Charmbracelet Soft-serve
10 CVEs affecting Charmbracelet Soft-serve. Latest disclosed: 2026-03-24. Critical: 2, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-30832 | Critical | 9.1 | 2026-03-07 | Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to m… |
CVE-2025-64522 | Critical | 9.1 | 2025-11-10 | Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.11.1 have a SSRF vulnerability where webhook URLs are not validated, allowin… |
CVE-2024-41956 | High | 8.1 | 2024-08-01 | Soft Serve is a self-hostable Git server for the command line. Prior to 0.7.5, it is possible for a user who can commit files to a repository hosted by Soft Se… |
CVE-2025-58355 | High | 7.7 | 2025-09-03 | Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled… |
CVE-2023-43809 | High | 7.5 | 2023-10-04 | Soft Serve is a self-hostable Git server for the command line. Prior to version 0.6.2, a security vulnerability in Soft Serve could allow an unauthenticated, r… |
CVE-2026-22253 | Medium | 5.4 | 2026-01-08 | Soft Serve is a self-hostable Git server for the command line. Prior to version 0.11.2, an authorization bypass in the LFS lock deletion endpoint allows any au… |
CVE-2025-64494 | Medium | 4.6 | 2025-11-08 | Soft Serve is a self-hostable Git server for the command line. In versions prior to 0.10.0, there are several places where the user can insert data (e.g. names… |
CVE-2026-33353 | | 2026-03-24 | Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any aut… | |
CVE-2026-24058 | | 2026-01-22 | Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication bypass vulnerability that allows an att… | |
CVE-2025-22130 | | 2025-01-08 | Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing non-admin users to access and take over… |