CVE-2025-64494

Name of the Vulnerable Software and Affected Versions Soft Serve versions prior to 0.10.0

Description Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.10.0 do not remove ANSI escape sequences from user-supplied data, such as names, potentially allowing for the display of fake alerts. Git messages are also printed without sanitization. This could allow an attacker to inject malicious code through unsanitized input.

Recommendations Update to version 0.10.0 or later.