pkg:Go/github.com/charmbracelet/soft-serve

All known vulnerabilities

• CRITICAL9.1CVE-2026-30832soft-serve vulnerable to SSRF via unvalidated LFS endpoint in repo import
  >= 0.6.0, < 0.11.4
• CRITICAL9.1CVE-2026-30832soft-serve vulnerable to SSRF via unvalidated LFS endpoint in repo import
  >= 0.6.0, < 0.11.4
• CRITICAL9.1CVE-2025-64522Soft Serve is vulnerable to SSRF through its Webhooks in github.com/charmbracelet/soft-serve
  from 0, < 0.11.1
• CRITICAL9.1CVE-2025-64522Soft Serve is vulnerable to SSRF through its Webhooks in github.com/charmbracelet/soft-serve
  from 0, < 0.11.1
• HIGH8.1CVE-2024-41956soft-serve vulnerable to arbitrary code execution by crafting git-lfs requests in github.com/charmbracelet/soft-serve
  from 0, < 0.7.5
• HIGH8.1CVE-2024-41956soft-serve vulnerable to arbitrary code execution by crafting git-lfs requests in github.com/charmbracelet/soft-serve
  from 0, < 0.7.5
• HIGH7.7CVE-2025-58355Soft Serve vulnerable to arbitrary file writing through SSH API in github.com/charmbracelet/soft-serve
  from 0, < 0.10.0
• HIGH7.7CVE-2025-58355Soft Serve vulnerable to arbitrary file writing through SSH API in github.com/charmbracelet/soft-serve
  from 0, < 0.10.0
• HIGH7.5CVE-2023-43809Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled in github.com/charmbracelet/soft-serve
  from 0, < 0.6.2
• HIGH7.5CVE-2023-43809Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled in github.com/charmbracelet/soft-serve
  from 0, < 0.6.2
• MEDIUM5.4CVE-2026-22253Soft Serve is missing an authorization check in LFS lock deletion in github.com/charmbracelet/soft-serve
  from 0, < 0.11.2
• MEDIUM5.4CVE-2026-22253Soft Serve is missing an authorization check in LFS lock deletion in github.com/charmbracelet/soft-serve
  from 0, < 0.11.2
• MEDIUM4.6CVE-2025-64494Soft Serve does not sanitize ANSI escape sequences in user input in github.com/charmbracelet/soft-serve
  from 0, < 0.11.0
• MEDIUM4.6CVE-2025-64494Soft Serve does not sanitize ANSI escape sequences in user input in github.com/charmbracelet/soft-serve
  from 0, < 0.11.0
• —CVE-2026-33353In Soft Serve, an authenticated repo import can clone server-local private repositories
  >= 0.6.0, < 0.11.6
• —CVE-2026-33353In Soft Serve, an authenticated repo import can clone server-local private repositories
  >= 0.6.0, < 0.11.6
• —CVE-2026-24058Soft Serve Affected by an Authentication Bypass in github.com/charmbracelet/soft-serve
  from 0, < 0.11.3
• —CVE-2026-24058Soft Serve Affected by an Authentication Bypass in github.com/charmbracelet/soft-serve
  from 0, < 0.11.3
• —CVE-2025-22130Soft Serve vulnerable to path traversal attacks in github.com/charmbracelet/soft-serve
  from 0, < 0.8.2
• —CVE-2025-22130Soft Serve vulnerable to path traversal attacks in github.com/charmbracelet/soft-serve
  from 0, < 0.8.2