Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

directus — Vulnerabilities & Security Advisories 57

Browse all 57 CVE security advisories affecting directus. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by directus:directus
CVE IDTitleCVSSSeverityPublished
CVE-2026-39943 Directus exposes sensitive fields in revision history — directusCWE-200 6.5 Medium2026-04-09
CVE-2026-39942 Directus has a Path Traversal and Broken Access Control in File Management API — directusCWE-284 8.5 High2026-04-09
CVE-2026-35442 Directus: Authenticated Users Can Extract Concealed Fields via Aggregate Queries — directusCWE-200 8.1 High2026-04-06
CVE-2026-35441 Directus Affected by GraphQL Alias Amplification Denial-of-Service Due to Missing Query Cost/Complexity Limits — directusCWE-400 6.5 Medium2026-04-06
CVE-2026-35413 Directus GraphQL Schema SDL Disclosure Setting — directusCWE-200 5.3 Medium2026-04-06
CVE-2026-35412 Directus has a TUS Upload Authorization Bypass Allows Arbitrary File Overwrite — directusCWE-863 7.1 High2026-04-06
CVE-2026-35411 Directus is an Open Redirect in Admin 2FA Setup Page — directusCWE-601 4.3 Medium2026-04-06
CVE-2026-35410 Directus has an Open Redirect via Parser Bypass in OAuth2/SAML Authentication Flow — directusCWE-184 6.1 Medium2026-04-06
CVE-2026-35409 Directus has a SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in File Import — directusCWE-918 7.7 High2026-04-06
CVE-2026-35408 Directus is Missing Cross-Origin Opener Policy — directusCWE-346 8.7 High2026-04-06
CVE-2026-26185 Directus Affected by User Enumeration via Password Reset Timing Attack — directusCWE-203 5.3 Medium2026-02-12
CVE-2026-22032 Directus has open redirect in SAML — directusCWE-601 4.3 Medium2026-01-08
CVE-2025-64749 Directus Vulnerable to Information Leakage in Existing Collections — directusCWE-203 4.3 Medium2025-11-13
CVE-2025-64748 Directus's conceal fields are searchable if read permissions enabled — directusCWE-201 6.5 Medium2025-11-13
CVE-2025-64747 Directus Vulnerable to Stored Cross-site Scripting — directusCWE-20 5.5 Medium2025-11-13
CVE-2025-64746 Directus has Improper Permission Handling on Deleted Fields — directusCWE-284 4.6 Medium2025-11-13
CVE-2025-55746 Directus allows unauthenticated file upload and file modification due to lacking input sanitization — directusCWE-73 9.3 Critical2025-08-20
CVE-2025-53889 Directus missing permission checks for manual trigger Flows — directusCWE-287 6.5 Medium2025-07-14
CVE-2025-53887 Directus's exact version number is exposed by the OpenAPI Spec — directusCWE-200 5.3 Medium2025-07-14
CVE-2025-53886 Directus doesn't redact tokens in Flow logs — directusCWE-200 4.5 Medium2025-07-14
CVE-2025-53885 Directus doesn't redact sensitive user data when logging via event hooks — directusCWE-532 4.2 Medium2025-07-14
CVE-2025-30353 Directus's webhook trigger flows can leak sensitive data — directusCWE-200 8.6 High2025-03-26
CVE-2025-30352 Directus `search` query parameter allows enumeration of non permitted fields — directusCWE-200 5.3 Medium2025-03-26
CVE-2025-30351 Suspended Directus user can continue to use session token to access API — directusCWE-672 3.5 Low2025-03-26
CVE-2025-30350 Directus's S3 assets become unavailable after a burst of HEAD requests — directusCWE-770 5.3 Medium2025-03-26
CVE-2025-30225 Directus's S3 assets become unavailable after a burst of malformed transformations — directusCWE-770 5.3 Medium2025-03-26
CVE-2025-27089 Overlapping policies allow update to non-allowed fields in directus — directusCWE-863 5.4 Medium2025-02-19
CVE-2025-24353 Directus privilege escalation vulnerability using Share feature — directusCWE-269 5.0 Medium2025-01-23
CVE-2024-54151 Directus allows unauthenticated access to WebSocket events and operations — directusCWE-200 7.5 High2024-12-09
CVE-2024-54128 Directus has an HTML Injection in Comment — directusCWE-80 5.7 Medium2024-12-05

This page lists every published CVE security advisory associated with directus. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.