Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

directus — Vulnerabilities & Security Advisories 57

All 57 CVE vulnerabilities found in directus, with AI-generated Chinese analysis, references, and POCs.

Vendor: directus

CVE IDTitleCVSSSeverityPublished
CVE-2024-47822 Directus inserts access token from query string into logs CWE-532 4.2 Medium2024-10-08
CVE-2024-46990 SSRF Loopback IP filter bypass in directus CWE-284 5.0 Medium2024-09-18
CVE-2024-45596 Directus's session is cached for OpenID and OAuth2 if `redirect` is not used CWE-524 7.4 High2024-09-10
CVE-2024-6534 Directus 10.13.0 - Insecure object reference via PATH presets CWE-639 4.3 Medium2024-08-15
CVE-2024-6533 Directus 10.13.0 - DOM-Based cross-site scripting (XSS) via layout_options CWE-79 5.4 Medium2024-08-15
CVE-2024-39896 Directus allows SSO User Enumeration CWE-200 7.5 High2024-07-08
CVE-2024-39895 Directus GraphQL Field Duplication Denial of Service (DoS) CWE-400 6.5 Medium2024-07-08
CVE-2024-39701 Directus Incorrectly handles _in` filter CWE-284 6.3 Medium2024-07-08
CVE-2024-39699 Directus has a Blind SSRF On File Import CWE-918 5.0 Medium2024-07-08
CVE-2024-36128 Directus is soft-locked by providing a string value to random string util CWE-754 7.5 High2024-06-03
CVE-2024-34709 Directus Lacks Session Tokens Invalidation CWE-613 5.4 Medium2024-05-13
CVE-2024-34708 Directus allows redacted data extraction on the API through "alias" CWE-200 4.9 Medium2024-05-13
CVE-2024-28238 Session Token in URL in directus CWE-200 2.3 Low2024-03-12
CVE-2024-28239 URL Redirection to Untrusted Site in OAuth2/OpenID in directus CWE-601 5.4 Medium2024-03-12
CVE-2024-27296 Directus version number disclosure CWE-200 5.3 Medium2024-03-01
CVE-2024-27295 Directus MySQL accent insensitive email matching CWE-706 8.2 High2024-03-01
CVE-2023-45820 Directus crashes on invalid WebSocket message CWE-755 5.9 Medium2023-10-19
CVE-2023-38503 Directus has Incorrect Permission Checking for GraphQL Subscriptions CWE-200 5.7 Medium2023-07-25
CVE-2023-28443 directus vulnerable to Insertion of Sensitive Information into Log File CWE-532 4.2 Medium2023-03-23
CVE-2023-27481 Extract password hashes through export querying in directus CWE-200 4.3 Medium2023-03-07
CVE-2023-27474 HTML Injection in Password Reset email to custom Reset URL in directus CWE-79 8.0 High2023-03-06
CVE-2023-26492 Directus vulnerable to Server-Side Request Forgery On File Import CWE-918 5.0 Medium2023-03-03
CVE-2022-36031 Unhandled exception on illegal filename_disk value CWE-755 6.5 Medium2022-08-19
CVE-2022-23080 directus - SSRF which leads to internal port scan CWE-918 5.0 -2022-06-22
CVE-2022-24814 Cross-site Scripting in Directus CWE-79 8.8 High2022-04-04
CVE-2022-22117 Directus - Stored Cross-Site Scripting (XSS) in Profile Avatar Image CWE-79 5.4 Medium2022-01-10
CVE-2022-22116 Directus - Stored Cross-Site Scripting (XSS) via SVG File Upload CWE-79 5.4 Medium2022-01-10

All 57 known CVE vulnerabilities affecting directus with full Chinese analysis, references, and POCs where available.