Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

directus — Vulnerabilities & Security Advisories 57

Browse all 57 CVE security advisories affecting directus. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by directus:directus
CVE IDTitleCVSSSeverityPublished
CVE-2024-47822 Directus inserts access token from query string into logs — directusCWE-532 4.2 Medium2024-10-08
CVE-2024-46990 SSRF Loopback IP filter bypass in directus — directusCWE-284 5.0 Medium2024-09-18
CVE-2024-45596 Directus's session is cached for OpenID and OAuth2 if `redirect` is not used — directusCWE-524 7.4 High2024-09-10
CVE-2024-6534 Directus 10.13.0 - Insecure object reference via PATH presets — DirectusCWE-639 4.3 Medium2024-08-15
CVE-2024-6533 Directus 10.13.0 - DOM-Based cross-site scripting (XSS) via layout_options — DirectusCWE-79 5.4 Medium2024-08-15
CVE-2024-39896 Directus allows SSO User Enumeration — directusCWE-200 7.5 High2024-07-08
CVE-2024-39895 Directus GraphQL Field Duplication Denial of Service (DoS) — directusCWE-400 6.5 Medium2024-07-08
CVE-2024-39701 Directus Incorrectly handles _in` filter — directusCWE-284 6.3 Medium2024-07-08
CVE-2024-39699 Directus has a Blind SSRF On File Import — directusCWE-918 5.0 Medium2024-07-08
CVE-2024-36128 Directus is soft-locked by providing a string value to random string util — directusCWE-754 7.5 High2024-06-03
CVE-2024-34709 Directus Lacks Session Tokens Invalidation — directusCWE-613 5.4 Medium2024-05-13
CVE-2024-34708 Directus allows redacted data extraction on the API through "alias" — directusCWE-200 4.9 Medium2024-05-13
CVE-2024-28238 Session Token in URL in directus — directusCWE-200 2.3 Low2024-03-12
CVE-2024-28239 URL Redirection to Untrusted Site in OAuth2/OpenID in directus — directusCWE-601 5.4 Medium2024-03-12
CVE-2024-27296 Directus version number disclosure — directusCWE-200 5.3 Medium2024-03-01
CVE-2024-27295 Directus MySQL accent insensitive email matching — directusCWE-706 8.2 High2024-03-01
CVE-2023-45820 Directus crashes on invalid WebSocket message — directusCWE-755 5.9 Medium2023-10-19
CVE-2023-38503 Directus has Incorrect Permission Checking for GraphQL Subscriptions — directusCWE-200 5.7 Medium2023-07-25
CVE-2023-28443 directus vulnerable to Insertion of Sensitive Information into Log File — directusCWE-532 4.2 Medium2023-03-23
CVE-2023-27481 Extract password hashes through export querying in directus — directusCWE-200 4.3 Medium2023-03-07
CVE-2023-27474 HTML Injection in Password Reset email to custom Reset URL in directus — directusCWE-79 8.0 High2023-03-06
CVE-2023-26492 Directus vulnerable to Server-Side Request Forgery On File Import — directusCWE-918 5.0 Medium2023-03-03
CVE-2022-36031 Unhandled exception on illegal filename_disk value — directusCWE-755 6.5 Medium2022-08-19
CVE-2022-23080 directus - SSRF which leads to internal port scan — directusCWE-918 5.0 -2022-06-22
CVE-2022-24814 Cross-site Scripting in Directus — directusCWE-79 8.8 High2022-04-04
CVE-2022-22117 Directus - Stored Cross-Site Scripting (XSS) in Profile Avatar Image — directusCWE-79 5.4 Medium2022-01-10
CVE-2022-22116 Directus - Stored Cross-Site Scripting (XSS) via SVG File Upload — directusCWE-79 5.4 Medium2022-01-10

This page lists every published CVE security advisory associated with directus. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.