
@directus/api
Directus is a real-time API and App dashboard for managing SQL database content
Security Advisories for @directus/api in npm
Critical
2 months ago
Directus allows unauthenticated file upload and file modification due to lacking input sanitization
npm
@directus/api, directus
Low
7 months ago
Suspended Directus user can continue to use session token to access API
npm
@directus/types, @directus/api, directus
Moderate
8 months ago
Directus allows updates to non-allowed fields due to overlapping policies
npm
@directus/api, directus
High
11 months ago
Directus allows unauthenticated access to WebSocket events and operations
npm
@directus/api, directus
High
about 1 year ago
Session is cached for OpenID and OAuth2 if `redirect` is not used
npm
@directus/api, directus