CRITICAL9.1CVE-2026-29188File Browser's TUS Delete Endpoint Bypasses Delete Permission Check in github.com/filebrowser/filebrowser from 0, < 2.61.1
CRITICAL9.1CVE-2026-29188File Browser's TUS Delete Endpoint Bypasses Delete Permission Check in github.com/filebrowser/filebrowser from 0, < 2.61.1
HIGH8.8File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function in github.com/filebrowser/filebrowser
from 0, < 2.45.1
HIGH8.8File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function in github.com/filebrowser/filebrowser
from 0, < 2.45.1
HIGH8.8Cross-site request forgery in github.com/filebrowser/filebrowser/v2
from 0, < 2.18.0
HIGH8.8Cross-site request forgery in github.com/filebrowser/filebrowser/v2
from 0, < 2.18.0
HIGH8.1File Browser: Proxy auth auto-provisioned users inherit Execute permission and Commands
from 0, < 2.63.1
HIGH8.1File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution
from 0, < 2.62.2
HIGH8.1File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL in github.com/filebrowser/filebrowser
from 0, < 2.57.1
HIGH8.1File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL in github.com/filebrowser/filebrowser
from 0, < 2.57.1
HIGH8.0File Browser vulnerable to command execution allowlist bypass in github.com/filebrowser/filebrowser
from 0, < 2.33.10
HIGH8.0File Browser vulnerable to command execution allowlist bypass in github.com/filebrowser/filebrowser
from 0, < 2.33.10
HIGH8.0File Browser: Command Execution not Limited to Scope in github.com/filebrowser/filebrowser
from 0, <= 2.35.0
HIGH8.0File Browser: Command Execution not Limited to Scope in github.com/filebrowser/filebrowser
from 0
HIGH8.0filebrowser Allows Shell Commands to Spawn Other Commands in github.com/filebrowser/filebrowser
from 0, < 2.33.10
HIGH8.0filebrowser Allows Shell Commands to Spawn Other Commands in github.com/filebrowser/filebrowser
from 0, < 2.33.10
HIGH7.6File Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB file
from 0, < 2.62.2
HIGH7.6filebrowser allows Stored Cross-Site Scripting through the Markdown preview function in github.com/filebrowser/filebrowser
from 0, < 2.33.7
HIGH7.6filebrowser allows Stored Cross-Site Scripting through the Markdown preview function in github.com/filebrowser/filebrowser
from 0, < 2.33.7
HIGH7.5File Browser has incorrect access control for public directory shares via rule path rebasing
from 0, < 2.63.6
HIGH7.2File Browser has a Command Injection via Hook Runner
>= 2.0.0-rc.1, <= 2.63.1
MEDIUM6.9File Browser vulnerable to Stored Cross-site Scripting via text/template branding injection
from 0, < 2.62.2
MEDIUM6.8File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope
from 0, < 2.63.14
MEDIUM6.5File Browser has a DoS Vulnerability via Public Login API
from 0, < 2.63.6
MEDIUM6.5File Browser has an Authorization Policy Bypass in Public Share Download Flow in github.com/filebrowser/filebrowser
from 0, < 2.62.0
MEDIUM6.5File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter in github.com/filebrowser/filebrowser
from 0, < 2.62.0
MEDIUM6.5File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter in github.com/filebrowser/filebrowser
from 0, < 2.62.0
MEDIUM5.9File Browser vulnerable to insecure password handling in github.com/filebrowser/filebrowser
from 0, < 2.34.1
MEDIUM5.9File Browser vulnerable to insecure password handling in github.com/filebrowser/filebrowser
from 0, < 2.34.1
MEDIUM5.5filebrowser Sets Insecure File Permissions in github.com/filebrowser/filebrowser
from 0, < 2.33.7
MEDIUM5.5filebrowser Sets Insecure File Permissions in github.com/filebrowser/filebrowser
from 0, < 2.33.7
MEDIUM5.4File Browser has an Authentication Bypass in User Password Update in github.com/filebrowser/filebrowser
from 0, < 2.57.1
MEDIUM5.4File Browser has an Authentication Bypass in User Password Update in github.com/filebrowser/filebrowser
from 0, < 2.57.1
MEDIUM5.3File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser
from 0, < 2.55.0
MEDIUM5.3File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser
from 0, < 2.55.0
MEDIUM4.5File Browser allows sensitive data to be transferred in URL in github.com/filebrowser/filebrowser
from 0, < 2.33.9
MEDIUM4.5File Browser allows sensitive data to be transferred in URL in github.com/filebrowser/filebrowser
from 0, < 2.33.9
LOW3.1File Browser's password protection of links is bypassable in github.com/filebrowser/filebrowser
from 0, <= 2.42.1
LOW3.1File Browser's password protection of links is bypassable in github.com/filebrowser/filebrowser
from 0
—File Browser has a Command Execution Allowlist Bypass via Shell Metacharacter Injection
from 0, < 2.33.8
—File Browser: FilePath traversal in download-as-zip/tar via Windows-style backslash separators in stored filenames
from 0, < 2.63.6
—File Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent Path
from 0, < 2.63.7
—File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix
from 0, < 2.63.6
—File Browser discloses text file content via /api/resources endpoint bypassing Perm.Download check
from 0, < 2.63.1
—File Browser share links remain accessible after Share/Download permissions are revoked
from 0, < 2.63.1
—File Browser has an access rule bypass via HasPrefix without trailing separator in path matching
from 0, < 2.63.1
—File Browser Signup Grants Admin When Default Permissions Include Admin in github.com/filebrowser/filebrowser
from 0, < 2.62.0
—File Browser Signup Grants Admin When Default Permissions Include Admin in github.com/filebrowser/filebrowser
from 0, < 2.62.0
—File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely in github.com/filebrowser/filebrowser
from 0, <= 2.61.1
—File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely in github.com/filebrowser/filebrowser
from 0
—FileBrowser has Path Traversal in Public Share Links that Exposes Files Outside Shared Directory in github.com/filebrowser/filebrowser
from 0, < 2.61.0
—FileBrowser has Path Traversal in Public Share Links that Exposes Files Outside Shared Directory in github.com/filebrowser/filebrowser
from 0, < 2.61.0
—File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing in github.com/filebrowser/filebrowser
—File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing in github.com/filebrowser/filebrowser
>= 2.0.0-rc.1
—File Browser’s insecure JWT handling can lead to session replay attacks after logout in github.com/filebrowser/filebrowser
from 0, <= 2.39.0
—File Browser’s insecure JWT handling can lead to session replay attacks after logout in github.com/filebrowser/filebrowser
from 0