-
-
Notifications
You must be signed in to change notification settings - Fork 4k
Security: directus/directus
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Unauthenticated access to WebSocket events and operationsGHSA-849r-qrwj-8rv4 published
Dec 9, 2024 by br41nslugHigh -
Session is cached for OpenID and OAuth2 if `redirect` is not usedGHSA-cff8-x7jv-4fm8 published
Sep 10, 2024 by br41nslugHigh -
Access token from query string is inserted into logsGHSA-vw58-ph65-6rxp published
Oct 8, 2024 by br41nslugModerate -
Insecure object reference via PATH presetsGHSA-3fff-gqw3-vj86 published
Aug 27, 2024 by br41nslugModerate -
SSRF Loopback IP filter bypassGHSA-68g8-c275-xf2m published
Sep 18, 2024 by br41nslugModerate -
SSO User EnumerationGHSA-jgf4-vwc3-r46v published
Jul 8, 2024 by br41nslugHigh -
Soft-lock Directus by providing a string value to random string utilGHSA-632p-p495-25m5 published
Jun 3, 2024 by br41nslugHigh -
Session Tokens InvalidationGHSA-g65h-35f3-x2w3 published
May 13, 2024 by rijkvanzantenModerate -
GraphQL Field Duplication Denial of Service (DoS)GHSA-7hmh-pfrp-vcx4 published
Jul 8, 2024 by br41nslugModerate -
Redacted data extraction on the API through "alias"GHSA-p8v3-m643-4xqx published
May 13, 2024 by rijkvanzantenModerate