PT-2026-31649

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records in directus revisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline,...

EUVD-2023-2748

Malicious code in bioql PyPI...

EUVD-2025-25355

Malicious code in bioql PyPI...

CVE-2025-53885 Directus doesn't redact sensitive user data when logging via event hooks

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows to handle CRUD events for users it is possible to log the incoming data to console using the "Log to Console" operation and a template...

PT-2025-29526 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions 9.0.0 through 11.8.9 Description: Directus is a real-time API and App dashboard for managing SQL database content. When using Directus Flows to handle CRUD events for users, the "Log to Console" operation with a template...

CVE-2024-46990

Summary: CVE-2024-46990 affects Directus where blocking localhost via the default 0.0.0.0 filter can be bypassed using other loopback addresses (e.g., 127.0.0.2–127.127.127.127). Vulnerability details (supported by connected docs): Directus real-time API and app dashboard fails to restrict access...

CVE-2023-45820 Directus crashes on invalid WebSocket message

Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus. This issue has...

Directus 安全漏洞

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A security vulnerability exists in Directus, which can be exploited by an attacker to abort the Directus process...