GO-2026-4353 Soft Serve Affected by an Authentication Bypass in github.com/charmbracelet/soft-serve

Soft Serve Affected by an Authentication Bypass in github.com/charmbracelet/soft-serve...

GO-2026-4290 Soft Serve is missing an authorization check in LFS lock deletion in github.com/charmbracelet/soft-serve

Soft Serve is missing an authorization check in LFS lock deletion in github.com/charmbracelet/soft-serve...

GO-2025-4106 Soft Serve does not sanitize ANSI escape sequences in user input in github.com/charmbracelet/soft-serve

Soft Serve does not sanitize ANSI escape sequences in user input in github.com/charmbracelet/soft-serve...

GO-2025-4111 Soft Serve is vulnerable to SSRF through its Webhooks in github.com/charmbracelet/soft-serve

Soft Serve is vulnerable to SSRF through its Webhooks in github.com/charmbracelet/soft-serve...

GO-2025-3930 Soft Serve vulnerable to arbitrary file writing through SSH API in github.com/charmbracelet/soft-serve

Soft Serve vulnerable to arbitrary file writing through SSH API in github.com/charmbracelet/soft-serve...

GO-2023-2097 Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled in github.com/charmbracelet/soft-serve

Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled in github.com/charmbracelet/soft-serve...

Authentication Bypass

github.com/charmbracelet/soft-serve is vulnerable to Authentication Bypass. The vulnerability exists when the public key setting allow-keyless is true which allows an attacker to perform unauthorized actions...

Privilege Escalation

github.com/charmbracelet/charm is vulnerable to privilege escalation. The vulnerability exists in the handlePostFile function in http.go due to the lack of sanitization in HTTP requests which allows an attacker to access the server...