Monospace Directus

54 CVEs affecting Monospace Directus. Latest disclosed: 2026-04-09. Critical: 2, High: 11.

Top CVEs affecting Monospace Directus
CVESeverityScorePublishedSummary
CVE-2022-26969Critical9.82022-12-26In Directus before 9.7.0, the default settings of CORS_ORIGIN and CORS_ENABLED are true.
CVE-2025-55746Critical9.32025-08-20Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechan…
CVE-2026-35408High8.72026-04-06Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus's Single Sign-On (SSO) login pages lacked a Cross-O…
CVE-2025-30353High8.62025-03-26Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.5.0, when a Flow with the "…
CVE-2026-39942High8.52026-04-09Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/{id} endpoint accepts a user-controlled fil…
CVE-2024-27295High8.22024-03-01Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to recei…
CVE-2026-35442High8.12026-04-06Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, aggregate functions (min, max) applied to fields with the co…
CVE-2026-35409High7.72026-04-06Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.0, a Server-Side Request Forgery (SSRF) protection bypass has b…
CVE-2024-54151High7.52024-12-09Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting `WEBSOCKE…
CVE-2024-39896High7.52024-07-08Directus is a real-time API and App dashboard for managing SQL database content. When relying on SSO providers in combination with local authentication it can…
CVE-2024-36128High7.52024-06-03Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.2, providing a non-numeric length value to the random string ge…
CVE-2024-45596High7.42024-09-10Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via…
CVE-2026-35412High7.12026-04-06Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus' TUS resumable upload endpoint (/files/tus) allows…
CVE-2026-39943Medium6.52026-04-09Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records (in directus_revisions) whe…
CVE-2026-35441Medium6.52026-04-06Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus' GraphQL endpoints (/graphql and /graphql/system) d…
CVE-2025-64748Medium6.52025-11-13Directus is a real-time API and App dashboard for managing SQL database content. A vulnerability in versions prior to 11.13.0 allows authenticated users to sea…
CVE-2025-53889Medium6.52025-07-15Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0, Directus Flows with a…
CVE-2024-39895Medium6.52024-07-08Directus is a real-time API and App dashboard for managing SQL database content. A denial of service (DoS) attack by field duplication in GraphQL is a type of…
CVE-2020-19850Medium6.52023-04-04An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a great amount of HTTP requests.
CVE-2022-36031Medium6.52022-08-19Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the `…