
@directus/api
npm · Directus is a real-time API and App dashboard for managing SQL database content · Repository · Package
Security Advisories for @directus/api in npm
Critical
about 1 month ago
Directus allows unauthenticated file upload and file modification due to lacking input sanitization
npm
@directus/api, directus
Low
6 months ago
Suspended Directus user can continue to use session token to access API
npm
@directus/types, @directus/api, directus
Moderate
7 months ago
Directus allows updates to non-allowed fields due to overlapping policies
npm
@directus/api, directus
High
10 months ago
Directus allows unauthenticated access to WebSocket events and operations
npm
@directus/api, directus
Moderate
about 1 year ago
Directus vulnerable to SSRF Loopback IP filter bypass
npm
@directus/api, directus
High
about 1 year ago
Session is cached for OpenID and OAuth2 if `redirect` is not used
npm
@directus/api, directus