npm
Security Advisories for https://github.com/directus/directus in npm Clear Filters
Critical
10 months ago
Directus allows unauthenticated file upload and file modification due to lacking input sanitization
npm
@directus/api, directus
Moderate
11 months ago
Directus' insufficient permission checks can enable unauthenticated users to manually trigger Flows
npm
directus
Moderate
11 months ago
Directus tokens are not redacted in flow logs, exposing session credentials to all admin
npm
directus
Moderate
11 months ago
Directus is vulnerable to sensitive data exposure as user data is not being redacted when logged
npm
directus
Moderate
about 1 year ago
Directus inserts access token from query string into logs
npm
@directus/api
Moderate
about 1 year ago
Directus `search` query parameter allows enumeration of non permitted fields
npm
directus
Low
about 1 year ago
Suspended Directus user can continue to use session token to access API
npm
directus
Moderate
about 1 year ago
Directus's S3 assets become unavailable after a burst of HEAD requests
npm
directus, @directus/storage-driver-s3
Moderate
about 1 year ago
Directus's S3 assets become unavailable after a burst of malformed transformations
npm
directus, @directus/storage-driver-s3
Moderate
over 1 year ago
Directus allows updates to non-allowed fields due to overlapping policies
npm
@directus/api, directus
Low
over 1 year ago
Directus has a DOM-Based cross-site scripting (XSS) via layout_options
npm
directus
High
over 1 year ago
Directus allows unauthenticated access to WebSocket events and operations
npm
@directus/api, directus
Moderate
over 1 year ago
Directus vulnerable to SSRF Loopback IP filter bypass
npm
@directus/api, directus
High
over 1 year ago
Session is cached for OpenID and OAuth2 if `redirect` is not used
npm
@directus/api, directus
High
almost 2 years ago
Directus GraphQL Field Duplication Denial of Service (DoS)
npm
@directus/env
High
about 2 years ago
Directus is soft-locked by providing a string value to random string util
npm
directus
Moderate
about 2 years ago
Directus allows redacted data extraction on the API through "alias"
npm
directus
Moderate
about 2 years ago
URL Redirection to Untrusted Site in OAuth2/OpenID in directus
npm
directus
Moderate
about 3 years ago
directus vulnerable to Insertion of Sensitive Information into Log File
npm
directus
Moderate
over 3 years ago
Directus vulnerable to extraction of password hashes through export querying
npm
directus
High
over 3 years ago
directus vulnerable to HTML Injection in Password Reset email to custom Reset URL
npm
directus
Moderate
over 3 years ago
Directus vulnerable to Server-Side Request Forgery On File Import
npm
directus
Moderate
almost 4 years ago
Directus vulnerable to unhandled exception on illegal filename_disk value
npm
directus
High
about 4 years ago
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in directus
npm
directus
Filter by Severity
Filter by Package
openclaw
524
parse-server
109
flowise
86
n8n
80
directus
56
next
55
nocodb
49
electron
46
vm2
43
hono
35
axios
33
@anthropic-ai/claude-code
25
ghost
24
undici
22
@openzeppelin/contracts
21
fuxa-server
21
@openzeppelin/contracts-upgradeable
21
tinymce
20
vite
20
dompurify
18
handlebars
18
flowise-components
17
sequelize
17
astro
17
@haxtheweb/haxcms-nodejs
16
ckeditor4
15
node-forge
15
tinymce/tinymce
15
jspdf
15
liquidjs
15
TinyMCE
15
@sveltejs/kit
14
tar
14
@nyariv/sandboxjs
14
jsrsasign
14
svelte
14
swagger-ui
14
nodebb
14
joplin
14
angular
14
react-router
13
marked
13
signalk-server
13
systeminformation
13
better-auth
13
apostrophe
13
matrix-js-sdk
12
@evershop/evershop
12
strapi
12
pnpm
12
@directus/api
12
protobufjs
12
@oneuptime/common
11
renovate
11
@lobehub/chat
11
uptime-kuma
11
fast-xml-parser
11
clawdbot
11
electerm
11
sillytavern
11
@strapi/strapi
11
mermaid
11
h3
10
next-auth
10
validator
10
bootstrap
10
sanitize-html
10
fastify
10
open-webui
10
lodash
10
payload
10
elliptic
9
@saltcorn/server
9
matrix-react-sdk
9
matrix-appservice-irc
9
serve
9
@budibase/server
9
n8n-mcp
9
shescape
9
editor.md
8
trix
8
urijs
8
@paperclipai/server
8
steal
8
xmldom
8
devalue
8
fast-jwt
8
mongoose
8
nuxt
8
@strapi/plugin-users-permissions
8
vega
8
@backstage/plugin-scaffolder-backend
8
@builder.io/qwik-city
8
locutus
8
url-parse
8
npm
8
tarteaucitronjs
7
hapi
7
jQuery.UI.Combined
7
qs
7
@auth0/nextjs-auth0
7
hermes-engine
7
lodash-es
7
@xmldom/xmldom
7
snyk-broker
7
react-server-dom-parcel
7
react-server-dom-webpack
7
total.js
7
react-server-dom-turbopack
7
jquery-ui
7
studiocms
7
multer
7
@astrojs/node
7
nodemailer
7
@vitejs/plugin-rsc
7
express-cart
7
mattermost-desktop
7
simple-git
7
org.webjars.npm:jquery-ui
7
openpgp
6
@fedify/fedify
6
@evomap/evolver
6
ws
6
@frangoteam/fuxa
6
@keystone-6/core
6
@angular/ssr
6
safe-eval
6
open-webui
6
parse-url
6
prismjs
6
rsshub
6
@tinacms/cli
6
aaptjs
6
yarn
5
ejs
5
oneuptime
5
serialize-javascript
5
budibase
5
convict
5
vditor
5
jquery
5
total4
5
@grackle-ai/server
5
express
5
@steipete/summarize
5
basic-ftp
5
@actual-app/sync-server
5
minimatch
5
path-to-regexp
5
seroval
5
@apollo/gateway
5
lodash-amd
5
@apollo/server
5
passport-wsfed-saml2
5
mysql2
5
@perfood/couch-auth
5
follow-redirects
5
koa
5
@tinacms/graphql
5
ua-parser-js
5
jQuery
5
mathjs
5
@samanhappy/mcphub
5
rendertron
5
happy-dom
5
public
5
auth0-js
5
apollo-server-core
5
dojo
5
keystone
5
mcp-server-kubernetes
5
aws-cdk-lib
5
sweetalert2
5
bootstrap
5
katex
5
froala-editor
4
@budibase/backend-core
4
mercurius
4
jsonwebtoken
4
@finos/git-proxy
4
muhammara
4
@strapi/admin
4
postcss
4
mongo-express
4
meshcentral
4
auth0-lock
4
unhead
4
webpack-dev-server
4
@intlify/vue-i18n-core
4
@backstage/plugin-techdocs-node
4
realms-shim
4
@fastify/middie
4
@hono/node-server
4
webpack
4
wrangler
4
elysia
4
ecstatic
4
psitransfer
4
engine.io
4
snyk
4
Filter by Repository
https://github.com/directus/directus
41
https://github.com/parse-community/parse-server
34
https://github.com/strapi/strapi
28
https://github.com/FlowiseAI/Flowise
28
https://github.com/electron/electron
28
https://github.com/vercel/next.js
25
https://github.com/OpenZeppelin/openzeppelin-contracts
21
https://github.com/backstage/backstage
19
https://github.com/tinymce/tinymce
16
https://github.com/sequelize/sequelize
16
https://github.com/vitejs/vite
16
https://github.com/nodejs/undici
15
https://github.com/TryGhost/Ghost
14
https://github.com/ckeditor/ckeditor4
14
https://github.com/swagger-api/swagger-ui
13
https://github.com/laurent22/joplin
13
https://github.com/matrix-org/matrix-js-sdk
12
https://github.com/patriksimek/vm2
12
https://github.com/NodeBB/NodeBB
12
https://github.com/n8n-io/n8n
12
https://github.com/nocodb/nocodb
11
https://github.com/nextauthjs/next-auth
11
https://github.com/keystonejs/keystone
11
https://github.com/louislam/uptime-kuma
10
https://github.com/anthropics/claude-code
10
https://github.com/VulnSageAgent/PoCs
10
https://github.com/haxtheweb/issues
9
https://github.com/evershopcommerce/evershop
9
https://github.com/sebhildebrandt/systeminformation
9
https://github.com/matrix-org/matrix-appservice-irc
9
https://github.com/matrix-org/matrix-react-sdk
9
https://github.com/withastro/astro
9
https://github.com/pandao/editor.md
8
https://github.com/indutny/elliptic
8
https://github.com/ericcornelissen/shescape
8
https://github.com/apollographql/apollo-server
8
https://github.com/stealjs/steal
8
https://github.com/cure53/DOMPurify
8
https://github.com/digitalbazaar/forge
8
https://github.com/kjur/jsrsasign
8
https://github.com/honojs/hono
8
https://github.com/vega/vega
8
https://github.com/lobehub/lobe-chat
8
https://github.com/nuxt/nuxt
8
https://github.com/axios/axios
7
https://github.com/lodash/lodash
7
https://github.com/jquery/jquery
7
https://github.com/twbs/bootstrap
7
https://github.com/aws/aws-cdk
7
https://github.com/saltcorn/saltcorn
7
https://github.com/unshiftio/url-parse
7
https://github.com/markedjs/marked
6
https://github.com/DIYgod/RSSHub
6
https://github.com/shenzhim/aaptjs
6
https://github.com/jquery/jquery-ui
6
https://github.com/facebook/hermes
6
https://github.com/apostrophecms/sanitize-html
6
https://github.com/totaljs/framework
6
https://github.com/ionicabizau/parse-url
6
https://github.com/panva/jose
6
https://github.com/sveltejs/kit
6
https://github.com/npm/node-tar
6
https://github.com/better-auth/better-auth
6
https://github.com/eclipse-theia/theia
6
https://github.com/openpgpjs/openpgpjs
6
https://github.com/ckeditor/ckeditor5
6
https://github.com/sweetalert2/sweetalert2
5
https://github.com/cloudflare/workers-sdk
5
https://github.com/handlebars-lang/handlebars.js
5
https://github.com/BlackFan/client-side-prototype-pollution
5
https://github.com/GoogleChrome/rendertron
5
https://github.com/AmauriC/tarteaucitron.js
5
https://github.com/faisalman/ua-parser-js
5
https://github.com/fastify/fastify
5
https://github.com/basecamp/trix
5
https://github.com/Automattic/mongoose
5
https://github.com/auth0/passport-wsfed-saml2
5
https://github.com/KaTeX/KaTeX
5
https://github.com/PrismJS/prism
5
https://github.com/mermaid-js/mermaid
5
https://github.com/sidorares/node-mysql2
5
https://github.com/gatsbyjs/gatsby
5
https://github.com/npm/cli
5
https://github.com/hacksparrow/safe-eval
5
https://github.com/hapijs/hapi
4
https://github.com/yarnpkg/yarn
4
https://github.com/nodemailer/nodemailer
4
https://github.com/Dogfalo/materialize
4
https://github.com/typeorm/typeorm
4
https://github.com/finos/git-proxy
4
https://github.com/open-webui/open-webui
4
https://github.com/websockets/ws
4
https://github.com/auth0/nextjs-auth0
4
https://github.com/ofirdagan/cross-domain-local-storage
4
https://github.com/medialize/URI.js
4
https://github.com/NaturalIntelligence/fast-xml-parser
4
https://github.com/steveukx/git-js
4
https://github.com/auth0/node-jsonwebtoken
4
https://github.com/socketio/engine.io
4
https://github.com/koajs/koa
4
https://github.com/vendure-ecommerce/vendure
4
https://github.com/payloadcms/payload
4
https://github.com/getsentry/sentry-javascript
4
https://github.com/Ylianst/MeshCentral
4
https://github.com/mafintosh/tar-fs
4
https://github.com/jhipster/generator-jhipster
4
https://github.com/mde/ejs
4
https://github.com/npm/npm
4
https://github.com/expressjs/multer
4
https://github.com/medialize/uri.js
4
https://github.com/jonschlinkert/remarkable
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/expressjs/express
4
https://github.com/follow-redirects/follow-redirects
4
https://github.com/node-saml/node-saml
4
https://github.com/xCss/Valine
4
https://github.com/auth0/lock
4
https://github.com/jquery-validation/jquery-validation
4
https://github.com/intlify/vue-i18n
4
https://github.com/erxes/erxes
4
https://github.com/angular/angular.js
4
https://github.com/pnpm/pnpm
4
https://github.com/balderdashy/sails
4
https://github.com/node-opcua/node-opcua
4
https://github.com/node-saml/xml-crypto
3
https://github.com/immerjs/immer
3
https://github.com/koush/scrypted
3
https://github.com/highcharts/highcharts
3
https://github.com/Escape-Technologies/graphql-armor
3
https://github.com/jarofghosts/glance
3
https://github.com/chimurai/http-proxy-middleware
3
https://github.com/josdejong/mathjs
3
https://github.com/docsifyjs/docsify
3
https://github.com/mozilla/node-convict
3
https://github.com/transloadit/uppy
3
https://github.com/snowflakedb/snowflake-connector-nodejs
3
https://github.com/facebook/react
3
https://github.com/vriteio/vrite
3
https://github.com/plone/volto
3
https://github.com/RIAEvangelist/node-ipc
3
https://github.com/fastify/fastify-multipart
3
https://github.com/gruntjs/grunt
3
https://github.com/cisco/node-jose
3
https://github.com/skoranga/node-dns-sync
3
https://github.com/socketio/socket.io-parser
3
https://github.com/ChainSafe/lodestar
3
https://github.com/soketi/soketi
3
https://github.com/chjj/marked
3
https://github.com/hapijs/subtext
3
https://github.com/snyk/cli
3
https://github.com/simpleledger/slpjs
3
https://github.com/nestjs/nest
3
https://github.com/jfhbrook/node-ecstatic
3
https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable
3
https://github.com/HackAllSec/CVEs
3
https://github.com/feathersjs-ecosystem/feathers-sequelize
3
https://github.com/zcaceres/markdownify-mcp
3
https://github.com/apollographql/federation
3
https://github.com/neocotic/convert-svg
3
https://github.com/remix-run/react-router
3
https://github.com/yahoo/serialize-javascript
3
https://github.com/apostrophecms/apostrophe
3
https://github.com/xmldom/xmldom
3
https://github.com/udecode/plate
3
https://github.com/Marak/colors.js
3
https://github.com/webpack/webpack-dev-server
3
https://github.com/libxmljs/libxmljs
3
https://github.com/clientIO/joint
3
https://github.com/vanessa219/vditor
3
https://github.com/ag-grid/ag-grid
3
https://github.com/dwisiswant0/advisory
3
https://github.com/zeit/next.js
3
https://github.com/eladnava/mailgen
3
https://github.com/mongodb/js-bson
3
https://github.com/zestedesavoir/zmarkdown
3
https://github.com/node-fetch/node-fetch
3
https://github.com/agnaistic/agnai
3
https://github.com/dojo/dojo
3
https://github.com/actions/toolkit
3
https://github.com/infor-design/enterprise-ng
3
https://github.com/dojo/dojox
3
https://github.com/mariocasciaro/object-path
3
https://github.com/nodejs/llhttp
3
https://github.com/MrRio/jsPDF
3
https://github.com/socketio/socket.io
3
https://github.com/lukeed/dset
3
https://github.com/validatorjs/validator.js
3
https://github.com/mongo-express/mongo-express
3
https://github.com/capricorn86/happy-dom
3
https://github.com/postcss/postcss
3
https://github.com/endojs/endo
3
https://github.com/beerpwn/CVE
3
https://github.com/YMFE/yapi
3
https://github.com/salesforce/tough-cookie
3
https://github.com/adaltas/node-mixme
3
https://github.com/thlorenz/browserify-shim
3
https://github.com/renovatebot/renovate
3
https://github.com/cloudhead/node-static
3
https://github.com/mozilla/pdf.js
3