3 matches found
GO-2026-4788 In Soft Serve, an authenticated repo import can clone server-local private repositories in github.com/charmbracelet/soft-serve
In Soft Serve, an authenticated repo import can clone server-local private repositories in github.com/charmbracelet/soft-serve...
GO-2025-4111 Soft Serve is vulnerable to SSRF through its Webhooks in github.com/charmbracelet/soft-serve
Soft Serve is vulnerable to SSRF through its Webhooks in github.com/charmbracelet/soft-serve...
GHSA-48GC-5J93-5CFQ Path Traversal in serve
Versions of serve prior to 10.1.2 are vulnerable to Path Traversal. Explicitly ignored folders can be accessed through relative paths, which allows attackers to access hidden folders and files. Recommendation Upgrade to version 10.1.2 or later...