Browse all 57 CVE security advisories affecting directus. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Directus functions as an open-source data platform, enabling developers to build custom APIs and manage content via a flexible headless CMS architecture. Its extensive feature set, including real-time data synchronization and role-based access control, makes it a popular choice for enterprise applications requiring rapid backend deployment. However, this complexity has historically introduced significant security risks, with 57 Common Vulnerabilities and Exposures (CVEs) currently recorded. These incidents predominantly involve remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from improper input validation or misconfigured authentication mechanisms. While the project maintains an active security response team, the high volume of past vulnerabilities highlights the challenges inherent in maintaining a rapidly evolving codebase. Users must prioritize regular patching and strict configuration audits to mitigate exposure to these known exploitation vectors.
CVE-2023-399432026-04-10GHSA-vv2v-pw69-8crf2025-11-14Showing up to 20 recent security advisories. View all →
This page lists every published CVE security advisory associated with directus. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.