VYPR

npm package

@directus/app

pkg:npm/%40directus/app

Vulnerabilities (2)

  • CVE-2025-24353Jan 23, 2025
    affected < 13.3.1fixed 13.3.1

    Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.2.0, when sharing an item, a typical user can specify an arbitrary role. It allows the user to use a higher-privileged role to see fields that otherwise the user should not be abl

  • CVE-2024-54128Dec 5, 2024
    affected >= 11.0.0, < 13.3.1fixed 13.3.1

    Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the