3 matches found
EUVD-2025-0183
Malicious code in bioql PyPI...
CVE-2025-53886 Directus doesn't redact tokens in Flow logs
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows with the WebHook trigger all incoming request details are logged including security sensitive data like access and refresh tokens in...
GHSA-PMF4-V838-29HG Directus allows privilege escalation using Share feature
Summary When sharing an item, user can specify an arbitrary role. It allows user to use a higher-privileged role to see fields that otherwise the user should not be able to see. Details Specifying role on share should be available only for admins. The current flow has a security flaw. Each other...