{"package":"github.com/gtsteffaniak/filebrowser/backend","ecosystem":"go","latest_version":"v0.0.0-20260430205036-668efec4d744","description":"📂 Web File Browser","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pkg.go.dev/github.com/gtsteffaniak/filebrowser/backend","repository":"https://github.com/gtsteffaniak/filebrowser/backend","downloads_weekly":6932,"health":{"score":63,"risk":"moderate","breakdown":{"maintenance":25,"popularity":6,"security":13,"maturity":9,"community":10},"deprecated":false,"max_score":100},"vulnerabilities":{"count":6,"critical":0,"high":2,"medium":1,"low":3,"details":[{"vuln_id":"CVE-2026-30933","severity":"high","summary":"FileBrowser Quantum: Password-Protected Share Bypass via /public/api/share/info","affected_versions":"<0.0.0-20260307130210-09713b32a5f6","fixed_version":"0.0.0-20260307130210-09713b32a5f6","source":"osv","published_at":"2026-03-09T19:48:12Z","in_kev":false,"epss_prob":0.00102,"epss_percentile":0.27681,"threat_tier":"theoretical"},{"vuln_id":"GO-2026-4820","severity":"medium","summary":"FileBrowser Quantum has Username Enumeration via Authentication Timing Side-Channel","affected_versions":"<0.0.0-20260317230626-af08800667b8","fixed_version":"0.0.0-20260317230626-af08800667b8","source":"osv","published_at":"2026-03-24T19:18:56Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"CVE-2026-27611","severity":"high","summary":"FileBrowser Quantum: Password Protection Not Enforced on Shared File Links ","affected_versions":"<0.0.0-20260221163904-dbcfba993b85","fixed_version":"0.0.0-20260221163904-dbcfba993b85","source":"osv","published_at":"2026-02-25T16:00:49Z","in_kev":false,"epss_prob":0.0005,"epss_percentile":0.15554,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-27611","severity":"unknown","summary":"FileBrowser Quantum: Password Protection Not Enforced on Shared File Links in github.com/gtsteffaniak/filebrowser/backend","affected_versions":"<0.0.0-20260221163904-dbcfba993b85","fixed_version":"0.0.0-20260221163904-dbcfba993b85","source":"osv","published_at":"2026-02-25T23:07:04Z","in_kev":false,"epss_prob":0.0005,"epss_percentile":0.15554,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-30933","severity":"unknown","summary":"FileBrowser Quantum: Password-Protected Share Bypass via /public/api/share/info in github.com/gtsteffaniak/filebrowser/backend","affected_versions":"<0.0.0-20260307130210-09713b32a5f6","fixed_version":"0.0.0-20260307130210-09713b32a5f6","source":"osv","published_at":"2026-03-11T16:00:40Z","in_kev":false,"epss_prob":0.00102,"epss_percentile":0.27681,"threat_tier":"theoretical"},{"vuln_id":"GHSA-7789-65hx-f26w","severity":"unknown","summary":"FileBrowser Quantum has Username Enumeration via Authentication Timing Side-Channel in github.com/gtsteffaniak/filebrowser/backend","affected_versions":"<0.0.0-20260317230626-af08800667b8","fixed_version":"0.0.0-20260317230626-af08800667b8","source":"osv","published_at":"2026-03-26T20:33:02Z","in_kev":false,"threat_tier":"unknown"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v0.0.0-20260430205036-668efec4d744","total_count":0,"recent":[]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":163,"first_published":null,"last_published":"2026-04-30T20:50:36Z","dependencies_count":0,"dependencies":[]},"github_stats":{"stars":6954,"forks":343,"open_issues":119,"is_archived":false,"pushed_at":"2026-04-30T23:49:56Z","subscribers_count":27},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["2 high severity vulnerabilities"],"use_version":"v0.0.0-20260430205036-668efec4d744","version_hint":"Update to >= 0.0.0-20260317230626-af08800667b8 to fix known vulnerabilities","summary":"github.com/gtsteffaniak/filebrowser/backend@v0.0.0-20260430205036-668efec4d744 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":3128,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":1,"first_release_age_days":null,"last_release_days_ago":0,"avg_days_between_releases":null,"release_velocity":"active"}}