Directus Security Vulnerabilities and Issues — Directus CVE List

Lucene search

MonospaceDirectus

3 matches found

CVE•added 2025/03/26 6:15 p.m.•80 views

CVE-2025-30353

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.5.0, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the API...

8.6CVSS7.6AI score0.00057EPSS

CVE•added 2025/03/26 6:15 p.m.•78 views

CVE-2025-30351

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.10.0 and prior to version 11.5.0, a suspended user can use the token generated in session auth mode to access the API despite their status. This happens because there is a check missing in verify...

4.3CVSS7.7AI score0.00067EPSS

CVE•added 2025/03/26 6:15 p.m.•74 views

CVE-2025-30352

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0-alpha.4 and prior to version 11.5.0, the search query parameter allows users with access to a collection to filter items based on fields they do not have permission to view. This allows the en...

5.3CVSS7.7AI score0.0004EPSS