Product
alistgo alist
9 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-25161
CVE-2026-25160
CVE-2024-47067
CVE-2023-33498
CVE-2023-31726
CVE-2022-45969
CVE-2022-45970
CVE-2022-45968
CVE-2022-26533
< 3.57.0
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application
< 3.57.0
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application
< 3.29.0
AList is a file list program that supports multiple storages. AList contains a reflected cross-site scripting vulnerability in hel
< 3.16.3
alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file.
all versions
AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information.
all versions
Alist v3.4.0 is vulnerable to Directory Traversal,
all versions
Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board.
all versions
Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a passw
<= 2.1.0
Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist.