Is it possible for an attacker to see all files inside of /uploads?

I would argue that it’s never a good reason to store files within the database. File systems always win on performance and compatibility.