Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

@directus/api

npm · Directus is a real-time API and App dashboard for managing SQL database content · Repository · Package

Security Advisories for @directus/api in npm

Critical
about 1 month ago

Directus allows unauthenticated file upload and file modification due to lacking input sanitization GSA_kwCzR0hTQS1tdjMzLTlmNmotcGZtY84ABLSw

npm @directus/api, directus
Moderate
6 months ago

Directus inserts access token from query string into logs GSA_kwCzR0hTQS12dzU4LXBoNjUtNnJ4cM4ABGvt

npm @directus/api
Low
6 months ago

Suspended Directus user can continue to use session token to access API GSA_kwCzR0hTQS01NnA2LXF3M2MtZnEyZ84ABF7-

npm @directus/types, @directus/api, directus
Moderate
7 months ago

Directus allows updates to non-allowed fields due to overlapping policies GSA_kwCzR0hTQS05OXZtLTV2MmgtaDZyNs4ABEoi

npm @directus/api, directus
High
10 months ago

Directus allows unauthenticated access to WebSocket events and operations GSA_kwCzR0hTQS04NDlyLXFyd2otOHJ2NM4ABCND

npm @directus/api, directus
Moderate
about 1 year ago

Directus vulnerable to SSRF Loopback IP filter bypass GSA_kwCzR0hTQS02OGc4LWMyNzUteGYybc4AA_rG

npm @directus/api, directus
High
about 1 year ago

Session is cached for OpenID and OAuth2 if `redirect` is not used GSA_kwCzR0hTQS1jZmY4LXg3anYtNGZtOM4AA_cb

npm @directus/api, directus
Moderate
about 1 year ago

Directus Blind SSRF On File Import GSA_kwCzR0hTQS04cDcyLXJjcTQtaDZwd84AA9n5

npm @directus/api

Filter by Severity

Moderate 4 High 2 Low 1 Critical 1