pkg:Go/github.com/charmbracelet/soft-serve

All known vulnerabilities

• CRITICAL9.1CVE-2026-30832soft-serve vulnerable to SSRF via unvalidated LFS endpoint in repo import in github.com/charmbracelet/soft-serve
  >= 0.6.0, < 0.11.4
• CRITICAL9.1CVE-2026-30832soft-serve vulnerable to SSRF via unvalidated LFS endpoint in repo import in github.com/charmbracelet/soft-serve
  >= 0.6.0, < 0.11.4
• CRITICAL9.1CVE-2025-64522Soft Serve is vulnerable to SSRF through its Webhooks in github.com/charmbracelet/soft-serve
  from 0, < 0.11.1
• CRITICAL9.1Soft Serve is vulnerable to SSRF through its Webhooks in github.com/charmbracelet/soft-serve
  from 0, < 0.11.1
• HIGH8.1soft-serve vulnerable to arbitrary code execution by crafting git-lfs requests in github.com/charmbracelet/soft-serve
  from 0, < 0.7.5
• HIGH8.1soft-serve vulnerable to arbitrary code execution by crafting git-lfs requests in github.com/charmbracelet/soft-serve
  from 0, < 0.7.5
• HIGH7.7Soft Serve vulnerable to arbitrary file writing through SSH API in github.com/charmbracelet/soft-serve
  from 0, < 0.10.0
• HIGH7.7Soft Serve vulnerable to arbitrary file writing through SSH API in github.com/charmbracelet/soft-serve
  from 0, < 0.10.0
• HIGH7.5Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled in github.com/charmbracelet/soft-serve
  from 0, < 0.6.2
• HIGH7.5Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled in github.com/charmbracelet/soft-serve
  from 0, < 0.6.2
• MEDIUM5.4Soft Serve is missing an authorization check in LFS lock deletion in github.com/charmbracelet/soft-serve
  from 0, < 0.11.2
• MEDIUM5.4Soft Serve is missing an authorization check in LFS lock deletion in github.com/charmbracelet/soft-serve
  from 0, < 0.11.2
• MEDIUM4.6Soft Serve does not sanitize ANSI escape sequences in user input in github.com/charmbracelet/soft-serve
  from 0, < 0.11.0
• MEDIUM4.6Soft Serve does not sanitize ANSI escape sequences in user input in github.com/charmbracelet/soft-serve
  from 0, < 0.11.0
• —In Soft Serve, an authenticated repo import can clone server-local private repositories in github.com/charmbracelet/soft-serve
  >= 0.6.0, < 0.11.6
• —In Soft Serve, an authenticated repo import can clone server-local private repositories in github.com/charmbracelet/soft-serve
  >= 0.6.0, < 0.11.6
• —Soft Serve Affected by an Authentication Bypass in github.com/charmbracelet/soft-serve
  from 0, < 0.11.3
• —Soft Serve Affected by an Authentication Bypass in github.com/charmbracelet/soft-serve
  from 0, < 0.11.3
• —Soft Serve vulnerable to path traversal attacks in github.com/charmbracelet/soft-serve
  from 0, < 0.8.2
• —Soft Serve vulnerable to path traversal attacks in github.com/charmbracelet/soft-serve
  from 0, < 0.8.2