Live data from GitHub and npm, updated daily.
Data last fetched: 2026-06-29
10 active CVEs reported via OSV.dev
Directus affected by VM2 sandbox escape vulnerability
Session Token in URL in directus
Directus has open redirect in SAML
Directus: Authenticated Users Can Extract Concealed Fields via Aggregate Queries
Directus: Path Traversal and Broken Access Control in File Management API
Directus has an insecure object reference via PATH presets
Directus API vulnerable to denial of service
directus vulnerable to HTML Injection in Password Reset email to custom Reset URL
Suspended Directus user can continue to use session token to access API
Server-Side Request Forgery in Directus
Other CMS projects in the Node.js ecosystem worth evaluating.
Get SLA-backed support, security patches, and direct access to senior engineers for Directus — without relying on volunteer maintainers.