Serverless Framework 命令注入漏洞

Serverless Framework is a cloud service hosting tool from Serverless open source. A command injection vulnerability exists in Serverless Framework versions 4.29.0 through prior to 4.29.3, which stems from improper cleanup of input parameters to childprocess.exec, which could lead to remote code...

CVE-2025-67718

Form.io exposes a path-handling vulnerability that can let unauthenticated/unauthorized requests access protected API endpoints by sending crafted request paths. Affected versions: 3.5.6 and earlier, and 4.0.0-rc.1 through 4.4.2. Impact is data exposure from endpoints that should be protected. Fi...

EUVD-2025-200178

Malicious code in @wxi-dev/serverless-tsc-config npm...

MAL-2025-191536 Malicious code in @wxi-dev/serverless-tsc-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2044be2f48924b1fbab5515839d24440bd12b3d7df98de95a6b0881665ab3f94 The package @wxi-dev/serverless-tsc-config was found to contain malicious code. Source: ghsa-malware...

com.amazonaws.serverless:aws-serverless-java-container-struts (>=1.9 <=1.9.4), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (>=4.0.2 <=5.0.6) +77 more potentially affected by CVE-2025-64775 +1 more via org.apache.struts:struts2-core (>=6.0.0 <=6.7.4)

org.apache.struts:struts2-core MAVEN version =6.0.0, =1.9, =4.0.2, =4.0.2, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =1.4.0, =1.4.1, =1.4.0, =1.4.3 and more Source cves: CVE-2025-64775, CVE-2025-66675https://vulne...

com.amazonaws.serverless:aws-serverless-java-container-struts2 (>=1.2 <=1.8.2), com.github.a-pz:struts2-thymeleaf3-plugin (>=1.0.3-RELEASE <=1.2.0-RELEASE) +164 more potentially affected by CVE-2025-64775 via org.apache.struts:struts2-core (>=2.5.1 <=2.5.33)

org.apache.struts:struts2-core MAVEN version =2.5.1, =1.2, =1.0.3-RELEASE, =1.1.9, =0.0.1, =6.0.0, =2.5.1, =2.5.1, =4.0.1 - com.jgeppert.struts2.jquery:struts2-jquery-chart-plugin =4.0.3 - com.jgeppert.struts2.jquery:struts2-jquery-datatables-plugin =4.0.3 -...

MAL-2025-191373 Malicious code in @voiceflow/serverless-plugin-typescript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7250284d7c2e88d5fb38f55fabf16f35b8da97c4e888154f7f275f2bef975251 The package @voiceflow/serverless-plugin-typescript was found to contain malicious code. Source: google-open-source-security...

EUVD-2025-199389

Malicious code in @voiceflow/serverless-plugin-typescript npm...

GraphFaaS: Serverless GNN Inference for Burst-Resilient, Real-Time Intrusion Detection

Provenance-based intrusion detection is an increasingly popular application of graphical machine learning in cybersecurity, where system activities are modeled as provenance graphs to capture causality and correlations among potentially malicious actions. Graph Neural Networks GNNs have...

Malicious code in fusion-geckodriver-server-less-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 958176f41f08e2a4e088ec62423745c59475d2e9e76c5efe48941dde7761aa9f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Advanced Serverless Security: Zero Trust Implementation with AI-Powered Threat Detection

Serverless architectures have fundamentally altered the cybersecurity landscape, creating attack vectors that traditional security models cannot address. After…...

The Hidden Dangers of Public Serverless Repositories: An Empirical Security Assessment

Serverless computing has rapidly emerged as a prominent cloud paradigm, enabling developers to focus solely on application logic without the burden of managing servers or underlying infrastructure. Public serverless repositories have become key to accelerating the development of serverless...

EUVD-2021-2069

Malware in sbrugna...

EUVD-2021-26986

Malware in sbrugna...

EUVD-2024-0757

Malicious code in bioql PyPI...

EUVD-2022-2512

Malicious code in bioql PyPI...

EUVD-2024-0566

Malicious code in bioql PyPI...

EUVD-2024-0944

Malicious code in bioql PyPI...

EUVD-2024-1586

Malicious code in bioql PyPI...

EUVD-2025-31664

Malicious code in bioql PyPI...