github.com/charmbracelet/soft-serve vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-33353Highgithub.com/charmbracelet/soft-serve: In Soft Serve, an authenticated repo import can clone server-local private repositoriesCVE-2026-30832Criticalgithub.com/charmbracelet/soft-serve: soft-serve vulnerable to SSRF via unvalidated LFS endpoint in repo importCVE-2026-24058Highgithub.com/charmbracelet/soft-serve: Soft Serve Affected by an Authentication BypassCVE-2026-22253Mediumgithub.com/charmbracelet/soft-serve: Soft Serve is missing an authorization check in LFS lock deletionCVE-2025-64522Criticalgithub.com/charmbracelet/soft-serve: Soft Serve is vulnerable to SSRF through its WebhooksCVE-2025-64494Mediumgithub.com/charmbracelet/soft-serve: Soft Serve does not sanitize ANSI escape sequences in user inputCVE-2025-58355Highgithub.com/charmbracelet/soft-serve: Soft Serve vulnerable to arbitrary file writing through SSH APICVE-2025-22130Mediumgithub.com/charmbracelet/soft-serve: Soft Serve vulnerable to path traversal attacksCVE-2024-41956Highgithub.com/charmbracelet/soft-serve: soft-serve vulnerable to arbitrary code execution by crafting git-lfs requestsCVE-2023-43809Highgithub.com/charmbracelet/soft-serve: Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH…

Stop the waste.
Protect your environment with Kodem.