GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
filebrowser allows Stored Cross-Site Scripting through the Markdown preview function
High
CVE-2025-52902
was published
for
github.com/filebrowser/filebrowser
(Go)
Jun 27, 2025
File Browser vulnerable to command execution allowlist bypass
High
CVE-2025-52995
was published
for
github.com/filebrowser/filebrowser
(Go)
Jun 30, 2025
filebrowser Sets Insecure File Permissions
Moderate
CVE-2025-52900
was published
for
github.com/filebrowser/filebrowser
(Go)
Jun 27, 2025
File Browser: Command Execution not Limited to Scope
High
CVE-2025-52904
was published
for
github.com/filebrowser/filebrowser
(Go)
Jun 30, 2025
filebrowser Allows Shell Commands to Spawn Other Commands
High
CVE-2025-52903
was published
for
github.com/filebrowser/filebrowser
(Go)
Jun 27, 2025
File Browser vulnerable to insecure password handling
Moderate
CVE-2025-52997
was published
for
github.com/filebrowser/filebrowser
(Go)
Jun 30, 2025
File Browser's password protection of links is bypassable
Low
CVE-2025-52996
was published
for
github.com/filebrowser/filebrowser
(Go)
Jun 30, 2025
File Browser allows sensitive data to be transferred in URL
Moderate
CVE-2025-52901
was published
for
github.com/filebrowser/filebrowser
(Go)
Jun 30, 2025
File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing
High
CVE-2025-53893
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Jul 16, 2025
File Browser’s insecure JWT handling can lead to session replay attacks after logout
High
CVE-2025-53826
was published
for
github.com/filebrowser/filebrowser
(Go)
Jul 16, 2025
go-ipld-prime/codec/json may panic if asked to encode bytes
Moderate
CVE-2023-22460
was published
for
github.com/ipld/go-ipld-prime
(Go)
Jan 5, 2023
ProTip!
Advisories are also available from the
GraphQL API