| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-34709 | Directus Lacks Session Tokens Invalidation | directus | directus | Medium | 5.4 | 2024-05-13 19:39:32 | Deep Dive |
| CVE-2024-34708 | Directus allows redacted data extraction on the API through "alias" | directus | directus | Medium | 4.9 | 2024-05-13 19:33:55 | Deep Dive |
| CVE-2024-28238 | Session Token in URL in directus | directus | directus | Low | 2.3 | 2024-03-12 20:24:28 | Deep Dive |
| CVE-2024-28239 | URL Redirection to Untrusted Site in OAuth2/OpenID in directus | directus | directus | Medium | 5.4 | 2024-03-12 20:23:38 | Deep Dive |
| CVE-2024-27296 | Directus version number disclosure | directus | directus | Medium | 5.3 | 2024-03-01 15:43:34 | Deep Dive |
| CVE-2024-27295 | Directus MySQL accent insensitive email matching | directus | directus | High | 8.2 | 2024-03-01 15:37:10 | Deep Dive |
| CVE-2023-45820 | Directus crashes on invalid WebSocket message | directus | directus | Medium | 5.9 | 2023-10-19 18:38:19 | Deep Dive |
| CVE-2023-38503 | Directus has Incorrect Permission Checking for GraphQL Subscriptions | directus | directus | Medium | 5.7 | 2023-07-25 22:06:00 | Deep Dive |
| CVE-2023-28443 | directus vulnerable to Insertion of Sensitive Information into Log File | directus | directus | Medium | 4.2 | 2023-03-23 23:13:58 | Deep Dive |
| CVE-2023-27481 | Extract password hashes through export querying in directus | directus | directus | Medium | 4.3 | 2023-03-07 18:20:53 | Deep Dive |
| CVE-2023-27474 | HTML Injection in Password Reset email to custom Reset URL in directus | directus | directus | High | 8.0 | 2023-03-06 16:43:55 | Deep Dive |
| CVE-2023-26492 | Directus vulnerable to Server-Side Request Forgery On File Import | directus | directus | Medium | 5.0 | 2023-03-03 21:49:02 | Deep Dive |
| CVE-2022-36031 | Unhandled exception on illegal filename_disk value | directus | directus | Medium | 6.5 | 2022-08-19 20:40:09 | Deep Dive |
| CVE-2022-23080 | directus - SSRF which leads to internal port scan | directus | directus | 中危 | - | 2022-06-22 15:40:11 | Deep Dive |
| CVE-2022-24814 | Cross-site Scripting in Directus | directus | directus | High | 8.8 | 2022-04-04 17:50:11 | Deep Dive |
| CVE-2022-22117 | Directus - Stored Cross-Site Scripting (XSS) in Profile Avatar Image | directus | directus | Medium | 5.4 | 2022-01-10 15:26:46 | Deep Dive |
| CVE-2022-22116 | Directus - Stored Cross-Site Scripting (XSS) via SVG File Upload | directus | directus | Medium | 5.4 | 2022-01-10 15:26:44 | Deep Dive |