| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-33353 | Soft Serve: Authenticated repo import can clone server-local private repositories | charmbracelet | soft-serve | 中危 | - | 2026-03-24 19:39:38 | Deep Dive |
| CVE-2026-30832 | Soft Serve: SSRF via unvalidated LFS endpoint in repo import | charmbracelet | soft-serve | Critical | 9.1 | 2026-03-07 15:57:39 | Deep Dive |
| CVE-2026-24058 | Soft Serve has Critical Authentication Bypass | charmbracelet | soft-serve | - | - | 2026-01-22 22:01:22 | Deep Dive |
| CVE-2026-22253 | Soft Serve is missing an authorization check in LFS lock deletion | charmbracelet | soft-serve | Medium | 5.4 | 2026-01-08 18:39:58 | Deep Dive |
| CVE-2025-64522 | Soft Serve is vulnerable to SSRF through its Webhooks | charmbracelet | soft-serve | Critical | 9.1 | 2025-11-10 22:11:19 | Deep Dive |
| CVE-2025-64494 | Soft Serve does not sanitize ANSI escape sequences in user input | charmbracelet | soft-serve | Medium | 4.6 | 2025-11-08 01:19:01 | Deep Dive |
| CVE-2025-58355 | Soft Serve is vulnerable to arbitrary file writing through its SSH API | charmbracelet | soft-serve | High | 7.7 | 2025-09-03 23:52:24 | Deep Dive |
| CVE-2025-22130 | Soft Serve allows path traversal attacks | charmbracelet | soft-serve | 中危 | - | 2025-01-08 15:43:05 | Deep Dive |
| CVE-2024-41956 | Soft Serve allows arbitrary code execution by crafting git-lfs requests | charmbracelet | soft-serve | High | 8.1 | 2024-08-01 22:07:33 | Deep Dive |
| CVE-2023-43809 | Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled | charmbracelet | soft-serve | High | 7.5 | 2023-10-04 20:40:42 | Deep Dive |