directus
npm · Directus is a real-time API and App dashboard for managing SQL database content · Repository · Package
Security Advisories for directus in npm
Critical
about 1 month ago
Directus allows unauthenticated file upload and file modification due to lacking input sanitization
npm
@directus/api, directus
Moderate
3 months ago
Directus' insufficient permission checks can enable unauthenticated users to manually trigger Flows
npm
directus
Moderate
3 months ago
Directus tokens are not redacted in flow logs, exposing session credentials to all admin
npm
directus
Moderate
3 months ago
Directus is vulnerable to sensitive data exposure as user data is not being redacted when logged
npm
directus
Moderate
6 months ago
Directus `search` query parameter allows enumeration of non permitted fields
npm
directus
Low
6 months ago
Suspended Directus user can continue to use session token to access API
npm
@directus/types, @directus/api, directus
Moderate
6 months ago
Directus's S3 assets become unavailable after a burst of HEAD requests
npm
directus, @directus/storage-driver-s3
Moderate
6 months ago
Directus's S3 assets become unavailable after a burst of malformed transformations
npm
directus, @directus/storage-driver-s3
Moderate
7 months ago
Directus allows updates to non-allowed fields due to overlapping policies
npm
@directus/api, directus
Low
8 months ago
Directus has a DOM-Based cross-site scripting (XSS) via layout_options
npm
directus
High
10 months ago
Directus allows unauthenticated access to WebSocket events and operations
npm
@directus/api, directus
Moderate
about 1 year ago
Directus vulnerable to SSRF Loopback IP filter bypass
npm
@directus/api, directus
High
about 1 year ago
Session is cached for OpenID and OAuth2 if `redirect` is not used
npm
@directus/api, directus
High
over 1 year ago
Directus is soft-locked by providing a string value to random string util
npm
directus
Moderate
over 1 year ago
Directus allows redacted data extraction on the API through "alias"
npm
directus
Moderate
over 1 year ago
URL Redirection to Untrusted Site in OAuth2/OpenID in directus
npm
directus
Moderate
over 2 years ago
directus vulnerable to Insertion of Sensitive Information into Log File
npm
directus
Moderate
over 2 years ago
Directus vulnerable to extraction of password hashes through export querying
npm
directus
High
over 2 years ago
directus vulnerable to HTML Injection in Password Reset email to custom Reset URL
npm
directus
Moderate
over 2 years ago
Directus vulnerable to Server-Side Request Forgery On File Import
npm
directus
Moderate
about 3 years ago
Directus vulnerable to unhandled exception on illegal filename_disk value
npm
directus
High
over 3 years ago
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in directus
npm
directus