18 matches found
@altipla/directus-sdk-utils (=0.7.2), @depup/directus (=11.16.1-depup.0) +6 more potentially affected by CVE-2026-35441 via directus (>=10.10.0 <=11.16.1)
directus NPM version =10.10.0, =15.0.0, =1.2.2, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 Source cves: CVE-2026-35441 Source advisory: OSV:GHSA-PH52-67FQ-75WJ...
@altipla/directus-sdk-utils (=0.7.2), @devix-tecnologia/utils-ts (=1.0.0) +5 more potentially affected by CVE-2026-35409 via directus (>=10.10.0 <=11.15.4)
directus NPM version =10.10.0, =15.0.0, =1.2.2, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 Source cves: CVE-2026-35409 Source advisory: OSV:GHSA-WV3H-5FX7-966H...
@altipla/directus-sdk-utils (=0.7.2), @devix-tecnologia/utils-ts (=1.0.0) +5 more potentially affected by CVE-2026-35410 via directus (>=10.10.0 <=11.16.0)
directus NPM version =10.10.0, =15.0.0, =1.2.2, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 Source cves: CVE-2026-35410 Source advisory: OSV:GHSA-CF45-HXWJ-4CFJ...
@devix-tecnologia/utils-ts (=1.0.0), @directus/api (>=15.0.0 <=32.2.0) +3 more potentially affected by CVE-2026-26185 via directus (>=10.10.0 <=11.14.0)
directus NPM version =10.10.0, =15.0.0, =1.2.2, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 Source cves: CVE-2026-26185 Source advisory: OSV:GHSA-JR94-GJ3H-C8RF...
@directus/api (>=15.0.0 <=32.1.1), @linotype/directus-extension-linotype (>=1.2.2 <=1.3.5) +2 more potentially affected by CVE-2026-22032 via directus (>=10.10.0 <=11.13.4)
directus NPM version =10.10.0, =15.0.0, =1.2.2, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 Source cves: CVE-2026-22032 Source advisory: OSV:GHSA-3573-4C68-G8CC...
@directus/api (>=15.0.0 <=31.0.0), @linotype/directus-extension-linotype (>=1.2.2 <=1.3.5) +2 more potentially affected by CVE-2025-64746 via directus (>=10.10.0 <=11.12.0)
directus NPM version =10.10.0, =15.0.0, =1.2.2, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 Source cves: CVE-2025-64746 Source advisory: OSV:GHSA-9X5G-62GJ-WQF2...
@directus/api (>=15.0.0 <=31.0.0), @linotype/directus-extension-linotype (>=1.2.2 <=1.3.5) +2 more potentially affected by CVE-2025-64748 via directus (>=10.10.0 <=11.12.0)
directus NPM version =10.10.0, =15.0.0, =1.2.2, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 Source cves: CVE-2025-64748 Source advisory: OSV:GHSA-8JPW-GPR4-8CMH...
EUVD-2022-5940
Malicious code in bioql PyPI...
@skuhnow/directus (>=9.8.0 <=9.14.4) potentially affected by CVE-2025-54369 via node-saml (=4.0.0-beta.2)
node-saml NPM version =4.0.0-beta.2 is affected by a known vulnerability. The following packages have a transitive dependency on node-saml and may be impacted: - @skuhnow/directus =9.8.0, =9.14.4 Source cves: CVE-2025-54369 Source advisory: SNYK:JS-NODESAML-10946571...
@altipla/directus-sdk-utils (=0.7.2), @bicou/directus-extension-imagga (>=1.6.3 <=1.6.6) +9 more potentially affected by CVE-2025-53887 via directus (>=10.10.0 <=11.8.0)
directus NPM version =10.10.0, =1.6.3, =11.16.1-depup.0, =15.0.0, =1.2.2, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 - lease-directus-template =0.0.0 Source cves: CVE-2025-53887 Source advisory: OSV:GHSA-RMJH-CF9Q-PV7Q...
@altipla/directus-sdk-utils (=0.7.2), @bicou/directus-extension-imagga (>=1.6.3 <=1.6.6) +9 more potentially affected by CVE-2025-53886 via directus (>=10.10.0 <=11.8.0)
directus NPM version =10.10.0, =1.6.3, =11.16.1-depup.0, =15.0.0, =1.2.2, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 - lease-directus-template =0.0.0 Source cves: CVE-2025-53886 Source advisory: OSV:GHSA-F24X-RM6G-3W5V...
CVE-2025-53885 Directus doesn't redact sensitive user data when logging via event hooks
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows to handle CRUD events for users it is possible to log the incoming data to console using the "Log to Console" operation and a template...
PT-2025-29529 · Directus · Directus
Name of the Vulnerable Software and Affected Versions: Directus versions 9.12.0 through 11.8.9 Description: Directus is a real-time API and App dashboard for managing SQL database content. Flows with a manual trigger do not validate whether the user triggering the Flow has permissions to the item...
@altipla/directus-sdk-utils (=0.7.2), @depup/directus (>=11.16.1-depup.0 <=11.17.2-depup.0) +8 more potentially affected by unknown CVE via directus (>=10.10.0 <=11.3.2)
directus NPM version =10.10.0, =11.16.1-depup.0, =15.0.0, =1.2.2, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 - lease-directus-template =0.0.0 Source cves: unknown CVE Source advisory: OSV:GHSA-9QRM-48QF-R2RW...
@altipla/directus-sdk-utils (=0.7.2), @depup/directus (>=11.16.1-depup.0 <=11.17.2-depup.0) +8 more potentially affected by CVE-2025-24353 via directus (>=10.10.0 <=11.1.2)
directus NPM version =10.10.0, =11.16.1-depup.0, =15.0.0, =1.2.2, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 - lease-directus-template =0.0.0 Source cves: CVE-2025-24353 Source advisory: OSV:GHSA-PMF4-V838-29HG...
@directus/api (>=18.0.0 <=21.0.1) potentially affected by CVE-2024-46990 via directus (>=10.10.0 <=10.13.2)
directus NPM version =10.10.0, =18.0.0, =21.0.1 Source cves: CVE-2024-46990 Source advisory: OSV:GHSA-68G8-C275-XF2M...
PT-2024-26913 · Directus · Directus
Name of the Vulnerable Software and Affected Versions: Directus versions prior to 10.11.2 Description: Directus is a real-time API and App dashboard for managing SQL database content. Providing a non-numeric length value to the random string generation utility will create a memory issue, breaking...
@skuhnow/directus (>=9.8.0 <=9.14.4) potentially affected by CVE-2022-39300 via node-saml (=4.0.0-beta.2)
node-saml NPM version =4.0.0-beta.2 is affected by a known vulnerability. The following packages have a transitive dependency on node-saml and may be impacted: - @skuhnow/directus =9.8.0, =9.14.4 Source cves: CVE-2022-39300 Source advisory: OSV:GHSA-5P8W-2MVW-38PV...