directus
npm53 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting directuspage 2 of 2
- CVE-2026-35442HIGHCVSS 8.1EG 8.1✓ Fixed in 11.17.02026-04-06
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, aggregate functions (min, max) applied to fields with the conceal special type incorrectly return raw database values instead of the masked …
- CVE-2026-39942HIGHCVSS 8.5EG 8.5✓ Fixed in 11.17.02026-04-09
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/{id} endpoint accepts a user-controlled filename_disk parameter. By setting this value to match the storage path of another…
- CVE-2026-39943MEDIUMCVSS 6.5EG 6.5✓ Fixed in 11.17.02026-04-09
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records (in directus_revisions) whenever items are created or updated. Due to the revision snapshot code not consis…
Check whether directus is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for directus CVEs against the assets you own.
Start Free Scan →