Soft Serve vulnerable to arbitrary file writing through SSH API in github.com/charmbracelet/soft-serve
{ "review_status": "UNREVIEWED", "url": "https://pkg.go.dev/vuln/GO-2025-3930" }
"https://vuln.go.dev/ID/GO-2025-3930.json"