CVE-2026-33353

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. Thi...

CVE-2026-33353

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. Thi...

MAL-2025-147480 Malicious code in rocket-server-repository-janus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d9a2f1cc9e19f3853a00c6425d9caededd5e2036c1d89d881d3241dd19d9160 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

GO-2025-4062 Mattermost Server exposes information stored by a web browser in github.com/mattermost/mattermost-server

Mattermost Server exposes information stored by a web browser in github.com/mattermost/mattermost-server...

GO-2025-3769 Mattermost allows authenticated users to write files to arbitrary locations in github.com/mattermost/mattermost-server

Mattermost allows authenticated users to write files to arbitrary locations in github.com/mattermost/mattermost-server...

GO-2025-3694 Mattermost Fails to Check User Access to `ExperimentalSettings` in github.com/mattermost/mattermost-server

Mattermost Fails to Check User Access to ExperimentalSettings in github.com/mattermost/mattermost-server...

GO-2025-3394 Mattermost fails to properly validate post props in github.com/mattermost/mattermost-server

Mattermost fails to properly validate post props in github.com/mattermost/mattermost-server...