=1.78.0|=1.79.0|=1.8.0|=1.80.0|=1.81.0|=1.82.0|=1.83.0|=1.84.0|=1.85.0|=1.86.0|=1.86.1|=1.87.0|=1.88.0|=1.89.0|=1.9.0|=1.90.0|=1.91.0|=1.92.0|=1.93.0|=1.94.0|=1.95.0|=1.96.0|=1.97.0|=1.98.0|=1.99.0","fixed_version":"1.122.0","source":"osv","published_at":"2024-09-11T19:20:57Z","in_kev":false,"threat_tier":"unknown"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"1.36.0","total_count":30,"recent":["1.4.0","1.6.2","1.7.0","1.11.0","1.12.0","1.13.1","1.13.2","1.14.0","1.15.0","1.16.0","1.17.0","1.18.0","1.18.1","1.20.0","1.23.0","1.24.1","1.25.0","1.26.0","1.27.2","1.36.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":"2020-05-12 14:45:07.370000+00:00","last_published":"2025-04-22 14:57:26.254000+00:00","dependencies_count":0,"dependencies":[]},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"1.36.0","version_hint":"Update to >= 1.122.0 to fix known vulnerabilities","summary":"aws-sam-cli@1.36.0 is safe to use (health: 47/100)"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false}}