CRITICAL9.1CVE-2026-29188File Browser's TUS Delete Endpoint Bypasses Delete Permission Check in github.com/filebrowser/filebrowser from 0
HIGH8.8CVE-2025-64523File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function in github.com/filebrowser/filebrowser from 0
HIGH8.1File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL in github.com/filebrowser/filebrowser
from 0
HIGH8.0File Browser vulnerable to command execution allowlist bypass in github.com/filebrowser/filebrowser
from 0
HIGH8.0File Browser vulnerable to command execution allowlist bypass in github.com/filebrowser/filebrowser
from 0, <= 1.11.0
HIGH8.0File Browser: Command Execution not Limited to Scope in github.com/filebrowser/filebrowser
from 0
HIGH8.0File Browser: Command Execution not Limited to Scope in github.com/filebrowser/filebrowser
from 0, <= 1.11.0
HIGH8.0filebrowser Allows Shell Commands to Spawn Other Commands in github.com/filebrowser/filebrowser
from 0
HIGH8.0filebrowser Allows Shell Commands to Spawn Other Commands in github.com/filebrowser/filebrowser
from 0, <= 1.11.0
HIGH7.6filebrowser allows Stored Cross-Site Scripting through the Markdown preview function in github.com/filebrowser/filebrowser
from 0
HIGH7.6filebrowser allows Stored Cross-Site Scripting through the Markdown preview function in github.com/filebrowser/filebrowser
from 0, <= 1.11.0
HIGH7.5File Browser has incorrect access control for public directory shares via rule path rebasing
from 0, <= 1.11.0
MEDIUM6.8File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope
from 0, <= 1.11.0
MEDIUM6.5File Browser has a DoS Vulnerability via Public Login API
from 0, <= 1.11.0
MEDIUM6.5File Browser has an Authorization Policy Bypass in Public Share Download Flow in github.com/filebrowser/filebrowser
from 0
MEDIUM6.5File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter in github.com/filebrowser/filebrowser
from 0
MEDIUM5.9File Browser vulnerable to insecure password handling in github.com/filebrowser/filebrowser
from 0, <= 1.11.0
MEDIUM5.9File Browser vulnerable to insecure password handling in github.com/filebrowser/filebrowser
from 0
MEDIUM5.5filebrowser Sets Insecure File Permissions in github.com/filebrowser/filebrowser
from 0, <= 1.11.0
MEDIUM5.5filebrowser Sets Insecure File Permissions in github.com/filebrowser/filebrowser
from 0
MEDIUM5.4File Browser has an Authentication Bypass in User Password Update in github.com/filebrowser/filebrowser
from 0
MEDIUM5.3File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser
from 0, <= 1.11.0
MEDIUM5.3File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser
from 0
MEDIUM4.5File Browser allows sensitive data to be transferred in URL in github.com/filebrowser/filebrowser
from 0
MEDIUM4.5File Browser allows sensitive data to be transferred in URL in github.com/filebrowser/filebrowser
from 0, <= 1.11.0
LOW3.1File Browser's password protection of links is bypassable in github.com/filebrowser/filebrowser
from 0
LOW3.1File Browser's password protection of links is bypassable in github.com/filebrowser/filebrowser
from 0, <= 1.11.0
—File Browser: FilePath traversal in download-as-zip/tar via Windows-style backslash separators in stored filenames
from 0, <= 1.11.0
—File Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent Path
from 0, <= 1.11.0
—File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix
from 0, <= 1.11.0
—File Browser Signup Grants Admin When Default Permissions Include Admin in github.com/filebrowser/filebrowser
from 0
—File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely in github.com/filebrowser/filebrowser
from 0
—FileBrowser has Path Traversal in Public Share Links that Exposes Files Outside Shared Directory in github.com/filebrowser/filebrowser
from 0
—File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing in github.com/filebrowser/filebrowser
>= 1.0.0
—File Browser’s insecure JWT handling can lead to session replay attacks after logout in github.com/filebrowser/filebrowser
from 0
—File Browser’s insecure JWT handling can lead to session replay attacks after logout in github.com/filebrowser/filebrowser
from 0, <= 2.39.0