VulnerableCode Package Details - pkg:npm/directus@10.6.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/directus@10.6.0

Essentials
History (1)

purl	pkg:npm/directus@10.6.0

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-hrqc-8err-4fbx	Directus affected by VM2 sandbox escape vulnerability ### Impact In vm2 for versions up to 3.9.19, Promise handler sanitization can be bypassed, allowing attackers to escape the sandbox and run arbitrary code. Within Directus this applies to the "Run Script" operation in flows being able to escape the sandbox running code in the main nodejs context. ### Patches Patched in v10.6.0 by replacing `vm2` with `isolated-vm` ### Workarounds None ### References https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5	GHSA-22rr-f3p8-5gf8 GMS-2023-2358

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-30T21:01:55.850639+00:00	GitLab Importer	Fixing	VCID-hrqc-8err-4fbx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/directus/GMS-2023-2358.yml	38.6.0