@directus/api
Directus is a real-time API and App dashboard for managing SQL database content
Moderate Security Advisories for @directus/api in npm Clear Filters
Moderate
5 months ago
Directus Vulnerable to User Enumeration via Password Reset Timing Attack
npm
@directus/api, directus
Moderate
8 months ago
Directus Vulnerable to Information Leakage in Existing Collections
npm
@directus/api, directus
Moderate
8 months ago
Directus's conceal fields are searchable if read permissions enabled
npm
@directus/api, directus
Potential
Moderate
12 months ago
Directus' insufficient permission checks can enable unauthenticated users to manually trigger Flows
npm
directus
Potential
Potential
Moderate
12 months ago
Directus tokens are not redacted in flow logs, exposing session credentials to all admin
npm
directus
Potential
Moderate
12 months ago
Directus is vulnerable to sensitive data exposure as user data is not being redacted when logged
npm
directus
Moderate
about 1 year ago
Directus inserts access token from query string into logs
npm
@directus/api
Potential
Moderate
over 1 year ago
Directus `search` query parameter allows enumeration of non permitted fields
npm
directus
Potential
Moderate
over 1 year ago
Directus's S3 assets become unavailable after a burst of HEAD requests
npm
directus, @directus/storage-driver-s3
Potential
Moderate
over 1 year ago
Directus's S3 assets become unavailable after a burst of malformed transformations
npm
directus, @directus/storage-driver-s3
Moderate
over 1 year ago
Directus allows updates to non-allowed fields due to overlapping policies
npm
@directus/api, directus
Potential
Potential
Moderate
almost 2 years ago
Directus vulnerable to SSRF Loopback IP filter bypass
npm
@directus/api, directus
Potential
Potential
Potential
Moderate
about 2 years ago
Directus allows redacted data extraction on the API through "alias"
npm
directus
Potential
Moderate
over 2 years ago
URL Redirection to Untrusted Site in OAuth2/OpenID in directus
npm
directus
Potential
Potential
Potential
Moderate
over 3 years ago
directus vulnerable to Insertion of Sensitive Information into Log File
npm
directus
Potential
Moderate
over 3 years ago
Directus vulnerable to extraction of password hashes through export querying
npm
directus
Potential
Moderate
over 3 years ago
Directus vulnerable to Server-Side Request Forgery On File Import
npm
directus
Potential
Moderate
almost 4 years ago
Directus vulnerable to unhandled exception on illegal filename_disk value
npm
directus
Potential