pkg:Go/github.com/filebrowser/filebrowser

All known vulnerabilities

• CRITICAL9.1CVE-2026-29188File Browser's TUS Delete Endpoint Bypasses Delete Permission Check
  from 0
• HIGH8.8CVE-2025-64523File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function in github.com/filebrowser/filebrowser
  from 0
• HIGH8.1CVE-2026-25890File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL in github.com/filebrowser/filebrowser
  from 0
• HIGH8.0CVE-2025-52995File Browser vulnerable to command execution allowlist bypass in github.com/filebrowser/filebrowser
  from 0
• HIGH8.0CVE-2025-52995File Browser vulnerable to command execution allowlist bypass in github.com/filebrowser/filebrowser
  from 0, <= 1.11.0
• HIGH8.0CVE-2025-52904File Browser: Command Execution not Limited to Scope in github.com/filebrowser/filebrowser
  from 0, <= 1.11.0
• HIGH8.0CVE-2025-52904File Browser: Command Execution not Limited to Scope in github.com/filebrowser/filebrowser
  from 0
• HIGH8.0CVE-2025-52903filebrowser Allows Shell Commands to Spawn Other Commands in github.com/filebrowser/filebrowser
  from 0
• HIGH8.0CVE-2025-52903filebrowser Allows Shell Commands to Spawn Other Commands in github.com/filebrowser/filebrowser
  from 0, <= 1.11.0
• HIGH7.6CVE-2025-52902filebrowser allows Stored Cross-Site Scripting through the Markdown preview function in github.com/filebrowser/filebrowser
  from 0, <= 1.11.0
• HIGH7.6CVE-2025-52902filebrowser allows Stored Cross-Site Scripting through the Markdown preview function in github.com/filebrowser/filebrowser
  from 0
• MEDIUM6.5CVE-2026-32761File Browser has an Authorization Policy Bypass in Public Share Download Flow
  from 0
• MEDIUM6.5CVE-2026-32758File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter
  from 0
• MEDIUM5.9CVE-2025-52997File Browser vulnerable to insecure password handling
  from 0, <= 1.11.0
• MEDIUM5.9CVE-2025-52997File Browser vulnerable to insecure password handling
  from 0
• MEDIUM5.5CVE-2025-52900filebrowser Sets Insecure File Permissions in github.com/filebrowser/filebrowser
  from 0, <= 1.11.0
• MEDIUM5.5CVE-2025-52900filebrowser Sets Insecure File Permissions in github.com/filebrowser/filebrowser
  from 0
• MEDIUM5.4CVE-2026-25889File Browser has an Authentication Bypass in User Password Update in github.com/filebrowser/filebrowser
  from 0
• MEDIUM5.3CVE-2026-23849File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser
  from 0, <= 1.11.0
• MEDIUM5.3CVE-2026-23849File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser
  from 0
• MEDIUM4.5CVE-2025-52901File Browser allows sensitive data to be transferred in URL in github.com/filebrowser/filebrowser
  from 0, <= 1.11.0
• MEDIUM4.5CVE-2025-52901File Browser allows sensitive data to be transferred in URL in github.com/filebrowser/filebrowser
  from 0
• LOW3.1CVE-2025-52996File Browser's password protection of links is bypassable
  from 0, <= 1.11.0
• LOW3.1CVE-2025-52996File Browser's password protection of links is bypassable
  from 0
• —CVE-2026-32760File Browser Signup Grants Admin When Default Permissions Include Admin
  from 0
• —CVE-2026-32759File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely
  from 0
• —CVE-2026-28492FileBrowser has Path Traversal in Public Share Links that Exposes Files Outside Shared Directory
  from 0
• —CVE-2025-53893File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing in github.com/filebrowser/filebrowser
  >= 1.0.0
• —CVE-2025-53826File Browser’s insecure JWT handling can lead to session replay attacks after logout in github.com/filebrowser/filebrowser
  from 0
• —CVE-2025-53826File Browser’s insecure JWT handling can lead to session replay attacks after logout in github.com/filebrowser/filebrowser
  from 0, <= 2.39.0