pkg:Go/github.com/filebrowser/filebrowser/v2

49 total CVEsCRITICAL2HIGH17MEDIUM14LOW2

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.1CVE-2026-29188File Browser's TUS Delete Endpoint Bypasses Delete Permission Check
    from 0, < 2.61.1
  • CRITICAL9.1CVE-2026-29188File Browser's TUS Delete Endpoint Bypasses Delete Permission Check
    from 0, < 2.61.1
  • HIGH8.8CVE-2025-64523File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function in github.com/filebrowser/filebrowser
    from 0, < 2.45.1
  • HIGH8.8CVE-2025-64523File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function in github.com/filebrowser/filebrowser
    from 0, < 2.45.1
  • HIGH8.8CVE-2021-46398Cross-Site Request Forgery in Filebrowser
    from 0, < 2.18.0
  • HIGH8.8CVE-2021-46398Cross-Site Request Forgery in Filebrowser
    from 0, < 2.18.0
  • HIGH8.1CVE-2026-35607File Browser: Proxy auth auto-provisioned users inherit Execute permission and Commands
    from 0, < 2.63.1
  • HIGH8.1CVE-2026-34528File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution
    from 0, < 2.62.2
  • HIGH8.1CVE-2026-25890File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL in github.com/filebrowser/filebrowser
    from 0, < 2.57.1
  • HIGH8.1CVE-2026-25890File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL in github.com/filebrowser/filebrowser
    from 0, < 2.57.1
  • HIGH8.0CVE-2025-52995File Browser vulnerable to command execution allowlist bypass in github.com/filebrowser/filebrowser
    from 0, < 2.33.10
  • HIGH8.0CVE-2025-52995File Browser vulnerable to command execution allowlist bypass in github.com/filebrowser/filebrowser
    from 0, < 2.33.10
  • HIGH8.0CVE-2025-52904File Browser: Command Execution not Limited to Scope in github.com/filebrowser/filebrowser
    from 0, <= 2.35.0
  • HIGH8.0CVE-2025-52904File Browser: Command Execution not Limited to Scope in github.com/filebrowser/filebrowser
    from 0
  • HIGH8.0CVE-2025-52903filebrowser Allows Shell Commands to Spawn Other Commands in github.com/filebrowser/filebrowser
    from 0, < 2.33.10
  • HIGH8.0CVE-2025-52903filebrowser Allows Shell Commands to Spawn Other Commands in github.com/filebrowser/filebrowser
    from 0, < 2.33.10
  • HIGH7.6CVE-2026-34529File Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB file
    from 0, < 2.62.2
  • HIGH7.6CVE-2025-52902filebrowser allows Stored Cross-Site Scripting through the Markdown preview function in github.com/filebrowser/filebrowser
    from 0, < 2.33.7
  • HIGH7.6CVE-2025-52902filebrowser allows Stored Cross-Site Scripting through the Markdown preview function in github.com/filebrowser/filebrowser
    from 0, < 2.33.7
  • MEDIUM6.9CVE-2026-34530File Browser vulnerable to Stored Cross-site Scripting via text/template branding injection
    from 0, < 2.62.2
  • MEDIUM6.5CVE-2026-32761File Browser has an Authorization Policy Bypass in Public Share Download Flow
    from 0, < 2.62.0
  • MEDIUM6.5CVE-2026-32758File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter
    from 0, < 2.62.0
  • MEDIUM6.5CVE-2026-32758File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter
    from 0, < 2.62.0
  • MEDIUM5.9CVE-2025-52997File Browser vulnerable to insecure password handling
    from 0, < 2.34.1
  • MEDIUM5.9CVE-2025-52997File Browser vulnerable to insecure password handling
    from 0, < 2.34.1
  • MEDIUM5.5CVE-2025-52900filebrowser Sets Insecure File Permissions in github.com/filebrowser/filebrowser
    from 0, < 2.33.7
  • MEDIUM5.5CVE-2025-52900filebrowser Sets Insecure File Permissions in github.com/filebrowser/filebrowser
    from 0, < 2.33.7
  • MEDIUM5.4CVE-2026-25889File Browser has an Authentication Bypass in User Password Update in github.com/filebrowser/filebrowser
    from 0, < 2.57.1
  • MEDIUM5.4CVE-2026-25889File Browser has an Authentication Bypass in User Password Update in github.com/filebrowser/filebrowser
    from 0, < 2.57.1
  • MEDIUM5.3CVE-2026-23849File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser
    from 0, < 2.55.0
  • MEDIUM5.3CVE-2026-23849File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser
    from 0, < 2.55.0
  • MEDIUM4.5CVE-2025-52901File Browser allows sensitive data to be transferred in URL in github.com/filebrowser/filebrowser
    from 0, < 2.33.9
  • MEDIUM4.5CVE-2025-52901File Browser allows sensitive data to be transferred in URL in github.com/filebrowser/filebrowser
    from 0, < 2.33.9
  • LOW3.1CVE-2025-52996File Browser's password protection of links is bypassable
    from 0, <= 2.42.1
  • LOW3.1CVE-2025-52996File Browser's password protection of links is bypassable
    from 0
  • CVE-2026-35606File Browser discloses text file content via /api/resources endpoint bypassing Perm.Download check
    from 0, < 2.63.1
  • CVE-2026-35604File Browser share links remain accessible after Share/Download permissions are revoked
    from 0, < 2.63.1
  • CVE-2026-35605File Browser has an access rule bypass via HasPrefix without trailing separator in path matching
    from 0, < 2.63.1
  • CVE-2026-35585File Browser has a Command Injection via Hook Runner
    >= 2.0.0-rc.1, <= 2.63.1
  • CVE-2026-32760File Browser Signup Grants Admin When Default Permissions Include Admin
    from 0, < 2.62.0
  • CVE-2026-32760File Browser Signup Grants Admin When Default Permissions Include Admin
    from 0, < 2.62.0
  • CVE-2026-32759File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely
    from 0
  • CVE-2026-32759File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely
    from 0, <= 2.61.1
  • CVE-2026-28492FileBrowser has Path Traversal in Public Share Links that Exposes Files Outside Shared Directory
    from 0, < 2.61.0
  • CVE-2026-28492FileBrowser has Path Traversal in Public Share Links that Exposes Files Outside Shared Directory
    from 0, < 2.61.0
  • CVE-2025-53893File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing in github.com/filebrowser/filebrowser
    >= 2.0.0-rc.1
  • CVE-2025-53893File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing in github.com/filebrowser/filebrowser
  • CVE-2025-53826File Browser’s insecure JWT handling can lead to session replay attacks after logout in github.com/filebrowser/filebrowser
    from 0, <= 2.39.0
  • CVE-2025-53826File Browser’s insecure JWT handling can lead to session replay attacks after logout in github.com/filebrowser/filebrowser
    from 0