soft-serve vulnerable to SSRF via unvalidated LFS endpoint in repo import
Critical severity
GitHub Reviewed
Published
Mar 5, 2026
in
charmbracelet/soft-serve
•
Updated Mar 9, 2026
Give feedback on Dependabot alerts