github.com/filebrowser/filebrowser
govv1.11.0π Web File Browser
License Apache-2.0permissive47 versions247 maintainers0 deps34,375 weekly dl
filebrowser/filebrowser35
/ 100
Health
update required
github.com/filebrowser/[email protected] has vulnerabilities β update to latest
Update to >= 2.62.0 to fix known vulnerabilities
- Low health score (35/100)
- 5 high severity vulnerabilities
Health breakdown0 β 100
0/25
maintenance
10/20
popularity
0/25
security
12/15
maturity
13/15
community
Vulnerabilities
31
5 high4 medium22 low
Advisories (31)
| Severity | ID | Summary | Fixed in |
|---|---|---|---|
| high | CVE-2025-52903 | filebrowser Allows Shell Commands to Spawn Other Commands | 2.33.10 |
| low | CVE-2025-52996 | File Browser's password protection of links is bypassable | β |
| medium | CVE-2026-23849 | File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login | 2.55.0 |
| high | CVE-2025-52902 | filebrowser allows Stored Cross-Site Scripting through the Markdown preview function | 2.33.7 |
| high | CVE-2025-53826 | File Browserβs insecure JWT handling can lead to session replay attacks after logout | β |
| medium | CVE-2025-52997 | File Browser vulnerable to insecure password handling | 2.34.1 |
| high | CVE-2025-52904 | File Browser: Command Execution not Limited to Scope | β |
| medium | CVE-2025-52900 | filebrowser Sets Insecure File Permissions | 2.33.7 |
| medium | CVE-2025-52901 | File Browser allows sensitive data to be transferred in URL | 2.33.9 |
| high | CVE-2025-52995 | File Browser vulnerable to command execution allowlist bypass | 2.33.10 |
| unknown | CVE-2025-52902 | filebrowser allows Stored Cross-Site Scripting through the Markdown preview function in github.com/filebrowser/filebrowser | 2.33.7 |
| unknown | CVE-2025-52900 | filebrowser Sets Insecure File Permissions in github.com/filebrowser/filebrowser | 2.33.7 |
| unknown | CVE-2025-52903 | filebrowser Allows Shell Commands to Spawn Other Commands in github.com/filebrowser/filebrowser | 2.33.10 |
| unknown | CVE-2025-52996 | File Browser's password protection of links is bypassable in github.com/filebrowser/filebrowser | β |
| unknown | CVE-2025-52997 | File Browser vulnerable to insecure password handling in github.com/filebrowser/filebrowser | 2.34.1 |
| unknown | CVE-2025-52904 | File Browser: Command Execution not Limited to Scope in github.com/filebrowser/filebrowser | β |
| unknown | CVE-2025-52901 | File Browser allows sensitive data to be transferred in URL in github.com/filebrowser/filebrowser | 2.33.9 |
| unknown | CVE-2025-52995 | File Browser vulnerable to command execution allowlist bypass in github.com/filebrowser/filebrowser | 2.33.10 |
| unknown | CVE-2025-53893 | File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing in github.com/filebrowser/filebrowser | β |
| unknown | CVE-2025-53826 | File Browserβs insecure JWT handling can lead to session replay attacks after logout in github.com/filebrowser/filebrowser | β |
... and 11 more
Health History
Dependency Tree
License Audit
API access
Get this data programmatically β free, no authentication.
curl https://depscope.dev/api/check/go/github.com/filebrowser/filebrowserLast updated Β· 2019-01-05T21:26:40Z