Affected by GO-2025-4111 and 2 other vulnerabilities

GO-2025-4111: Soft Serve is vulnerable to SSRF through its Webhooks in github.com/charmbracelet/soft-serve

GO-2026-4290: Soft Serve is missing an authorization check in LFS lock deletion in github.com/charmbracelet/soft-serve

GO-2026-4353: Soft Serve Affected by an Authentication Bypass in github.com/charmbracelet/soft-serve

pkg/

Details

Path	Synopsis
access
backend
config
cron
daemon
db
internal/test
migrate
models
git
hooks
jobs
jwk
lfs
log
proto
ssh
cmd
sshutils
stats
storage
store
database
sync
task
test
ui
common
components/code
components/footer
components/header
components/selector
components/statusbar
components/tabs
components/viewport
keymap
pages/repo
pages/selection
styles
utils
version Package version is used to store the version of the server during runtime.	Package version is used to store the version of the server during runtime.
web
webhook