@directus/api vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-26185Mediumdirectus: Directus Vulnerable to User Enumeration via Password Reset Timing AttackCVE-2026-22032Mediumdirectus: Directus has open redirect in SAMLCVE-2025-64749Mediumdirectus: Directus Vulnerable to Information Leakage in Existing CollectionsCVE-2025-64748Mediumdirectus: Directus's conceal fields are searchable if read permissions enabledCVE-2025-55746Criticaldirectus: Directus allows unauthenticated file upload and file modification due to lacking input sanitizationCVE-2024-47822Medium@directus/api: Directus inserts access token from query string into logsCVE-2025-30351Lowdirectus: Suspended Directus user can continue to use session token to access APICVE-2025-27089Mediumdirectus: Directus allows updates to non-allowed fields due to overlapping policiesCVE-2024-54151Highdirectus: Directus allows unauthenticated access to WebSocket events and operationsCVE-2024-46990Mediumdirectus: Directus vulnerable to SSRF Loopback IP filter bypassCVE-2024-45596Highdirectus: Session is cached for OpenID and OAuth2 if `redirect` is not usedCVE-2024-39699Medium@directus/api: Directus Blind SSRF On File Import

Stop the waste.
Protect your environment with Kodem.