cbcvebase.

Monospace Directus vulnerabilities

54 known vulnerabilities affecting monospace/directus.

Total CVEs
54
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH11MEDIUM40LOW1

Vulnerabilities

Page 2 of 3
CVE-2026-35410P3MEDIUMCVSS 6.1fixed in 11.16.12026-04-06
CVE-2026-35410 [MEDIUM] CWE-184 CVE-2026-35410: Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, a Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, an open redirect vulnerability exists in the login redirection logic. The isLoginRedirectAllowed function fails to correctly identify certain malformed URLs as external, allowing attackers to bypass redirect allow-list validation and redirect users to
nvd
CVE-2023-45820P4MEDIUMCVSS 6.5≥ 10.4.0, < 10.6.22023-10-19
CVE-2023-45820 [MEDIUM] CWE-755 CVE-2023-45820: Directus is a real-time API and App dashboard for managing SQL database content. In affected version Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus. This issue has been addressed in version 10.6.2. Users are advised to
nvd
CVE-2026-22032P4MEDIUMCVSS 6.1fixed in 11.14.02026-01-08
CVE-2026-22032 [MEDIUM] CWE-601 CVE-2026-22032: Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11 Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.14.0, an open redirect vulnerability exists in the Directus SAML authentication callback endpoint. During SAML authentication, the `RelayState` parameter is intended to preserve the user's original destination. However, while the login initiation flo
nvd
CVE-2026-26185P4MEDIUMCVSS 5.3fixed in 11.15.02026-02-12
CVE-2026-26185 [MEDIUM] CWE-203 CVE-2026-26185: Directus is a real-time API and App dashboard for managing SQL database content. Before 11.14.1, a t Directus is a real-time API and App dashboard for managing SQL database content. Before 11.14.1, a timing-based user enumeration vulnerability exists in the password reset functionality. When an invalid reset_url parameter is provided, the response time differs by approximately 500ms between existing and non-existing users, enabling reliable user en
nvd
CVE-2026-35413P4MEDIUMCVSS 5.3fixed in 11.16.12026-04-06
CVE-2026-35413 [MEDIUM] CWE-200 CVE-2026-35413: Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, w Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, when GRAPHQL_INTROSPECTION=false is configured, Directus correctly blocks standard GraphQL introspection queries (__schema, __type). However, the server_specs_graphql resolver on the /graphql/system endpoint returns an equivalent SDL representation of
nvd
CVE-2022-36031P4MEDIUMCVSS 6.5fixed in 9.15.02022-08-19
CVE-2022-36031 [MEDIUM] CWE-755 CVE-2022-36031: Directus is a free and open-source data platform for headless content management. The Directus proce Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the `filename_disk` value to a folder and accessing that file through the `/assets` endpoint. This vulnerability has been patched and release v9.15.0 contains the fix. Users are advised to upgrade.
nvd
CVE-2025-53887P4MEDIUMCVSS 5.3≥ 9.0.0, < 11.9.02025-07-15
CVE-2025-53887 [MEDIUM] CWE-200 CVE-2025-53887: Directus is a real-time API and App dashboard for managing SQL database content. Starting in version Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, the exact Directus version number is incorrectly being used as OpenAPI Spec version this means that it is being exposed by the `/server/specs/oas` endpoint without authentication. With the exact version information
nvd
CVE-2024-34709P4MEDIUMCVSS 5.4fixed in 10.11.02024-05-14
CVE-2024-34709 [MEDIUM] CWE-613 CVE-2024-34709: Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.0, s Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.0, session tokens function like the other JWT tokens where they are not actually invalidated when logging out. The `directus_session` gets destroyed and the cookie gets deleted but if the cookie value is captured, it will still work for the entire expiry
nvd
CVE-2024-27296P4MEDIUMCVSS 5.3fixed in 10.8.32024-03-01
CVE-2024-27296 [MEDIUM] CWE-200 CVE-2024-27296: Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 10 Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 10.8.3, the exact Directus version number was being shipped in compiled JS bundles which are accessible without authentication. With this information a malicious attacker can trivially look for known vulnerabilities in Directus core or any of its shippe
nvd
CVE-2020-19850P4MEDIUMCVSS 6.5v2.2.02023-04-04
CVE-2020-19850 [MEDIUM] CWE-400 CVE-2020-19850: An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a g An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a great amount of HTTP requests.
nvd
CVE-2024-6533P4MEDIUMCVSS 5.4v10.13.02024-08-15
CVE-2024-6533 [MEDIUM] CWE-79 CVE-2024-6533: Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the c Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with CVE-2024-6534, it could result in account takeover.
nvd
CVE-2025-30350P4MEDIUMCVSS 5.3≥ 9.22.0, < 11.5.02025-03-26
CVE-2025-30350 [MEDIUM] CWE-770 CVE-2025-30350: Directus is a real-time API and App dashboard for managing SQL database content. The `@directus/stor Directus is a real-time API and App dashboard for managing SQL database content. The `@directus/storage-driver-s3` package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a burst of HEAD requests. Some tools use Directus to s
nvd
CVE-2025-30225P4MEDIUMCVSS 5.3≥ 9.22.0, < 11.5.02025-03-26
CVE-2025-30225 [MEDIUM] CWE-770 CVE-2025-30225: Directus is a real-time API and App dashboard for managing SQL database content. The `@directus/stor Directus is a real-time API and App dashboard for managing SQL database content. The `@directus/storage-driver-s3` package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a burst of malformed transformations. When making many
nvd
CVE-2025-30352P4MEDIUMCVSS 5.3≥ 9.0.1, < 11.5.0v9.0.02025-03-26
CVE-2025-30352 [MEDIUM] CWE-200 CVE-2025-30352: Directus is a real-time API and App dashboard for managing SQL database content. Starting in version Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0-alpha.4 and prior to version 11.5.0, the `search` query parameter allows users with access to a collection to filter items based on fields they do not have permission to view. This allows the enumeration of unknown field contents. The searchabl
nvd
CVE-2025-64746P4MEDIUMCVSS 5.4fixed in 11.13.02025-11-13
CVE-2025-64746 [MEDIUM] CWE-284 CVE-2025-64746: Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11 Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.13.0, Directus does not properly clean up field-level permissions when a field is deleted. When a field is removed from a collection, its reference in the permissions table remains intact. This stale reference creates a security gap: if another field
nvd
CVE-2024-46990P4MEDIUMCVSS 5.0fixed in 10.13.3≥ 11.0.0, < 11.1.02024-09-18
CVE-2024-46990 [MEDIUM] CWE-284 CVE-2024-46990: Directus is a real-time API and App dashboard for managing SQL database content. When relying on blo Directus is a real-time API and App dashboard for managing SQL database content. When relying on blocking access to localhost using the default `0.0.0.0` filter a user may bypass this block by using other registered loopback devices (like `127.0.0.2` - `127.127.127.127`). This issue has been addressed in release versions 10.13.3 and 11.1.0. Users ar
nvd
CVE-2025-64747P4MEDIUMCVSS 5.5fixed in 11.13.02025-11-13
CVE-2025-64747 [MEDIUM] CWE-20 CVE-2025-64747: Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 11.13.0 that allows users with `upload files` and `edit item` permissions to inject malicious JavaScript through the Block Editor interface. Attackers can bypass Content Security Policy (CSP) r
nvd
CVE-2024-39896P4MEDIUMCVSS 5.3fixed in 10.13.02024-07-08
CVE-2024-39896 [MEDIUM] CWE-200 CVE-2024-39896: Directus is a real-time API and App dashboard for managing SQL database content. When relying on SSO Directus is a real-time API and App dashboard for managing SQL database content. When relying on SSO providers in combination with local authentication it can be possible to enumerate existing SSO users in the instance. This is possible because if an email address exists in Directus and belongs to a known SSO provider then it will throw a "helpful"
nvd
CVE-2024-39699P4MEDIUMCVSS 5.0fixed in 10.9.32024-07-08
CVE-2024-39699 [MEDIUM] CWE-918 CVE-2024-39699: Directus is a real-time API and App dashboard for managing SQL database content. There was already a Directus is a real-time API and App dashboard for managing SQL database content. There was already a reported SSRF vulnerability via file import. It was fixed by resolving all DNS names and checking if the requested IP is an internal IP address. However it is possible to bypass this security measure and execute a SSRF using redirects. Directus allow
nvd
CVE-2024-34708P4MEDIUMCVSS 4.9fixed in 10.11.02024-05-14
CVE-2024-34708 [MEDIUM] CWE-200 CVE-2024-34708: Directus is a real-time API and App dashboard for managing SQL database content. A user with permiss Directus is a real-time API and App dashboard for managing SQL database content. A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the `alias` functionality on the API. Normally, these redacted fields will return `**********` however if we change the request to `?alias[workaround]=
nvd
Monospace Directus vulnerabilities | cvebase