📦 Soft Serve

Soft Serve versions 0.11.2 and below have a critical authentication bypass vulnerability that allows attackers to impersonate any user, including administrators, during SSH authentication. This occurs...

Soft Serve versions before 0.11.1 have a server-side request forgery (SSRF) vulnerability where repository administrators can create webhooks that target internal services, private networks, and cloud...

CVE-2025-22130 is a path traversal vulnerability in Soft Serve Git server that allows non-admin users to access and take over other users' repositories. Attackers can modify, delete, and control repos...