Affected by GO-2023-2097
and 7 other vulnerabilities
GO-2023-2097: Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled in github.com/charmbracelet/soft-serve
GO-2024-3019: soft-serve vulnerable to arbitrary code execution by crafting git-lfs requests in github.com/charmbracelet/soft-serve
GO-2025-3374: Soft Serve vulnerable to path traversal attacks in github.com/charmbracelet/soft-serve
GO-2025-3930: Soft Serve vulnerable to arbitrary file writing through SSH API in github.com/charmbracelet/soft-serve
GO-2025-4106: Soft Serve does not sanitize ANSI escape sequences in user input in github.com/charmbracelet/soft-serve
GO-2025-4111: Soft Serve is vulnerable to SSRF through its Webhooks in github.com/charmbracelet/soft-serve
GO-2026-4290: Soft Serve is missing an authorization check in LFS lock deletion in github.com/charmbracelet/soft-serve
GO-2026-4353: Soft Serve Affected by an Authentication Bypass in github.com/charmbracelet/soft-serve
var (
// ErrUnauthorized is returned when the user is not authorized to perform action. ErrUnauthorized = fmt.Errorf("Unauthorized")
// ErrRepoNotFound is returned when the repo is not found. ErrRepoNotFound = fmt.Errorf("Repository not found")
// ErrFileNotFound is returned when the file is not found. ErrFileNotFound = fmt.Errorf("File not found")
)
Affected by 
Documentation
¶
Source Files