github.com/charmbracelet/soft-serve

Go6 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/charmbracelet/soft-servepage 1 of 1

CVE-2023-43809HIGHCVSS 7.5EG 7.5✓ Fixed in 0.6.2
2023-10-04
Soft Serve is a self-hostable Git server for the command line. Prior to version 0.6.2, a security vulnerability in Soft Serve could allow an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH…
CVE-2024-41956HIGHCVSS 8.1EG 8.1✓ Fixed in 0.7.5
2024-08-01
Soft Serve is a self-hostable Git server for the command line. Prior to 0.7.5, it is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git. The issue is…
CVE-2025-58355HIGHCVSS 7.7EG 7.7✓ Fixed in 0.10.0
2025-09-04
Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled data through its SSH API. This issue is fixed in version 0.10.0.
CVE-2025-64494MEDIUMCVSS 4.6EG 4.6✓ Fixed in 0.11.0
2025-11-08
Soft Serve is a self-hostable Git server for the command line. In versions prior to 0.10.0, there are several places where the user can insert data (e.g. names) and ANSI escape sequences are not being removed, which can then be used, for e…
CVE-2025-64522CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.11.1
2025-11-10
Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.11.1 have a SSRF vulnerability where webhook URLs are not validated, allowing repository administrators to create webhooks targeting internal services, priv…
CVE-2026-24058CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.11.3
2026-01-22
Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication bypass vulnerability that allows an attacker to impersonate any user (including admin) by "offering" the victim's publi…

Check whether github.com/charmbracelet/soft-serve is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/charmbracelet/soft-serve CVEs against the assets you own.

Start Free Scan →