Directory Traversal

github.com/gtsteffaniak/filebrowser is vulnerable to Directory Traversal. The vulnerability is due to improper sanitization of attacker-controlled path input before path validation, which allows an attacker to use traversal sequences to delete arbitrary files outside the intended shared directory...

CVE-2026-5709

Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio RES version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input when using the FileBrowser functionality. To remediat...

PT-2026-30747

Name of the Vulnerable Software and Affected Versions AWS Research and Engineering Studio RES versions 2024.10 through 2025.12.01 Description Improper input validation in the FileBrowser API within AWS Research and Engineering Studio RES could allow a remote authenticated attacker to execute...

GHSA-4MH3-H929-W968 vulnerabilities

Vulnerabilities for packages: filebrowser...

Improper Handling of Case Sensitivity

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to improper handling of case sensitivity in the userPutHandler function. An attacker can gain unauthorized access to user accoun...

CVE-2021-47732

CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the shareDeleteHandler function, which handles deletion requests based solely on the share hash, and does not verify whether the link.UserID matches the currently authenticated user's ID d.user.ID. An attacker...

EUVD-2021-24275

Malware in sbrugna...

EUVD-2022-0876

Malicious code in bioql PyPI...

GO-2025-3784 filebrowser allows Stored Cross-Site Scripting through the Markdown preview function in github.com/filebrowser/filebrowser

filebrowser allows Stored Cross-Site Scripting through the Markdown preview function in github.com/filebrowser/filebrowser...

Denial Of Service (DoS)

github.com/filebrowser/filebrowser is vulnerable to Denial of Service DoS. The vulnerability is due to the server loading entire file content into memory without size checks during read operations on the /files/file-name endpoint, which allows an attacker to upload a large file and trigger...

FileBrowser has an unspecified vulnerability (CNVD-2025-22702)

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a security vulnerability , the vulnerability stems from the file access permissions are not...

Command Injection

github.com/filebrowser/filebrowser is vulnerable to Command Injection. The vulnerability is due to improper allowlist enforcement and flawed implementation that allows users to execute shell commands beyond those explicitly permitted in their user-specific allowlist...

Improper Access Control

github.com/filebrowser/filebrowser is vulnerable to Improper Access Control. The vulnerability is due to an error-prone implementation of password-protected links, which allows an attacker to access shared files without authentication through direct download links obtained from browser history or...

Arbitrary Command Injection

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Arbitrary Command Injection via the erroneous implementation of the allowlist process. An attacker can gain unauthorized access to execute arbitrary shell commands by...

Authentication Bypass by Primary Weakness

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness via the password protected links process. An attacker can gain unauthorized access to files by obtaining or discovering direct...

CVE-2021-37794

A stored cross-site scripting XSS vulnerability exists in FileBrowser v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the...

FileBrowser 跨站脚本漏洞

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser suffers from a cross-site scripting vulnerability that is caused by improper validation of...