Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
npm directus Security Advisories
Browse all Security Advisories for npm directus
Loading...
Moderate
Ecosystems: npm
Packages: @directus/api, directus
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 2 months ago
GSA_kwCzR0hTQS02OGc4LWMyNzUteGYybc4AA_rG
Directus vulnerable to SSRF Loopback IP filter bypassEcosystems: npm
Packages: @directus/api, directus
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 2 months ago
High
Ecosystems: npm
Packages: @directus/api, directus
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: 2 months ago
GSA_kwCzR0hTQS1jZmY4LXg3anYtNGZtOM4AA_cb
Session is cached for OpenID and OAuth2 if `redirect` is not usedEcosystems: npm
Packages: @directus/api, directus
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: 2 months ago
Moderate
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 3 months ago
GSA_kwCzR0hTQS0zZmZmLWdxdzMtdmo4Ns4AA--o
Directus has an insecure object reference via PATH presetsEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 3 months ago
GSA_kwCzR0hTQS1xODN2LWhxM2otNHBxM84AA-rb
Improper access control in DirectusEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 3 months ago
GSA_kwCzR0hTQS1xZjZoLXAzbXItdm1oNc4AA-rS
Code injection in DirectusEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 3 months ago
High
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: 5 months ago
GSA_kwCzR0hTQS1qZ2Y0LXZ3YzMtcjQ2ds4AA9oh
Directus Allows Single Sign-On User EnumerationEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: 5 months ago
High
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: 5 months ago
GSA_kwCzR0hTQS1oeGdtLWdobXYteGpqbc4AA9oe
Directus incorrectly handles `_in` filterEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: 5 months ago
High
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: 6 months ago
GSA_kwCzR0hTQS02MzJwLXA0OTUtMjVtNc4AA8sw
Directus is soft-locked by providing a string value to random string utilEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: 6 months ago
Moderate
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: 6 months ago
GSA_kwCzR0hTQS1nNjVoLTM1ZjMteDJ3M84AA74v
Directus Lacks Session Tokens InvalidationEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: 6 months ago
Moderate
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 6 months ago
GSA_kwCzR0hTQS1wOHYzLW02NDMtNHhxeM4AA74s
Directus allows redacted data extraction on the API through "alias"Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 6 months ago
Moderate
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: 8 months ago
GSA_kwCzR0hTQS1mcjN3LTJwMjItNnc3cM4AA572
URL Redirection to Untrusted Site in OAuth2/OpenID in directusEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: 8 months ago
Low
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 8 months ago
GSA_kwCzR0hTQS0yY2NyLWcycnYtaDY3N84AA571
Session Token in URL in directusEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 8 months ago
Moderate
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 9 months ago
GSA_kwCzR0hTQS01bWhnLXd2OHctcDU5as4AA5sN
Directus version number disclosureEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 9 months ago
High
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: 9 months ago
GSA_kwCzR0hTQS1xdzlnLTc1NDktN3dnNc4AA5r0
Directus has MySQL accent insensitive email matchingEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: 9 months ago
High
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 1 year ago
GSA_kwCzR0hTQS1obWd3LTlqcmctaGYybc4AA2kX
Directus crashes on invalid WebSocket messageEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 1 year ago
High
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: about 1 year ago
GSA_kwCzR0hTQS0yMnJyLWYzcDgtNWdmOM4AA15b
Directus affected by VM2 sandbox escape vulnerabilityEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: over 1 year ago
GSA_kwCzR0hTQS1nZ2dtLTY2cmgtcHA5OM4AA046
Incorrect Permission Checking for GraphQL SubscriptionsEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 1 year ago
GSA_kwCzR0hTQS0zZ3ZwLTU0djItMmpycM4AAyhx
Directus API vulnerable to denial of serviceEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: over 1 year ago
GSA_kwCzR0hTQS04dmcyLXdmM3EtbXd2N84AAyQe
directus vulnerable to Insertion of Sensitive Information into Log FileEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 1 year ago
GSA_kwCzR0hTQS1tNXEzLTh3Z2YteDh4Zs4AAyAB
Directus vulnerable to extraction of password hashes through export queryingEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 1 year ago
High
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 1 year ago
GSA_kwCzR0hTQS00aG1xLWdncm0tcWZjNs4AAx-d
directus vulnerable to HTML Injection in Password Reset email to custom Reset URLEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: over 1 year ago
GSA_kwCzR0hTQS1qM3JnLTNyZ20tNTM3aM4AAx7Z
Directus vulnerable to Server-Side Request Forgery On File ImportEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 2 years ago
GSA_kwCzR0hTQS03N3FtLXd2cXEtZmc3Oc4AAuiy
Directus vulnerable to unhandled exception on illegal filename_disk valueEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 2 years ago
Moderate
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: over 2 years ago
GSA_kwCzR0hTQS01aDc1LXB2cTQtODJjOc4AAs67
Server-Side Request Forgery in DirectusEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: over 2 years ago
Critical
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: over 2 years ago
GSA_kwCzR0hTQS1nMjdqLTc0ZnAteGZwcs04jw
Insecure default value for CORS configurationEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: over 2 years ago
High
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: over 2 years ago
GSA_kwCzR0hTQS14bWpqLTNjNzYtNXc4NM04jg
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in directusEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: over 2 years ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 3
Ecosystems: 12
Packages: 9,040
Repositories: 3
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
parse-server
31
electron
26
directus
26
@openzeppelin/contracts-upgradeable
21
@openzeppelin/contracts
20
next
18
sequelize
16
tinymce
16
ghost
15
ckeditor4
15
swagger-ui
14
joplin
14
angular
13
undici
13
strapi
13
vm2
12
nodebb
12
handlebars
11
matrix-js-sdk
11
bootstrap
11
tinymce/tinymce
11
TinyMCE
11
marked
11
nocodb
10
flowise
10
@strapi/strapi
9
twbs/bootstrap
9
serve
9
bootstrap
9
org.webjars:bootstrap
9
bootstrap
9
matrix-react-sdk
9
@evershop/evershop
9
next-auth
9
jquery
8
matrix-appservice-irc
8
org.webjars.npm:jquery
8
npm
8
jquery-rails
8
urijs
8
systeminformation
8
express-cart
8
url-parse
8
steal
8
tar
8
editor.md
8
jsrsasign
8
node-forge
8
validator
8
uptime-kuma
7
shescape
7
snyk-broker
7
bootstrap-sass
7
jQuery
7
elliptic
7
dompurify
7
bootstrap.sass
7
sanitize-html
7
hermes-engine
7
vite
7
total.js
7
lodash
7
jquery-ui
7
jQuery.UI.Combined
7
org.webjars.npm:jquery-ui
7
jquery-ui-rails
7
hapi
7
rsshub
6
safe-eval
6
@strapi/plugin-users-permissions
6
aaptjs
6
parse-url
6
bootstrap-sass
6
mattermost-desktop
5
keystone
5
xlsx
5
ws
5
ejs
5
axios
5
@saltcorn/server
5
rendertron
5
public
5
mermaid
5
total4
5
mongoose
5
openpgp
5
mysql2
5
sweetalert2
5
ua-parser-js
5
lunary
5
lodash-es
5
prismjs
5
yarn
5
vditor
5
dojo
5
safer-eval
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
remarkable
4
aws-iot-device-sdk-v2
4
apollo-server-core
4
generator-jhipster
4
hono
4
awsiotsdk
4
glance
4
auth0-lock
4
express
4
hummus
4
muhammara
4
vega
4
katex
4
@keystone-6/core
4
@backstage/plugin-scaffolder-backend
4
auth0-js
4
engine.io
4
moment
4
mongo-express
4
follow-redirects
4
realms-shim
4
fast-xml-parser
4
meshcentral
4
apostrophe
4
simple-markdown
4
simple-git
4
convert-svg-core
4
fastify
4
@lobehub/chat
4
ecstatic
4
jsonwebtoken
4
qs
4
valine
4
materialize-css
4
jose-node-cjs-runtime
3
@strapi/plugin-content-manager
3
dojox
3
m-server
3
jose-node-esm-runtime
3
uap-core
3
libxmljs
3
@backstage/techdocs-common
3
http-live-simulator
3
protobufjs
3
socket.io-parser
3
renovate
3
object-path
3
postcss
3
node-opcua
3
nadesiko3
3
node-fetch
3
tough-cookie
3
loader-utils
3
js-yaml
3
@frangoteam/fuxa
3
@commercial/subtext
3
socket.io-file
3
yapi-vendor
3
node-jose
3
slpjs
3
@ckeditor/ckeditor5-markdown-gfm
3
socket.io
3
browserify-shim
3
@jmondi/url-to-png
3
dset
3
@janhq/core
3
code-server
3
jose
3
connect
3
braces
3
buttle
3
wrangler
3
froala-editor
3
django-tinymce
3
raneto
3
simplehttpserver
3
@cubejs-backend/api-gateway
3
mysql
3
blamer
3
slp-validate
3
@builder.io/qwik
3
ag-grid-community
3
apollo-server
3
ftp-srv
3
node-ipc
3
docsify
3
mathjs
3
snyk
3
highcharts
3
localhost-now
3
llhttp
3
lodash.defaultsdeep
3
mixme
3
@directus/api
3
agnai
3
nuxt
3
mxgraph
3
ses
3
notevil
3
locutus
3
n8n
3
ids-enterprise
3
fuxa-server
3
Filter by Repository