VulnerableCode Package Details - pkg:npm/%40directus/api@32.2.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/%40directus/api@32.2.0

Essentials
History (3)

purl	pkg:npm/%40directus/api@32.2.0

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-rdpb-7dcd-fyby	Directus is a real-time API and App dashboard for managing SQL database content. Before 11.14.1, a timing-based user enumeration vulnerability exists in the password reset functionality. When an invalid reset_url parameter is provided, the response time differs by approximately 500ms between existing and non-existing users, enabling reliable user enumeration. This vulnerability is fixed in 11.14.1.	CVE-2026-26185 GHSA-jr94-gj3h-c8rf

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T15:50:24.073104+00:00	GitLab Importer	Fixing	VCID-rdpb-7dcd-fyby	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@directus/api/CVE-2026-26185.yml	38.6.0
2026-06-12T07:48:14.066276+00:00	GithubOSV Importer	Fixing	VCID-rdpb-7dcd-fyby	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/02/GHSA-jr94-gj3h-c8rf/GHSA-jr94-gj3h-c8rf.json	38.6.0
2026-06-11T20:37:57.144524+00:00	GHSA Importer	Fixing	VCID-rdpb-7dcd-fyby	https://github.com/advisories/GHSA-jr94-gj3h-c8rf	38.6.0