npm
Security Advisories for https://github.com/directus/directus in npm Clear Filters
Critical
10 months ago
Directus allows unauthenticated file upload and file modification due to lacking input sanitization
npm
@directus/api, directus
Moderate
11 months ago
Directus' insufficient permission checks can enable unauthenticated users to manually trigger Flows
npm
directus
Moderate
11 months ago
Directus tokens are not redacted in flow logs, exposing session credentials to all admin
npm
directus
Moderate
11 months ago
Directus is vulnerable to sensitive data exposure as user data is not being redacted when logged
npm
directus
Moderate
about 1 year ago
Directus inserts access token from query string into logs
npm
@directus/api
Moderate
about 1 year ago
Directus `search` query parameter allows enumeration of non permitted fields
npm
directus
Low
about 1 year ago
Suspended Directus user can continue to use session token to access API
npm
@directus/types, @directus/api, directus
Moderate
about 1 year ago
Directus's S3 assets become unavailable after a burst of HEAD requests
npm
directus, @directus/storage-driver-s3
Moderate
about 1 year ago
Directus's S3 assets become unavailable after a burst of malformed transformations
npm
directus, @directus/storage-driver-s3
Moderate
over 1 year ago
Directus allows updates to non-allowed fields due to overlapping policies
npm
@directus/api, directus
Low
over 1 year ago
Directus has a DOM-Based cross-site scripting (XSS) via layout_options
npm
directus
High
over 1 year ago
Directus allows unauthenticated access to WebSocket events and operations
npm
@directus/api, directus
Moderate
over 1 year ago
Directus vulnerable to SSRF Loopback IP filter bypass
npm
@directus/api, directus
High
over 1 year ago
Session is cached for OpenID and OAuth2 if `redirect` is not used
npm
@directus/api, directus
High
almost 2 years ago
Directus GraphQL Field Duplication Denial of Service (DoS)
npm
@directus/env
High
almost 2 years ago
Directus is soft-locked by providing a string value to random string util
npm
directus
Moderate
about 2 years ago
Directus allows redacted data extraction on the API through "alias"
npm
directus
Moderate
about 2 years ago
URL Redirection to Untrusted Site in OAuth2/OpenID in directus
npm
directus
Moderate
about 3 years ago
directus vulnerable to Insertion of Sensitive Information into Log File
npm
directus
Moderate
about 3 years ago
Directus vulnerable to extraction of password hashes through export querying
npm
directus
High
about 3 years ago
directus vulnerable to HTML Injection in Password Reset email to custom Reset URL
npm
directus
Moderate
over 3 years ago
Directus vulnerable to Server-Side Request Forgery On File Import
npm
directus
Moderate
almost 4 years ago
Directus vulnerable to unhandled exception on illegal filename_disk value
npm
directus
High
about 4 years ago
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in directus
npm
directus
Filter by Severity
Filter by Package
openclaw
524
parse-server
109
flowise
86
n8n
80
directus
56
next
55
electron
47
vm2
43
nocodb
33
hono
31
axios
29
@anthropic-ai/claude-code
25
ghost
24
undici
22
@openzeppelin/contracts
21
@openzeppelin/contracts-upgradeable
21
vite
20
handlebars
18
dompurify
18
fuxa-server
18
astro
17
flowise-components
17
sequelize
17
@haxtheweb/haxcms-nodejs
16
tinymce
16
liquidjs
15
ckeditor4
15
jspdf
15
node-forge
15
swagger-ui
14
tar
14
angular
14
@sveltejs/kit
14
svelte
14
jsrsasign
14
joplin
14
nodebb
14
@nyariv/sandboxjs
14
signalk-server
13
marked
13
systeminformation
13
apostrophe
13
protobufjs
12
better-auth
12
strapi
12
matrix-js-sdk
12
@evershop/evershop
12
@directus/api
12
react-router
12
pnpm
12
clawdbot
11
TinyMCE
11
@oneuptime/common
11
renovate
11
mermaid
11
sillytavern
11
tinymce/tinymce
11
fast-xml-parser
11
electerm
11
@strapi/strapi
11
uptime-kuma
11
@lobehub/chat
11
validator
10
lodash
10
payload
10
next-auth
10
open-webui
10
fastify
10
bootstrap
10
sanitize-html
10
h3
10
matrix-appservice-irc
9
@budibase/server
9
@saltcorn/server
9
serve
9
matrix-react-sdk
9
shescape
9
n8n-mcp
9
elliptic
9
locutus
8
nuxt
8
@paperclipai/server
8
@builder.io/qwik-city
8
url-parse
8
xmldom
8
editor.md
8
@backstage/plugin-scaffolder-backend
8
devalue
8
vega
8
@strapi/plugin-users-permissions
8
urijs
8
fast-jwt
8
mongoose
8
steal
8
trix
8
npm
8
multer
7
react-server-dom-parcel
7
mattermost-desktop
7
react-server-dom-turbopack
7
jquery-ui
7
hapi
7
tarteaucitronjs
7
@astrojs/node
7
studiocms
7
total.js
7
qs
7
lodash-es
7
simple-git
7
jQuery.UI.Combined
7
org.webjars.npm:jquery-ui
7
snyk-broker
7
@vitejs/plugin-rsc
7
express-cart
7
@auth0/nextjs-auth0
7
react-server-dom-webpack
7
nodemailer
7
hermes-engine
7
@xmldom/xmldom
7
ws
6
safe-eval
6
parse-url
6
@fedify/fedify
6
@angular/ssr
6
prismjs
6
openpgp
6
open-webui
6
@evomap/evolver
6
@tinacms/cli
6
@keystone-6/core
6
aaptjs
6
@frangoteam/fuxa
6
rsshub
6
xlsx
5
budibase
5
express
5
lodash-amd
5
basic-ftp
5
katex
5
total4
5
convict
5
seroval
5
vditor
5
koa
5
yarn
5
path-to-regexp
5
aws-cdk-lib
5
rendertron
5
@samanhappy/mcphub
5
dojo
5
@tinacms/graphql
5
jQuery
5
public
5
apollo-server-core
5
ua-parser-js
5
@apollo/server
5
@perfood/couch-auth
5
happy-dom
5
@grackle-ai/server
5
vega-functions
5
oneuptime
5
@apollo/gateway
5
keystone
5
minimatch
5
sweetalert2
5
@steipete/summarize
5
@actual-app/sync-server
5
jquery
5
mathjs
5
ejs
5
passport-wsfed-saml2
5
mysql2
5
auth0-js
5
serialize-javascript
5
follow-redirects
5
erxes
4
tar-fs
4
mongosh
4
moment
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
@intlify/vue-i18n-core
4
yui
4
safer-eval
4
snyk
4
@feathersjs/authentication-oauth
4
yapi-vendor
4
typeorm
4
@vendure/core
4
libxmljs
4
jquery-validation
4
@node-saml/node-saml
4
xml-crypto
4
@hono/node-server
4
@angular/core
4
materialize-css
4
aws-iot-device-sdk-v2
4
auth0-lock
4
@clerk/nextjs
4
ses
4
@hulumi/policies
4
Filter by Repository
https://github.com/directus/directus
41
https://github.com/parse-community/parse-server
34
https://github.com/electron/electron
28
https://github.com/FlowiseAI/Flowise
28
https://github.com/strapi/strapi
28
https://github.com/vercel/next.js
25
https://github.com/OpenZeppelin/openzeppelin-contracts
21
https://github.com/backstage/backstage
19
https://github.com/sequelize/sequelize
16
https://github.com/tinymce/tinymce
16
https://github.com/vitejs/vite
16
https://github.com/nodejs/undici
15
https://github.com/TryGhost/Ghost
14
https://github.com/ckeditor/ckeditor4
14
https://github.com/laurent22/joplin
13
https://github.com/swagger-api/swagger-ui
13
https://github.com/patriksimek/vm2
12
https://github.com/n8n-io/n8n
12
https://github.com/NodeBB/NodeBB
12
https://github.com/matrix-org/matrix-js-sdk
12
https://github.com/keystonejs/keystone
11
https://github.com/nocodb/nocodb
11
https://github.com/nextauthjs/next-auth
11
https://github.com/anthropics/claude-code
10
https://github.com/VulnSageAgent/PoCs
10
https://github.com/louislam/uptime-kuma
10
https://github.com/matrix-org/matrix-appservice-irc
9
https://github.com/matrix-org/matrix-react-sdk
9
https://github.com/withastro/astro
9
https://github.com/evershopcommerce/evershop
9
https://github.com/sebhildebrandt/systeminformation
9
https://github.com/haxtheweb/issues
9
https://github.com/stealjs/steal
8
https://github.com/indutny/elliptic
8
https://github.com/cure53/DOMPurify
8
https://github.com/apollographql/apollo-server
8
https://github.com/vega/vega
8
https://github.com/digitalbazaar/forge
8
https://github.com/lobehub/lobe-chat
8
https://github.com/honojs/hono
8
https://github.com/nuxt/nuxt
8
https://github.com/ericcornelissen/shescape
8
https://github.com/kjur/jsrsasign
8
https://github.com/pandao/editor.md
8
https://github.com/twbs/bootstrap
7
https://github.com/axios/axios
7
https://github.com/lodash/lodash
7
https://github.com/unshiftio/url-parse
7
https://github.com/jquery/jquery
7
https://github.com/saltcorn/saltcorn
7
https://github.com/aws/aws-cdk
7
https://github.com/better-auth/better-auth
6
https://github.com/eclipse-theia/theia
6
https://github.com/npm/node-tar
6
https://github.com/markedjs/marked
6
https://github.com/sveltejs/kit
6
https://github.com/shenzhim/aaptjs
6
https://github.com/ionicabizau/parse-url
6
https://github.com/openpgpjs/openpgpjs
6
https://github.com/apostrophecms/sanitize-html
6
https://github.com/totaljs/framework
6
https://github.com/DIYgod/RSSHub
6
https://github.com/jquery/jquery-ui
6
https://github.com/facebook/hermes
6
https://github.com/panva/jose
6
https://github.com/ckeditor/ckeditor5
6
https://github.com/faisalman/ua-parser-js
5
https://github.com/KaTeX/KaTeX
5
https://github.com/Automattic/mongoose
5
https://github.com/PrismJS/prism
5
https://github.com/handlebars-lang/handlebars.js
5
https://github.com/auth0/passport-wsfed-saml2
5
https://github.com/npm/cli
5
https://github.com/BlackFan/client-side-prototype-pollution
5
https://github.com/cloudflare/workers-sdk
5
https://github.com/mermaid-js/mermaid
5
https://github.com/fastify/fastify
5
https://github.com/basecamp/trix
5
https://github.com/hacksparrow/safe-eval
5
https://github.com/AmauriC/tarteaucitron.js
5
https://github.com/sidorares/node-mysql2
5
https://github.com/sweetalert2/sweetalert2
5
https://github.com/GoogleChrome/rendertron
5
https://github.com/gatsbyjs/gatsby
5
https://github.com/Ylianst/MeshCentral
4
https://github.com/ofirdagan/cross-domain-local-storage
4
https://github.com/follow-redirects/follow-redirects
4
https://github.com/mde/ejs
4
https://github.com/yarnpkg/yarn
4
https://github.com/jhipster/generator-jhipster
4
https://github.com/hapijs/hapi
4
https://github.com/open-webui/open-webui
4
https://github.com/auth0/nextjs-auth0
4
https://github.com/vendure-ecommerce/vendure
4
https://github.com/getsentry/sentry-javascript
4
https://github.com/websockets/ws
4
https://github.com/NaturalIntelligence/fast-xml-parser
4
https://github.com/Dogfalo/materialize
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/angular/angular.js
4
https://github.com/intlify/vue-i18n
4
https://github.com/xCss/Valine
4
https://github.com/pnpm/pnpm
4
https://github.com/mafintosh/tar-fs
4
https://github.com/expressjs/multer
4
https://github.com/medialize/URI.js
4
https://github.com/typeorm/typeorm
4
https://github.com/balderdashy/sails
4
https://github.com/auth0/lock
4
https://github.com/finos/git-proxy
4
https://github.com/expressjs/express
4
https://github.com/socketio/engine.io
4
https://github.com/medialize/uri.js
4
https://github.com/nodemailer/nodemailer
4
https://github.com/node-saml/node-saml
4
https://github.com/erxes/erxes
4
https://github.com/node-opcua/node-opcua
4
https://github.com/jquery-validation/jquery-validation
4
https://github.com/koajs/koa
4
https://github.com/steveukx/git-js
4
https://github.com/auth0/node-jsonwebtoken
4
https://github.com/jonschlinkert/remarkable
4
https://github.com/payloadcms/payload
4
https://github.com/npm/npm
4
https://github.com/clientIO/joint
3
https://github.com/renovatebot/renovate
3
https://github.com/beerpwn/CVE
3
https://github.com/cloudhead/node-static
3
https://github.com/libxmljs/libxmljs
3
https://github.com/webpack/webpack-dev-server
3
https://github.com/gruntjs/grunt
3
https://github.com/dwisiswant0/advisory
3
https://github.com/feathersjs-ecosystem/feathers-sequelize
3
https://github.com/facebook/react
3
https://github.com/webpack/loader-utils
3
https://github.com/Marak/colors.js
3
https://github.com/plone/volto
3
https://github.com/jfhbrook/node-ecstatic
3
https://github.com/dojo/dojox
3
https://github.com/chjj/marked
3
https://github.com/salesforce/tough-cookie
3
https://github.com/simpleledger/slpjs
3
https://github.com/vriteio/vrite
3
https://github.com/hapijs/subtext
3
https://github.com/snyk/cli
3
https://github.com/agnaistic/agnai
3
https://github.com/zestedesavoir/zmarkdown
3
https://github.com/RIAEvangelist/node-ipc
3
https://github.com/xmldom/xmldom
3
https://github.com/dojo/dojo
3
https://github.com/infor-design/enterprise-ng
3
https://github.com/YMFE/yapi
3
https://github.com/HackAllSec/CVEs
3
https://github.com/nestjs/nest
3
https://github.com/mariocasciaro/object-path
3
https://github.com/moment/moment
3
https://github.com/endojs/endo
3
https://github.com/eladnava/mailgen
3
https://github.com/jasonraimondi/url-to-png
3
https://github.com/transloadit/uppy
3
https://github.com/chimurai/http-proxy-middleware
3
https://github.com/mongo-express/mongo-express
3
https://github.com/mozilla/node-convict
3
https://github.com/josdejong/mathjs
3
https://github.com/ag-grid/ag-grid
3
https://github.com/adaltas/node-mixme
3
https://github.com/skoranga/node-dns-sync
3
https://github.com/cisco/node-jose
3
https://github.com/socketio/socket.io-parser
3
https://github.com/jarofghosts/glance
3
https://github.com/postcss/postcss
3
https://github.com/neocotic/convert-svg
3
https://github.com/capricorn86/happy-dom
3
https://github.com/highcharts/highcharts
3
https://github.com/udecode/plate
3
https://github.com/validatorjs/validator.js
3
https://github.com/zeit/next.js
3
https://github.com/remix-run/react-router
3
https://github.com/fastify/fastify-multipart
3
https://github.com/thlorenz/browserify-shim
3
https://github.com/manuelstofer/json-pointer
3
https://github.com/yahoo/serialize-javascript
3
https://github.com/nasa/openmct
3
https://github.com/apostrophecms/apostrophe
3
https://github.com/Escape-Technologies/graphql-armor
3
https://github.com/MrRio/jsPDF
3
https://github.com/nodejs/llhttp
3
https://github.com/apollographql/federation
3
https://github.com/node-saml/xml-crypto
3
https://github.com/peerigon/angular-expressions
3
https://github.com/snowflakedb/snowflake-connector-nodejs
3
https://github.com/kujirahand/nadesiko3
3
https://github.com/ChainSafe/lodestar
3
https://github.com/actions/toolkit
3
https://github.com/lukeed/dset
3
https://github.com/docsifyjs/docsify
3
https://github.com/koush/scrypted
3
https://github.com/vanessa219/vditor
3
https://github.com/soketi/soketi
3